• Sun
  • Sep 21, 2014
  • Updated: 11:37pm
NewsHong Kong

HKUST probes US firm's claims of hacking

School's network may have been hacked even before the attacks were launched, experts say

PUBLISHED : Friday, 22 February, 2013, 12:00am
UPDATED : Friday, 22 February, 2013, 5:44am

The University of Science and Technology has expressed "serious concerns" about a US company's claims that it is a source of cyberattacks against the United States and launched an investigation into the matter.

HKUST was named in a report this week by American internet security firm Mandiant, which claimed that a Chinese military cyberspy unit was targeting the US and other foreign companies with cyberattacks in which the school's network was involved.

Beijing has denied its army is involved in any cyberattacks.

The report said some of the attacks came from a group of IP addresses owned by the university.

In a brief statement yesterday, HKUST said: "The university has opposed any hijacking activities and is very concerned that its network has been attacked and used by hackers.

The university has opposed any hijacking activities and is very concerned that its network has been attacked and used by hackers

"A report has been lodged with the police while a [school] investigation has been launched. We are serious about network safety."

A police spokesman said officers at the force's Cyber Security Centre met the university's officials to discuss the claims.

HKUST is known for its business programmes and is popular with mainland Chinese students.

Security experts whom the South China Morning Post spoke to said it was difficult to quickly determine how the university's network became involved in the series of cyberattacks, as it could have been hacked before outbound attacks were launched by people who might or might not have been related to the school.

Hong Kong-based independent security consultant Young Sang said it was difficult at the moment to determine the exact source of the cyberattacks even though the university's IP addresses had been used.

Further investigation was needed to find out how the school's network was picked as a platform for outbound attacks, he said.

Young said HKUST must plug loopholes immediately to avoid any further network intrusion.

Meanwhile, the Chinese state media stepped up its war of words with the US over the hacking claims.

A strongly worded commentary by official news agency Xinhua branded the accusations in the Mandiant report as a "commercial stunt" and accused Washington of ulterior motives.

"[The Mandiant report] reeks of a commercial stunt," it said. "Next time, the firm's chief executive can simply say, 'See the Chinese hackers? Hurry up, come and buy our cybersecurity services'."

Xinhua reported the US had "matchless superiority and ability to stage cyberattacks across the globe" and that the American military had "established a significant cyberforce, including the 780th Military Intelligence Brigade, which is a regular military unit tasked with carrying out cyber missions".

It said Washington had a "habit of accusing other nations based on phoney evidence".



For unlimited access to:

SCMP.com SCMP Tablet Edition SCMP Mobile Edition 10-year news archive



This article is now closed to comments

I am very pleased that China refute Mandian unfounded allegations. China needs to train people to know how to refute Western media or companies ill-founded accusation. I am always very busy. I do what I can do to help but I am not paid by or to work for China.
The thing I care about is if the purpose of the United States to use the Chinese hackers incentives for countries to fight against China under the pretext of the real purpose is to contain China by disputes between China and Japan Diaoyus Island. Mandian’s claim is based on speculation, not based on the facts or evidences. And U.S. intelligence agencies only claimed that many attacks came from Shanghai, China, but did not provide any evidence affiliating with Chinese military. Yes, China is the only country able to stabilize the Asian continent and to prevent history from repeating itself.
Shanghai is financial center of China. Almost every country has commercial offices in Shanghai. Any country can start the cyber attack routing through Shanghai and look like its from Shanghai, even US can fake a Chinese attack.
Only with the cooperation of China can one nab the perpetrators of these attacks. Otherwise, its all speculation and rumor mongering. Sounds like Mandian or some companies are exploiting the media feeding frenzy for publicity gains. Again, we would never know until the technical evidence and details were presented to proper Chinese authority for in-depth investigation.
Jennie PC Chiang/江佩珍 02/22/13 美國


SCMP.com Account