A breach of computers belonging to companies in Japan and India and to Tibetan activists has been linked to a former graduate student at a Chinese university - putting a face on the persistent espionage by Chinese hackers against foreign firms and groups.
The attacks were connected to an online alias, according to a report to be released on Friday by Trend Micro, a Tokyo-basedcomputer security firm.
The owner of the alias is Gu Kaiyuan, a ex-graduate student at Sichuan University, China, which receives government financing for its research in computer network defense.Gu is now an employee at Tencent, China's leading Internet portal company. According to the report, he may have recruited students to work on the university's research involving computer attacks and defense. Experts say the techniques and the victims point to a state-sponsored campaign.
"The fact they targeted Tibetan activists is a strong indicator of official Chinese government involvement," said James A Lewis of the Center for Strategic and International Studies in Washington. "A private Chinese hacker may go after economic data but not a political organisation."
The Trend Micro report describes systematic attacks on at least 233 personal computers. The victims include Indian military research organisations and shipping companies; Japanese aerospace, energy and engineering companies; and at least 30 computer systems of Tibetan advocacy groups. The espionage has been going on for at least 10 months and is continuing. Trend Micro did not release the names of the victims.
In the report, the researchers detailed how they had traced the attacks to an e-mail address used to register one of the command-and-control servers that directed the attacks.
The person who used the alias, "scuhkr" - possibly shorthand for Sichuan University hacker - wrote articles about hacking, which were posted to online hacking forums. The New York Times traced that alias to Gu. Gu studied at Sichuan University from 2003 to 2006.
The attacks are technically similar to a spy operation known as the Shadow Network, which since 2009 has targeted the Indian government and also pilfered a year's worth of the Dalai Lama's personal e-mails. Security researchers suggest that the Chinese government may use people not affiliated with the government in hacking operations - what security professionals call a campaign.