University of Michigan monitoring relationship with Shanghai university tied to Google cyber attacks
The University of Michigan is closely monitoring developments following allegations that cyber attacks were launched from the China campus of a university with ties to U-M.
Shanghai Jiao Tong University, with which U-M has a joint institute, is a central focus of an investigation into global cyber attacks on American companies like Google. The attackers reportedly gained access to the American companies’ servers in 2009 and spread malicious software in hopes of stealing sensitive information.
Analysts familiar with China’s political system and a professor who
taught last summer at U-M’s Joint Institute with SJTU in Shanghai said
they weren’t surprised the attacks may be connected to other branches
of the Shanghai school.
Photo courtesy of University of Michigan
But U-M, which sends about 10 engineering professors a year to teach at the Joint Institute, has no plans to reconsider its relationship with SJTU unless further evidence implicates its international educational partner.
“The Joint Institute provides an excellent opportunity for students from both schools to study abroad and come to better understand the implications of globalization,” James Holloway, associate dean for undergraduate education for U-M’s College of Engineering, said in an e-mail.
Internet protocol addresses for SJTU computers were identified as the source of attacks that resulted in security breaches at Google, which immediately threatened to leave China, according to the New York Times.
Technology experts told AnnArbor.com it’s possible investigators won’t be able to determine the exact location of the attacks. Attackers may have shrouded their operation under the guise of IP addresses from SJTU computers.
But SJTU is essentially controlled by China’s Communist government, which is actively involved in clandestine cyber intelligence operations. China’s government has denied any involvement in the cyber attacks.
David Munson, dean of U-M’s College of Engineering, which operates the Joint Institute along with SJTU, said he doesn’t see much reason for concern.
“We don’t know anything other than what we’ve read in places like the New York Times, and there isn’t any indication that the Joint Institute, which is our initiative over there, is involved in any way,” Munson said. “There isn’t any reason to believe that our relationship would be affected.”
U-M spokesman Rick Fitzgerald said evidence tying SJTU to the attacks isn’t firm.
Cyber attacks and Shanghai Jiao Tong University
|
“It’s way too early to talk about how this will affect the relationship,” he said. “This is one incident where no one is really sure where the source is. It’s clearly one of those things where we’re watching the situation closely.”
Munson and U-M professors said they don’t teach advanced computer science skills to students at the Joint Institute with SJTU, although some basic algorithmic and computer programming skills are taught there.
U-M officials stressed the Joint Institute consists of electrical and mechanical engineering students, not computer science majors.
“The focus here is really on engineering,” Fitzgerald said. “It’s not computer science programming.”
SJTU, which has more than 30,000 full-time students, is a sprawling university with a broad range of expertise and initiatives.
Some 160 SJTU students are currently studying at U-M in Ann Arbor through the Joint Institute, Fitzgerald said. About 50 SJTU students had received U-M degrees as of 2005, the most recent data available.
U-M electrical engineering and mechanical engineering professors teach courses to SJTU Joint Institute students in China and in Ann Arbor. The only U-M professor currently working at SJTU in Shanghai is Jun Ni, the dean of the institute. He did not respond to requests seeking comment.
U-M engineering associate professor Mingyan Liu, who taught SJTU students in Shanghai in the summers of 2006 and 2009, said she wouldn’t be shocked if SJTU students were involved in the Google attacks.
“It wouldn’t surprise me at all if students did mischievous things on their own. Perhaps mischievous is not the right world. Let’s say illegal. Students have been known to do that,” Liu said. “If they’re capable, they’re probably intrigued and challenged to do things they’re not supposed to do. That happens all the time.”
But Liu said she would be surprised if SJTU students were coordinating global cyber attacks on behalf of China’s Communist government or its industrial leaders.
“The government can certainly do this on their own. They have the resources,” she said. “Would they actually commission the students to do it? Now that seems far fetched.”
