Chinese Hacker Spies Take Over Penn State Engineering Department, School Says

Late last month we highlighted the US Department of Defense’s new “Cyber Strategy.” In a new directive, the Pentagon outlined the circumstances it says may warrant the deployment of cyberweapons and, taking things a step further, indicated that the use of cyberattacks as offensive weapons wasn’t out of the question. Here’s how the DoD sums up its cyber mission:

As we noted at the time, the countries named as potential cyberadversaries come as no surprise:

Unsurprisingly, the list of cyber adversaries is indistinguishable from what might fairly be called Washington’s “usual suspects.” The villains are: Russia, Iran, China, and North Korea. In fact, Defense Secretary Ashton Carter says the Pentagon was recently the target of a Russian “cyber intrusion” which he claims was quickly detected by a government “crack team.” 

That “crack team” has apparently not been on the case at Penn State over the past 24 or so months, because as Bloomberg reports, Chinese hackers have apparently been perusing sensitive information stored on computers at Penn State’s College of Engineering for years. Here’s more:

Penn State University, which develops sensitive technology for the U.S. Navy, disclosed Friday that Chinese hackers have been sifting through the computers of its engineering school for more than two years.


One of the country’s largest and most productive research universities, Penn State offers a potential treasure trove of technology that’s already being developed with partners for commercial applications. The breach suggests that foreign spies could be using universities as a backdoor to U.S. commercial and defense secrets.


The hackers are so deeply embedded that the engineering college’s computer network will be taken offline for several days while investigators work to eject the intruders.

The breach, which the school’s president calls “an incredibly serious situation,” was allegedly perpetrated by what Bloomberg calls “state-sponsored hackers” acting as “foreign spies” and was reportedly uncovered by the FBI late last year. After a lengthy investigation (which cost the university millions) school officials are now concerned that information from Penn State's Applied Research Laboratory (which has worked with the US Navy for the better part of a century) may have been compromised in the operation:

Among Penn State’s specialties is aerospace engineering, which has both commercial and defense applications important to China’s government. The university is also home to Penn State’s Applied Research Laboratory, one of 14 research centers around the country that work mainly for the military.


While the lab is not part of the College of Engineering, Jones said experts there have been alerted to the breach and are investigating whether the hackers could have moved there from those networks.


Bennett said the lab’s computers are separated from the engineering college by “network-based controls,” and its personnel use different passwords. The Applied Research Lab has been doing work for the Navy since 1945 and specializes in undersea propulsion and navigation.


That the hackers were in the network undetected for more than two years raises the possibility that they used connections between computers to move into more highly guarded networks, including defense contractors, government agencies or the Navy, according to the person familiar with the investigation.

If all of that isn’t conspiratorial enough for you, then consider this:

In addition to online activities, the Chinese have sent legions of graduate students to U.S. schools and have tried to recruit students, faculty members and others at both universities and government research facilities, several recent law-enforcement investigations show…


University provost Nicholas Jones said Penn State hopes to use its experience to help other universities that are also likely targets for advanced cyberspies and other intruders, providing information on the hack as well as advanced security measures the university is putting in place.


“We don’t think we’re alone,” Jones said.

If Ashton Carter and the DoD needed an excuse to launch a cyber offensive on the way to “convincing a potential adversary that it will suffer unacceptable costs if it conducts a [cyber] attack on the United States,” we suppose this is it, because apparently, China has not only employed a vast network of sophisticated hacker spies in order to steal the blueprints for unmanned military drones and submarines from the computers of university engineering departments, but has also sent “legions” of operatives posing as graduate students to infiltrate America’s higher education system. This represents a remarkable step up the cyber attack accusation ladder compared to Washington’s attempt to blame North Korea for cyber-sabotaging James Franco and Seth Rogen.

We will let readers determine the extent to which any of the above is grounded in reality, but if indeed China does intend to use students as instruments of espionage, we have the following message for Beijing: given the inexorable rise in US college tuition rates and your $28 trillion debt pile, China may become insolvent on the way to procuring US military secrets.