bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

paywallTypes

createdDate

publishedDate

urlAlias

moreOnThisArticles

sponsorType

commentCount

authorLocations

authors

corrections

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

articleSpeeches

socialHeadline

headline

images

flag

firstTopic

glossary

flattenTypeIds

image

relatedLinks

relatedNewsletters

__typename

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

Stephen Chen

As the global fallout from a massive cyberattack ebbed on Tuesday, it emerged that universities bore the brunt of the assault in China – even as Chinese authorities contested the extent of the damage.
More than 4,300 Chinese educational institutions were infected by the WannaCry ransomware that spread across the globe last Friday, according to Chinese cybersecurity giant Qihoo 360’s Threat Intelligence Centre. Almost 30,000 organisations across the country were affected in all.
But the Ministry of Education’s China Education and Research Network (Cernet) said just 66 out of 1,600 Chinese universities were affected, rejecting reports of widespread damage in higher-education computer systems as “malicious” hype.
Tens of thousands of Chinese firms, institutes affected in WannaCry global cyberattack
Cernet said the 66 universities were affected mainly because their operating systems were not regularly upgraded rather than any major security shortcomings.
It dismissed Qihoo 360’s claims as “inaccurate statements that have seriously misled public opinion, caused panic among teachers and students, and affected the normal order of instruction and life”.
Beijing University and Tsinghua University, China’s two top institutions located in Beijing, issued statements saying prompt security action had prevented a “large-scale” infection on their campuses. They gave no further details.
Students in campuses affected by the ransomware, however, told of their horror finding their experiment data encrypted and half-completed theses files lost, which could affect their graduation, according to Chinese media reports.

Despite Cernet’s refutations, international cybersecurity experts said Chinese universities had proven particularly vulnerable in the WannaCry attack, warning that such weaknesses could “leave the door wide open to enemies” in future cyberwarfare.
One key reason these educational institutions were so badly hit was because the latest safety patches had not been installed to protect their networks.
Tang Wei, a Beijing-based senior engineer with Chinese cybersecurity firm Rising, said the cyberattack exposed several security soft spots in China’s network infrastructure.
The WannaCry virus takes hold of computers by exploiting a known weakness in the Microsoft Windows operating system to hold sensitive data “hostage” with encryption. To break the code, the world’s most powerful supercomputers would have to run non-stop for thousands of years.
As a result, once infected, the only practical way to recover one’s encrypted data would be to obtain a decryption key by paying the hacker a ransom.
Is your PC up to date? Home computers exposed as global cyberattack threat builds
The international cybersecurity industry had raised the alert about WannaCry more than two months ago and many companies, including Microsoft, had come up with solutions including security patches and system upgrades.
As the virus accesses computers through port 445 – a communication protocol for file-sharing among devices such as printers – shutting down the port can protect computers on a network from the cyberattack.
This measure was implemented by all backbone network operators across China except Cernet, according to several Chinese cybersecurity firms. Cernet connects a large number of campus networks at various security levels, some of them quite low due to poor management control.
Cernet itself admitted in a statement late on Monday that it did not shut down port 445, which resulted in the rapid spread of WannaCry across its networks. Port 445 was left open to facilitate academic activities that required file-sharing, it said.
But students also often used the port to play games or share illegal content such as pirated movies, according to Chinese media reports.
Global cyberattack shows why phone makers won’t create ‘back doors’ for US spy agencies
Another reason Chinese universities were so severely affected was also related to Cernet, according to a Chinese cybersecurity expert who declined to be named due to the sensitivity of the issue.
The core of the WannaCry malware is widely believed to have come from Eternal Blue, a leaked cyberweapon from the United States’ National Security Agency.
Information provided to South China Morning Post in 2013 by former NSA contractor Edward Snowden showed that the US agency had targeted Tsinghua University through extensive hacking activities.
Tsinghua is involved in many of China's defence-related projects. The institute’s professors are often consulted or directly involved in the decision-making process of many government policies. Its campus hosts a central server of Cernet.
The vulnerable Cernet network, which links top research institutes to large state-owned companies that might be using outdated operating systems,gave hackers easy access, the expert said.
“In the past, [such hacking] was done by the US government. But now anyone can use such weapons. Things can easily get out of control,” he said.


Southeast Asia follows Australia in tightening social media rules: safety or censorship?

UK sanctions Russian and Chinese firms, warns of cyber threats and hybrid warfare

Can Singapore’s cyber laws keep pace with speed of borderless online threats?

Federal communications agency may bar Chinese telecoms firms from US networks

Cybersecurity

Why China’s universities are so vulnerable to WannaCry global cyberattack

A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user. Photo: AP

epa05965970 A source code on a computer in Taipei, Taiwan, 13 May 2017 (issued 15 May 2017). According to news reports, Cyber security firm TREND Micro warned that there will be more victims of ransomware 'WannaCry' on Monday when government offices, financial institutions and schools open, and this cyber attack can possible target smartphones. TREND also identified two malwares - Snake and Proton - which can hit Apple's Macintosh users by stealing data, monitor PC operation and log keys strokes. EPA/RITCHIE B. TONGO

News

China

Politics

People & Culture