Crossroads Blog | Institute National Security and Counterterrorism

Cyber Exploitation

Case Based in China Puts a Face on Persistent Hacking: NYT

On March 29th, 2012, Nicole Perlroth reported for the New York Times on the identity of one of China's most persistent hackers.  That hacker is Gu Kaiyuan (who went by the alias "scukhkr"), currently an employee at China's #1 Internet portal company.  Kaiyuan was also a graduate student at Sichuan University, an institution which gets Chinese government backing for computer network defense research.

Most of this information came out in a Trend Micro research paper titled Inside an APT Campaign with Multiple Targets in India and Japan.  The report detailed Kaiyuan's connection to cyberattacks on Indian, Japanese, and Tibetan systems; the majority of the Indian and Japanese attacks were against defense contractors.  According to both the report and the NYT article, Kaiyuan recruited other students to work on the university's cyber research and published articles about hacking himself.

The NYT article quoted James Lewis on Kaiyuan's connection to the Chinese government:

The fact they targeted Tibetan activists is a strong indicator of official Chinese government involvement . . . A private Chinese hacker may go after economic data but not a political organization.

My favorite part of the article was Kaiyuan's response: "I have nothing to say."

There's more to the NYT article, check it out here.

Leave a Reply

Bitnami