From: The Yomiuri Shimbun

An e-mail address used by a former senior member of China’s People’s Liberation Army was used as a destination to receive information stolen in cyber-attacks on both houses of the Diet in the summer of 2011, The Yomiuri Shimbun has found.

The man had studied technology related to cyber-attacks at Nanjing University, which he entered on the PLA’s recommendation, according to sources close to the university.

Since last year, it has come to light that cyber-attacks were waged against companies in the defense industry, including Mitsubishi Heavy Industries, Ltd., and many government ministries.

Tracing the man’s e-mail address is the first solid clue that may lead to tracing the attackers.

Police have been exchanging information with relevant organizations to find out whether those involved in the attacks can be identified.

The former graduate student denied his involvement in the attacks when he was interviewed by phone by The Yomiuri Shimbun in mid-June.

He said he is currently working at a private company in Jinan, Shandong Province, in China.

Nanjing University in Jiangsu Province has been designated by the Chinese government as a core computer technology research base.

The cyber-attacks on the House of Representatives and House of Councillors infected a total of 63 servers and personal computers with viruses. There is a possibility about 2,000 IDs and passwords of Diet members and secretaries were compromised.

According to analysis by an information security firm, the viruses were of a type that transmits information stolen from infected PCs and servers to outside parties  disguised as normal e-mails.

One of three transmission destinations the firm has identified was registered to the former graduate student, who majored in computer science and technology.

According to the sources, the former student is in his late 30s. He enrolled in the university in 2002 as a research student under a military strengthening program, on a recommendation from the PLA. He finished the program at the university in 2005. The university does not know whether he returned to the military after completing the program, the sources said.

He was researching viruses that steal information and hacking techniques, according to the sources. He used the e-mail address in question as his contact in research papers on those subjects.

The military strengthening program started in 2002. Under cooperation between the PLA’s General Political Department and the Chinese Education Ministry, senior PLA technology-related members are educated mainly at graduate schools on the PLA’s recommendations or after they were selected through examinations. They retain their military status while they are studying. After completing programs, they usually return to the units they originally belonged to.

According to a report issued in November by the U.S. private research organization Project 2049 Institute, cyber-operations are carried out by the Third Department of the PLA’s General Staff Headquarters. The fourth bureau of the Third Department is responsible for attacks on Japan. The bureau is based in Qindao, Shandong Province.

Jinan is home to the Jinan Military Region, a military administration command, where 670 computer technology experts work for the PLA, the report said.

At Nanjing University, the man was receiving a subsidy under the “863 Program,” a Chinese national strategy plan on state high-tech development, the sources said.

The U.S. government last year criticized the program, saying the Chinese government has secretly obtained U.S. technology and commercial secrets.

Neither the upper or lower house has reported the extent of the security breach to police.

“After the cyber-attack on MHI last autumn was discovered, we learned this country’s important information has been a target for years. However, the government‘s sense of crisis has not increased,” said Prof. Motohiro Tsuchiya of Keio University, who teaches international politics and is a member of the government’s Information Security Policy Council.

“This is because it is difficult to find out who the actual attackers are and thus the threat is hardly recognized. However, if the situation is ignored, the attacks will escalate. When information points to a possible attacker, the government must investigate it thoroughly,” Tsuchiya said.