Join our Mailing List

"I believe that to meet the challenges of our times, human beings will have to develop a greater sense of universal responsibility. It is the foundation for world peace."

NYT: Case Based in China Puts a Face on Persistent Hacking

June 2, 2012


Report (PDF):

 SAN FRANCISCO — A breach of computers belonging to companies in Japan
and India and to Tibetan activists has been linked to a former
graduate student at a Chinese university — putting a face on the
persistent espionage by Chinese hackers against foreign companies and

The attacks were connected to an online alias, according to a report
to be released on Friday by Trend Micro, a computer security firm with
headquarters in Tokyo.

The owner of the alias, according to online records, is Gu Kaiyuan, a
former graduate student at Sichuan University, in Chengdu, China,
which receives government financing for its research in computer
network defense.

Mr. Gu is now apparently an employee at Tencent, China’s leading
Internet portal company, also according to online records. According
to the report, he may have recruited students to work on the
university’s research involving computer attacks and defense.

The researchers did not link the attacks directly to
government-employed hackers. But security experts and other
researchers say the techniques and the victims point to a
state-sponsored campaign.

“The fact they targeted Tibetan activists is a strong indicator of
official Chinese government involvement,” said James A. Lewis, a
former diplomat and expert in computer security who is a director and
senior fellow at the Center for Strategic and International Studies in
Washington. “A private Chinese hacker may go after economic data but
not a political organization.”

Neither the Chinese embassy in Washington nor the Chinese consulate in
New York answered requests for comment.

The Trend Micro report describes systematic attacks on at least 233
personal computers. The victims include Indian military research
organizations and shipping companies; aerospace, energy and
engineering companies in Japan; and at least 30 computer systems of
Tibetan advocacy groups, according to both the report and interviews
with experts connected to the research. The espionage has been going
on for at least 10 months and is continuing, the report says.

In the report, the researchers detailed how they had traced the
attacks to an e-mail address used to register one of the
command-and-control servers that directed the attacks. They mapped
that address to a QQ number — China’s equivalent of an online instant
messaging screen name — and from there to an online alias.

The person who used the alias, “scuhkr” — the researchers said in an
interview that it could be shorthand for Sichuan University hacker —
wrote articles about hacking, which were posted to online hacking
forums and, in one case, recruited students to a computer network and
defense research program at Sichuan University’s Institute of
Information Security in 2005, the report said.

The New York Times traced that alias to Mr. Gu. According to online
records, Mr. Gu studied at Sichuan University from 2003 to 2006, when
he wrote numerous articles about hacking under the names of “scuhkr”
and Gu Kaiyuan. Those included a master’s thesis about computer
attacks and prevention strategies. The Times connected Mr. Gu to
Tencent first through an online university forum, which listed where
students found jobs, and then through a call to Tencent.

Reached at Tencent and asked about the attacks, Mr. Gu said, “I have
nothing to say.”

Tencent, which is a privately managed and stock market-listed Internet

World Tibet News

May 17, 2019
May 2, 2019

View Archive

CTC National Office 1425 René-Lévesque Blvd West, 3rd Floor, Montréal, Québec, Canada, H3G 1T7
T: (514) 487-0665
Developed by plank