Top China College Linked to Cyber-Spying Unit

Photographer | Collection | Getty Images

Faculty members at a top Chinese university have collaborated for years on technical research papers with a People's Liberation Army (PLA) unit accused of being at the heart of China's alleged cyber-war against Western commercial targets.

Several papers on computer network security and intrusion detection, easily accessed on the Internet, were co-authored by researchers at PLA Unit 61398, allegedly an operational unit actively engaged in cyber-espionage, and faculty at Shanghai Jiaotong University, a center of academic excellence with ties to some of the world's top universities and attended by the country's political and business elite.

The apparent working relationship between the PLA unit and Shanghai Jiaotong is in contrast to common practice in most developed nations, where university professors in recent decades have been reluctant to cooperate with operational intelligence gathering units.

The issue of cyber-security is testing ties between the world's two biggest economies, prompting U.S. President Barack Obama to raise concerns over computer hacking in a phone call with new Chinese President Xi Jinping. China denies it engages in state-sponsored hacking, saying it is a victim of cyber-attacks from the United States.

There is no evidence to suggest any Shanghai Jiaotong academics who co-authored papers with Unit 61398 worked with anyone directly engaged in cyber-espionage operations, as opposed to research.

"The issue is operational activity - whether these research institutions have been involved in actual intelligence operations," said James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies. "That's something the U.S. does not do."

"(In the U.S.) there's a clear line between an academic researcher and people engaged in operational (intelligence gathering) activities."

Co-Authors

In reviewing the links between the PLA and Shanghai Jiaotong - whose alumni include former President Jiang Zemin, the head of China's top automaker and the former CEO of its most popular Internal portal - Reuters found at least three papers on cyber- warfare on a document-sharing web site that were co-authored by university faculty members and PLA researchers.

The papers, on network security and attack detection, state on their title pages they were written by Unit 61398 researchers and professors at Shanghai Jiaotong's School of Information Security Engineering (SISE).

In one 2007 paper on how to improve security by designing a collaborative network monitoring system, PLA researcher Chen Yi-qun worked with Xue Zhi, the vice-president of SISE and the school's Communist Party branch secretary. According to his biography on the school's website, Xue is credited with developing China's leading infiltrative cyber-attack platform.

Calls and emails to Xue were not answered. Reuters was unable to find contact details for Chen.

Fan Lei, an associate professor at Shanghai Jiaotong whose main research areas are network security management and cryptography, also co-authored a paper with Chen. Fan told Reuters he has no links with Unit 61398 and his work with Chen in 2010 was because Chen was a SISE graduate student. Fan said he was unaware Chen was with the PLA when they collaborated. Both of the papers Chen co-wrote with SISE professors stated he was with the PLA unit.

Cyber-security experts say the publicly available papers and China's National Information Security Engineering Centre are ostensibly about securing computer networks.

"The research seems to be defensive, but cyber-security research in general can be dual purpose," said Adam Meyers, director of intelligence at CrowdStrike, a security technology company based in Irvine, California. Figuring out how best to defend networks, by definition, means thinking about the most effective means of attack, he noted.

Efforts to reach the PLA for comment on its collaboration with Shanghai Jiaotong were unsuccessful.

Tech Park Neighbors

Set amid manicured lawns, Shanghai Jiaotong University is one of China's top four colleges, turning out brilliant technical engineers much in demand by both domestic companies and foreign multinationals. Its reputation has led to tie-ups with elite universities abroad.

Last month, Mandiant Corp, a private U.S.-based security firm, accused China's military of cyber-espionage on U.S. and other English-speaking companies, identifying Unit 61398 and its location at a building on the outskirts of Shanghai. China said the report was baseless and lacked "technical proof".

"SISE at Shanghai Jiaotong has provided support" to PLA Unit 61398 - known more formally as General Staff Department (GSD), Third Department, Second Bureau - said Russell Hsiao, author of papers on China's cyber-warfare capabilities for Project 2049 Institute, a Virginia-based think-tank, who drew his research from the technical papers and government reports.

He said another Shanghai Jiaotong department, the Department of Computer Science and Engineering, also did research work with another PLA unit. A Project 2049 report last year found the GSD's Third Department had oversight of "information security engineering bases" in Shanghai, Beijing and Tianjin.

The GSD Third Department's Shanghai base is in an industrial park housing mainly government research institutes and high-tech firms. The SISE building is in the same development, 40 kms from the university's main Minhang campus. Across the street from SISE is the National Information Security Engineering Center, a building commissioned in 2003 by PLA Unit 61398. Also part of the base is the Ministry of Public Security's Third Research Institute, which researches digital forensics and network security.

Auto Research

Shanghai Jiaotong is not officially linked to China's military. SISE says on its website its goal is to speed up the development of China's information security sector and address the national shortage of information security professionals.

Shanghai Jiaotong set up a joint institute in China's second city in 2006 with the University of Michigan - seeking, it says on its web site, to "develop innovative and highly reputable education and research programs in various engineering fields." A spokesman for the U.S. college said it has no relationship with SISE. Carnegie Mellon University in Pittsburgh also had a partnership with Shanghai Jiaotong's School of Electronic, Information and Electrical Engineering, and Singapore Management University said it ended a tie-up with SISE last June.

Among the industries in the United States allegedly targeted by Unit 61398, as recently as last year according to Mandiant, is transportation, including the auto sector.

The University of Michigan collaborates closely with Detroit-based automakers on research projects, and is one of three colleges that comprise the University Research Corridor, which spent $300 million on R&D projects over the last five years. Nearly a third of that was funded by private industry, according to local consultant the Anderson Economic Group.

"There was no indication in 2010 that the joint institute was involved in any way and that also is the case today. We do, of course, watch the news reports on these issues carefully," said Rick Fitzgerald, a University of Michigan spokesman, referring to a New York Times report in 2010 citing investigators' claims to have tracked cyber-attacks against Google Inc to Shanghai Jiaotong and an eastern Chinese vocational school