University of Michigan's ties to Shanghai Jiao Tong University
|
But Don Blumenthal, a former director of Internet investigations for the Federal Trade Commission and Ann Arbor security consultant with DMB Associates LLC, said student hackers could be working with the government.
“I would be skeptical that this is just kind of random hit,” said Blumenthal, who is also an adjunct lecturer at U-M’s School of Information. “Once you start organizing things, I start disbelieving that there’s anything random or just a bunch of students playing a goof.”
History of U-M’s relationship with SJTU
The relationship between U-M and SJTU dates back to 1997, when the two universities formed a joint manufacturing research center.
U-M and SJTU formed the Joint Institute in 2005 as the university sought to broaden its international connections and offer opportunities for its own students and professors to experience foreign cultures. U-M students study at SJTU during the summer; none are studying there right now.
U-M President Mary Sue Coleman traveled to China in 2005 to sign the Joint Institute agreement and speak at SJTU’s commencement ceremony. She became the second person in the 115-year history of SJTU to receive an honorary doctoral degree.
In December 2009, SJTU officials and U-M executives - including Coleman, Munson and Provost Teresa Sullivan - discussed the future of the Joint Institute in a meeting conducted via video conference. Stephen Forrest, U-M’s vice president for research, was visiting SJTU at the time and attended the video conference from Shanghai.
The executives agreed to explore future collaborative research opportunities between professors from U-M and SJTU and graduate students, according to details of the meeting published on the Joint Institute’s Web site.
According to the report, Forrest said the partners had reached a tentative agreement to collaborate on research in clean fuel vehicles and biomedical science.
Coleman has plans to return to China in June to visit SJTU. Fitzgerald said he had no knowledge of any changes to those plans, and U-M officials didn’t make Coleman available to comment.
Cyber culture
People familiar with SJTU had differing perspectives on whether the Chinese university encourages a culture of hacking and cyber crime.
Chinese citizen Peter Lu said he was stunned by the accusations that SJTU was involved in the cyber attacks. He studied mechanical engineering at SJTU’s Joint Institute with U-M in Shanghai and is currently studying aerospace engineering in Ann Arbor.
“I’m pretty surprised by this,” he said. “We don’t really do that. I
don’t think any of my friends or colleagues are involved in that.”
Numerous e-mails requesting interviews of SJTU faculty members and executives went unanswered.
Online, some SJTU students in China didn’t appear astonished their university might be involved.
“I’m not surprise about the rumor that some SJTU students involved in the attack,” an SJTU student named Jin Bin posted to his Twitter account. He later added he wants “more proof, in fact, I don’t believe guys in IS school of SJTU are able to launch the attack ALONE. The IP is nothing.”
U-M engineering assistant professor Seth Pettie, who taught “Intro to Algorithms” at the Joint Institute in Shanghai last year, said in a brief interview he doesn’t believe his students were involved in hacking.
“Not in my classes,” said Pettie, who said his class didn’t involve programming. “I just heard stories about this occurring in other classes.”
Amy K. Bell, a Columbia University graduate who studied Mandarin in Shanghai and managed the U-M SJTU Joint Institute’s Web site in 2007 and 2008, said she would be “pretty surprised if anyone from JI had anything to do with it simply because they’re an undergraduate school and they’re just green kids.”
But Bell said she wouldn’t be surprised if other SJTU students were involved. She said students there have set up a network to access pirated movies, books and other stolen media, for example.
“Those guys - they all knew exactly how to exploit the system for common college” mischief, she said.
Chinese government’s relationship with SJTU
It’s not a stretch to assert the Chinese government could leverage its university system to steal political secrets or intellectual property, experts said.
“The relationship that the Chinese government and Chinese Communist Party have with their universities is not the same as the relationship that we have with the U.S. government,” said political scientist Mary Gallagher, director of U-M’s Center for Chinese Studies. “It’s a much closer relationship. It’s less clear where the boundary is.”
