China university collaborated with PLA cyberspies

By Melanie Lee, Reuters

SHANGHAI — Faculty members at a top Chinese university have collaborated for years on technical research papers with a People’s Liberation Army (PLA) unit accused of being at the heart of China’s alleged cyber-war against Western commercial targets. Several papers on computer network security and intrusion detection, easily accessed on the Internet, were co-authored by researchers at PLA Unit 61398, allegedly an operational unit actively engaged in cyber-espionage, and faculty at Shanghai Jiaotong University, a center of academic excellence with ties to some of the world’s top universities and attended by the country’s political and business elite. The apparent working relationship between the PLA unit and Shanghai Jiaotong is in contrast to common practice in most developed nations, where university professors in recent decades have been reluctant to cooperate with operational intelligence gathering units. China denies it engages in state-sponsored hacking, saying it is a victim of cyberattacks from the United States.

There is no evidence to suggest any Shanghai Jiaotong academics who co-authored papers with Unit 61398 worked with anyone directly engaged in cyber-espionage operations, as opposed to research. “The issue is operational activity – whether these research institutions have been involved in actual intelligence operations,” said James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies. “That’s something the U.S. does not do.” “(In the U.S.) there’s a clear line between an academic researcher and people engaged in operational (intelligence gathering) activities.” Shanghai Jiaotong declined to comment. Co-authors In reviewing the links between the PLA and Shanghai Jiaotong – whose alumni include former President Jiang Zemin, the head of China’s top automaker and the former CEO of its most popular Internal portal — Reuters found at least three papers on cyber-warfare on a document-sharing website that were co-authored by university faculty members and PLA researchers. The papers, on network security and attack detection, state on their title pages they were written by Unit 61398 researchers and professors at Shanghai Jiaotong’s School of Information Security Engineering (SISE). In one 2007 paper on how to improve security by designing a collaborative network monitoring system, PLA researcher Chen Yi-qun worked with Xue Zhi, the vice-president of SISE and the school’s Communist Party branch secretary. According to his biography on the school’s website, Xue is credited with developing China’s leading infiltrative cyberattack platform. Calls and emails to Xue were not answered. Reuters was unable to find contact details for Chen. Fan Lei, an associate professor at Shanghai Jiaotong whose main research areas are network security management and cryptography, also co-authored a paper with Chen. Fan told Reuters he has no links with Unit 61398 and his work with Chen in 2010 was because Chen was a SISE graduate student. Fan said he was unaware Chen was with the PLA when they collaborated. Both of the papers Chen co-wrote with SISE professors stated he was with the PLA unit. Cyber-security experts say the publicly available papers and China’s National Information Security Engineering Centre are ostensibly about securing computer networks. “The research seems to be defensive, but cyber-security research in general can be dual purpose,” said Adam Meyers, director of intelligence at CrowdStrike, a security technology company based in Irvine, California. Figuring out how best to defend networks, by definition, means thinking about the most effective means of attack, he noted. Efforts to reach the PLA for comment on its collaboration with Shanghai Jiaotong were unsuccessful. Tech Park Neighbors