• Mon
  • Dec 22, 2014
  • Updated: 1:44pm
NewsHong Kong

HKUST probes US firm's claims of hacking

School's network may have been hacked even before the attacks were launched, experts say

PUBLISHED : Friday, 22 February, 2013, 12:00am
UPDATED : Friday, 22 February, 2013, 5:44am

The University of Science and Technology has expressed "serious concerns" about a US company's claims that it is a source of cyberattacks against the United States and launched an investigation into the matter.

HKUST was named in a report this week by American internet security firm Mandiant, which claimed that a Chinese military cyberspy unit was targeting the US and other foreign companies with cyberattacks in which the school's network was involved.

Beijing has denied its army is involved in any cyberattacks.

The report said some of the attacks came from a group of IP addresses owned by the university.

In a brief statement yesterday, HKUST said: "The university has opposed any hijacking activities and is very concerned that its network has been attacked and used by hackers.

The university has opposed any hijacking activities and is very concerned that its network has been attacked and used by hackers

"A report has been lodged with the police while a [school] investigation has been launched. We are serious about network safety."

A police spokesman said officers at the force's Cyber Security Centre met the university's officials to discuss the claims.

HKUST is known for its business programmes and is popular with mainland Chinese students.

Security experts whom the South China Morning Post spoke to said it was difficult to quickly determine how the university's network became involved in the series of cyberattacks, as it could have been hacked before outbound attacks were launched by people who might or might not have been related to the school.

Hong Kong-based independent security consultant Young Sang said it was difficult at the moment to determine the exact source of the cyberattacks even though the university's IP addresses had been used.

Further investigation was needed to find out how the school's network was picked as a platform for outbound attacks, he said.

Young said HKUST must plug loopholes immediately to avoid any further network intrusion.

Meanwhile, the Chinese state media stepped up its war of words with the US over the hacking claims.

A strongly worded commentary by official news agency Xinhua branded the accusations in the Mandiant report as a "commercial stunt" and accused Washington of ulterior motives.

"[The Mandiant report] reeks of a commercial stunt," it said. "Next time, the firm's chief executive can simply say, 'See the Chinese hackers? Hurry up, come and buy our cybersecurity services'."

Xinhua reported the US had "matchless superiority and ability to stage cyberattacks across the globe" and that the American military had "established a significant cyberforce, including the 780th Military Intelligence Brigade, which is a regular military unit tasked with carrying out cyber missions".

It said Washington had a "habit of accusing other nations based on phoney evidence".



For unlimited access to:

SCMP.com SCMP Tablet Edition SCMP Mobile Edition 10-year news archive



This article is now closed to comments

I am very pleased that China refute Mandian unfounded allegations. China needs to train people to know how to refute Western media or companies ill-founded accusation. I am always very busy. I do what I can do to help but I am not paid by or to work for China.
The thing I care about is if the purpose of the United States to use the Chinese hackers incentives for countries to fight against China under the pretext of the real purpose is to contain China by disputes between China and Japan Diaoyus Island. Mandian’s claim is based on speculation, not based on the facts or evidences. And U.S. intelligence agencies only claimed that many attacks came from Shanghai, China, but did not provide any evidence affiliating with Chinese military. Yes, China is the only country able to stabilize the Asian continent and to prevent history from repeating itself.
Shanghai is financial center of China. Almost every country has commercial offices in Shanghai. Any country can start the cyber attack routing through Shanghai and look like its from Shanghai, even US can fake a Chinese attack.
Only with the cooperation of China can one nab the perpetrators of these attacks. Otherwise, its all speculation and rumor mongering. Sounds like Mandian or some companies are exploiting the media feeding frenzy for publicity gains. Again, we would never know until the technical evidence and details were presented to proper Chinese authority for in-depth investigation.
Jennie PC Chiang/江佩珍 02/22/13 美國
mandiant, come on...exactly just want are you trying to achieve here.
can you pls tell the world that your country....can you swear under oath that your country do not hack other countries ??
every nation ....irregardless big or small countries does it.
stop creating unnecessary known issues to promote your company profile
there are more importanty issues to deal with like ex. debt ..
Dear jenniepc, China is already training people in how to censored, controll and cancel internet blogs, opinions and articles that are not online with the Party line. If you miss something, please refresh your memory: Youtube is blocked, Google pulled out of the country after breaching of his email system, done to search emails of people that are not agreeing with her policies (we are talking about Chinese citizens), Wordpress is blocked, The New York Times it is blocked since the report about the huge fortune accumulated by Wen Jiabao family... shall I continue? If you for "stabilize" Asia mean "controlling" the Asian Continent, be at rest: China is doing her best. Do you really think that China will cooperate in nabbing the perpetretors of these attacks?? Please tell me: when and where in history the Controller ever denounced itself? By the way, if you spend some time reading the Mandiant report maybe you will found some evidence, not only unfounded allegations. Saying that: people see and understand what they "want" to see and understand. Happy day, and keep open your VPN when in mainland.
I disagree, but since I live in China I wont say more


SCMP.com Account