China slams US over alleged Trojan horse attack on university servers

Trojan virus attacks have stolen some 140 gigabytes of high-value data from networks across China in recent years
Joint university and Qihoo 360 task force concludes the source to be cyber spying arm of US National Security Agency

US-China relations

Cyril Ip

Published: 6:00am, 6 Sep 2022

Why you can trust SCMP

China has slammed alleged US hacking of its top state-funded university, urging Washington to “stop stealing [from] and attacking other countries” and help to maintain cybersecurity.

This comes after a joint investigation by the university and cyber sleuths concluded that Trojan attacks which saw nearly 140 gigabytes of high-value data stolen in recent years from networks across China had originated in the United States.

The Chinese foreign ministry condemned the alleged hacking, saying “China firmly opposes any form of cyberattacks”.

“Maintaining cybersecurity is the common responsibility of the international community, and we are willing to work with the international community [for] … a shared future in cyberspace,” spokeswoman Mao Ning said after the findings were made public on Monday.

Northwestern Polytechnical University is funded by the state. Photo: handout

The probe was launched after Northwestern Polytechnical University reported to police in April that traces of cyberattacks had been found in their system.

The university in China’s northwestern Shaanxi province is funded by the Ministry of Industry and Information Technology and frequently collaborates with the state on national security projects, including developing fighter jets.

The office of tailored operations (TAO), a cyber warfare intelligence-gathering unit of America’s National Security Agency (NSA), was cited as the source of the attacks in the detailed investigation report published by Northwestern’s computer virus emergency response centre on Monday.

US Senate bill would ban Chinese purchases of US farms over national security

The joint task force set up by the centre and state-owned internet security company Qihoo 360 first extracted samples of the Trojan horse virus in the university’s information systems and internet terminals.

They then identified the paths, sources, methods and technical characteristics of the attacks, with the support of some European and South Asian countries.

07:30

Why China is tightening control over cybersecurity

The report came as China’s national cybersecurity awareness week kicked off, with themed forums and exhibitions lined up to improve public knowledge of – and ability to protect – personal data.

The investigation also found that the TAO in recent years had stolen over 140GB of high-value data through malicious cyberattacks on Chinese networks that controlled “tens of thousands” of network devices, ranging from servers to firewalls.

The claims of the report are “unsurprising” given Washington’s past record, said Andy Mok, senior research fellow at the Centre for China and Globalisation, a private think tank in Beijing.

“It is widely believed that the United States is one of the most aggressive actors in the world of cyber warfare,” Mok said, adding that such revelations only helped to reinforce that image.

“As China achieves leadership in a growing number of technological fields and becomes an increasingly important player in global affairs, cybersecurity will only become more important for its government, businesses and individuals.”

Beijing wants cybersecurity reviews on foreign IPOs by tech firms

The US and China have a long history of mutual finger-pointing on the issue of cyberattacks.

The Biden administration, for instance, accused Beijing last year of hacking Microsoft email systems. But China has long claimed to be a victim rather than perpetrator of cyberattacks, recently labelling top rival America as “the empire of hacking”.

Monday’s report was only the latest accusation from Qihoo – itself under US sanctions over national security concerns – that the NSA was masterminding hack attacks against China.

A company report released in March said a hackers’ group known as APT-C-40 and affiliated with the US government had been attacking leading Chinese companies, governments, research institutes and infrastructure over the past decade.

A.B. Abrams, an expert on East Asian security at the University of London, said determining the source of intrusions was a difficult task, but China’s accusations were “in line with broader trends towards both greater use of offensive cyber warfare since the Obama years, and greater overall efforts to target China using assets across the spectrum of US capabilities”.

“Cyber warfare teams have in the past left traces to mislead investigators to attribute their attacks to other actors, most famously under the CIA’s ‘UMBRAGE’ project, which has added to difficulties,” Abrams said.

For this reason, experts differed on whether the 2014 cyberattacks on Sony Pictures were indeed orchestrated by North Korea, as alleged, he added.

02:44

US, Britain and EU accuse China of sponsoring massive Microsoft email server hack

“American cyber warfare efforts targeting Chinese universities would be far from unprecedented, with NSA whistle-blower Edward Snowden revealing in 2013 that the network backbones of the country’s top-ranked university Tsinghua was among several targets for American agencies,” said Abrams, whose most recent book is China and America’s Tech War from AI to 5G: The Struggle to Shape the Future of World Order.

“Chinese mobile phone companies were also hacked to access millions of private text messages, as were the headquarters of Pacnet which owned one of East Asia’s most extensive fibre-optic submarine cable networks.”

While the attacks could pose “a major threat to Chinese security” by disrupting civilian infrastructure and undermining even military programmes, Chinese retaliatory capabilities were “very considerable”, he noted.

127