U-M’s SJTU Alumni Association declined to discuss the Google allegations.
“The Joint Institute between the University of Michigan and SJTU provides the students in both institutes with a great opportunity to study in different cultures and academic environments,” wrote Yiwen Jiang, the association’s president, in a statement sent in response to interview requests. “But I do not want to speculate or comment on the issue about cyber attacks against Google.”
Contact AnnArbor.com’s Nathan Bomey at (734) 623-2587 or nathanbomey@annarbor.com or follow him on Twitter. You can also subscribe to AnnArbor.com Business Review's weekly e-newsletter or the upcoming breaking business news e-newsletter.
Comments
Nathan Bomey
Thu, Feb 25, 2010 : 3:26 p.m.
JJKerrytown, great article! That story further spells out the close ties between the SJTU's information security program and the Chinese government. Thanks for sharing. I've added a link to that piece under the box inside this story where we've got links to related coverage from other news sources.
uawisok
Thu, Feb 25, 2010 : 12:11 p.m.
It would be a shame if U-M association with this joint effort was actually a shame by the Chinese goverment to infilltrate U.S technologies.....talk about a "Homeland Security" issue!!
Nathan Bomey
Thu, Feb 25, 2010 : 10:40 a.m.
A quick update with some additional information that wasn't immediately available: In a response to my e-mail request, Fitzgerald said the U-M SJTU Joint Institute now has 900 students enrolled. Also, he says "most of the costs" associated with the institute "are still being paid by the Chinese."
tmo
Thu, Feb 25, 2010 : 10:28 a.m.
Dean Munson should consider exporting engineering ethics concepts rather than technology sharing. The problem is that serious. Chinese cyber attacks on even small AA companies that don't have a presence in China have occurred in the last 6 months and I sense there is the erroneous impression given in this article that it only affects big companies, like Google, who can pull out of China as a solution.
sbbuilder
Thu, Feb 25, 2010 : 9:13 a.m.
Let's be chrystal clear about the subject matter of the hacking attacks. That point cannot be overemphasized. E-mail accounts of dissidents were compromised, and those poor fellows are probably gone for good. This is not just 'mischievous things' as the UM Engin prof states. This is not just 'illegal'. This is yet another deliberate attempt on the part of the Chinese Gov to silence any one critical of their regime.
trespass
Thu, Feb 25, 2010 : 6:43 a.m.
This is a great article. It doesn't just rehash other news stories but adds original reporting and makes the University's relationship with SJTU much clearer. The University officials seem to respond that they would only be worried if the students were proven to be in the "Joint Program" and would receive a UM degree. I think the UM should take a broader view of its partner in China. SJTU admits to having lectures and forums on "hacking" and there are student hacking clubs. A SJTU student took credit for a previous hacking attack just a few years ago. If an Ann Arbor campus student was found to be hacking, not only would they be expelled but they would probably go to jail. Shouldn't the UM insist on being involved in the investigation of whether UM students were involved in these hacking incidents before we give out another UM degree to the Joint Program students? We are supposed to uphold high ethical standards and we are giving away a lot of intellectual property both at the Shanghai campus and on the UM campus. Are we really benefiting Michigan and the USA with this program or are we only benefitting a few people at the UM? There have been several cases where Chinese graduate students have been accused of using intellectual property stolen from UM to start businesses in China. UM faculty profit from ties to Chinese companies. Is this how Michigan competes with China to become the leader in "green" technologies such as windpower, batteries and solar panels? Admitting huge numbers of Chinese students to the College of Engineering has a direct impact on American students. The UM recently testified that the GPA required for admission to the UM engineering PhD program has risen from 5.0 to 7.0 (9 point system) in recent years. That means that an American student with a B average can't get into graduate school in engineering, while a Chinese student takes his place. That American student might have been invaluable to an American start up company designing new batteries. I am not saying that we should not have any Chinese students but shouldn't we make sure that quailified American students get an opportunity before we educate our competitors.