China’s online learning classes reportedly hacked; teaching material replaced with vulgar content

Several schools in China, conducting online classes over Tencent meetings, were targets of a ransomware attack, a China observer revealed on Tuesday, September 6. Reportedly, the hackers hijacked online classes and replaced teaching material with vulgar content. 

The incident was reported by Matthew Stinson, who writes for Forbes and is described as an educator, photographer, designer and blogger based in Tianjin, China, on his Twitter profile.

The weirdest lockdown news of the day is that multiple schools in China, including Tianjin, suffered attacks from hackers who hijacked online classes in Tencent Meeting and replaced teaching materials with vulgar content in real-time.

— Matt Stinson (@stinson) September 6, 2022

However, there is very little known about the hacking incident and there is no mention of it other than by Stinson on his Twitter account. 

What happened? According to Matthew Stinson, hackers targetted not one but multiple schools in China, that were conducting their classes online via Tencent meeting in view of the Covid-19 lockdown in several places. That's when the hackers launched attacks nationally and replaced the teaching content with vulgar material. 

The teachers were then "advised to change and protect their passwords". Tencent, the company on whose platform the classes were hosted, issued a security guide on WeChat to help teachers. 

Teachers have been advised to change and protect their passwords, but a national hack at this level, targeting online learning, screams data leak and/or backdoor to me.

— Matt Stinson (@stinson) September 6, 2022

How did it happen? While it is unknown who was behind the hacking and how it took place on a national level, Stinson claims that it couldn't have been a simple leak of the teacher or school's passwords. He said it signals a bigger problem of a massive data leak in China. 

The biggest question that's unanswered is - 

From what I’ve heard it also sounds like the hackers had functionality you wouldn’t get if you simply stole a teacher or a school’s passwords, but I’ve yet to see a clear writeup describing the attack. (I’m not sure I will, either, unless @SixthTone covers it.)

— Matt Stinson (@stinson) September 6, 2022

The news also comes at a time when the US and China are busy pointing fingers at each other over cyber spying. China has claimed that the US NSA snooped into its Northwestern Polytechnical University, a military university, in June 2022. The US has denied the accusation. 

#Exclusive: The email system of a university in Northwest China’s Shaanxi Province – well-known for its aviation, aerospace and navigation studies – was found to have been attacked by the US’ National Security Agency (NSA), GT learned from a source. https://t.co/ABn7KIyQNB pic.twitter.com/q8dLwNfkPD

— Global Times (@globaltimesnews) September 5, 2022

Answering some questions: 

China data leak: The massive data leak that Matthew Stinson is hinting at is nothing new or surprising. Several reports earlier this year revealed that data of China's 1 billion citizens were leaked online, earning the tag of being the biggest personal data leak in the country's history. The hackers also tried to sell the data. The data was stolen from the Shanghai police database. 

The leak exposed two faults in China's cybersecurity:

• Poor data protection measures adopted by the government 
• Massive data collection by the Chinese government for surveillance purposes

China is currently covering up the data leak of 1B+ people from a Shanghai police department database. This is likely to be one of the largest data leaks in history and contains personal information such as criminal history, ID numbers, addresses, names, etc.

Insane.

— Optimus ⛩ (@SubToOptimus) July 7, 2022

It isn't the only big data leak in China. On September 1, 2022, reports revealed that there was another personal data leak of some 800 million Chinese citizens. 

The personal data leak included everything from people's names, ages, birthdates, faces and even their car number plates. 

Cyber attacks on online classes and education sector: Covid-19 moved education online across the world. While things are getting back to normal, some classes are still held online. This has led to online classes becoming targets for hackers. And it isn't limited to China. 

In March 2020, a professor from Arizona State University in the US was holding online classes on Zoom, when the meeting was hit by what was called 'Zoombombing'. The screens of several attendees in the meeting were replaced by vulgar, pornographic content and the chat also turned vile, forcing the professor to cut short the class. 

Z is our last alphabet in our campaign on #AToZofOnlineSafety.Z is for Zoom which is a popular video sharing app especially during the pandemic,however it's important to read up on the privacy policies of these apps & know safety features to prevent practices such as Zoombombing. pic.twitter.com/lqqDtSrWzs

— Digital Rights Foundation (@DigitalRightsPK) September 2, 2022

It wasn't known whether the intrusion was by the students or hackers. 

The education sector's IT systems have also come under attack several times. Just over the last weekend, the Los Angeles Unified School District's IT systems came under attack of ransomware. 

There is no doubt that in the increasingly digitised society, we aren't moving as swiftly enough to protect our digital selves and data.