News / Science & Technology

Researcher: Chinese Hackers Spied on Europeans Before G20 Meeting

Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Reuters
Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.
 
The hackers infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as “UStmilitarytoptionstintSyria,” said FireEye, which sells virus fighting technology to companies.
 
When recipients opened these documents, they loaded malicious code on to their personal computers.
 
For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.
 
FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.
 
The U.S. company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the Federal Bureau of Investigation.
 
A spokeswoman for the FBI, Jenny Shearer, declined to comment.
 
“The theme of the attacks was U.S. military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft... The intent was to target those involved with the G20.”
 
The Sept. 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on U.S. President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.
 
Villeneuve said he was confident that the hackers were from China based on a variety of technical evidence, including the language used on their control server and the machines that they used to test their malicious code.
 
However, Villeneuve also admitted that he did not have any hard evidence that linked the hackers to the Chinese government. “All we have is technical data,” Villeneuve said, stressing the impossibility of coming to an absolute conclusion on technical data alone.
 
Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.
 
“U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.
 
One of Dozens
 
Western cybersecurity firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.
 
China has long denied those allegations, saying it is the victim of spying by the United States. Those claims gained some credibility after former National Security Agency contractor Edward Snowden began leaking documents about U.S. surveillance of foreign countries, including China.
 
FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group “Ke3chang,” after the name of one of the files it uses in one of its pieces of malicious software.
 
FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers' command-and-control server.
 
In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.
 
The host name for that campaign's command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.
 
The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.
 
He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

You May Like

Video Positive Messaging Helps Revamp Ethiopia's Image

In country once connected with war, poverty, famine, headlines now focus on fast-growing economy, diplomatic reputation More

Russian Activist Thinks Kremlin Ordered Nemtsov's Death

Alexei Navalny says comments of Russian liberals who think government wasn't involved are 'nonsense.' More

Video Land Disputes Rise Amid Uganda Oil Boom

Investors appear to be cashing in by selling parcels of land to multiple buyers More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Positive Messaging Transforms Ethiopia's Imagei
X
Marthe van der Wolf
March 03, 2015 9:03 PM
Ethiopia was once known for famine and droughts. Now, headlines more often point to its fast-growing economy and its emergence as a regional peacemaker. How has Addis Ababa changed the narrative? VOA's Marthe van der Wolf reports.
Video

Video Positive Messaging Transforms Ethiopia's Image

Ethiopia was once known for famine and droughts. Now, headlines more often point to its fast-growing economy and its emergence as a regional peacemaker. How has Addis Ababa changed the narrative? VOA's Marthe van der Wolf reports.
Video

Video Cyber War Rages Between Iran, US

A newly published report indicates Iran and the United States have increased their cyber attacks on each other, even as their top diplomats are working toward an agreement to guarantee Iran does not develop a nuclear weapon and to free Iran from international sanctions. The development is part of a growing global trend. VOA’s Al Pessin reports from London.
Video

Video Answers Elude Families of MH370 Passengers

For the families on board Malaysia Airlines flight MH370, an airline official’s statement nearly one year ago that the plane had lost contact with air traffic control at 2:40 AM is the only thing that remains confirmed. William Ide reports.
Video

Video Land Disputes Arise Amid Uganda Oil Boom

Ugandan police say there has been a sharp increase in land disputes, with 10 new cases being reported each day. The claims come amid an oil boom as investors appear to be cashing in by selling parcels of land to multiple buyers. Meanwhile, the people who have been living on the land for decades are chased away, sometimes with a heavy hand. VOA's Serginho Roosblad reports.
Video

Video In Russia, Many Doubt Opposition Leader's Killer Will Be Found

The funeral has been held in Moscow for Boris Nemtsov, the opposition leader who was assassinated late Friday just meters from the Kremlin. Nemtsov joins a growing list of outspoken critics of Russia under the leadership of President Vladimir Putin who are believed to have been murdered for their work. VOA’s Daniel Schearf reports from Moscow.
Video

Video Simulated Astronauts Get Taste of Mars, in Hawaii

For generations, people have dreamed of traveling to Mars to explore Earth's closest planetary neighbor. VOA's Mike O'Sullivan reports that while space agencies like NASA are planning manned missions to the planet, some volunteers in Hawaii are learning how humans will cope with months in isolation on a Mars base.
Video

Video Destruction of Iraq Artifacts Shocks Archaeologists

The city of Mosul was once one of the most culturally rich and religiously diverse cities in Iraq. That tradition is under attack by members of the Islamic State who have made Mosul their capital city. The Mosul Museum is the latest target of the group’s campaign of terror and destruction, and is of grave concern to archaeologists around the world. VOA’s Kane Farabaugh reports.
Video

Video Smartphones May Help in Diagnosing HIV

Diagnosing infections such as HIV requires expensive clinical tests, making the procedure too costly for many poor patients or those living in remote areas. But a new technology called lab-on-a-chip may make the tests more accessible to many. VOA’s George Putic reports.
Video

Video Afghan Refugees Complain of Harassment in Pakistan

Afghan officials have expressed concern over reports of a crackdown on Afghan refugees in Pakistan following the Peshawar school attack in December. Reports of mass arrests and police harassment coupled with fear of an uncertain future are making life difficult for a population that fled its homeland to escape war. VOA’s Ayesha Tanzeem reports from Islamabad.
Video

Video Ukrainian Volunteers Prepare to Defend Mariupol

Despite the ongoing ceasefire in Ukraine, soldiers in the city of Mariupol fear that pro-Russian separatists may be getting ready to attack. The separatists must take or encircle the city if they wish to gain land access to Crimea, which was annexed by Russia early last year. But Ukrainian forces, many of them volunteers, say they are determined to defend it. Patrick Wells reports from Mariupol.
Video

Video Moscow Restaurants Suffer in Bad Economy, Look for Opportunity

As low oil prices and Western sanctions force Russia's economy into recession, thousands of Moscow restaurants are expected to close their doors. Restaurant owners face rents tied to foreign currency, while rising food prices mean Russians are spending less when they dine out. One entrepreneur in Moscow has started a dinner kit delivery service for those who want to cook at home to save money but not skimp on quality. VOA's Daniel Schearf reports.
Video

Video Presidential Hopefuls Battle for Conservative Hearts and Minds

One after another, presumptive Republican presidential contenders auditioned for conservative support this week at the Conservative Political Action Conference held outside Washington. The rhetoric was tough as a large field of potential candidates tried to woo conservative support with red-meat attacks on President Barack Obama and Democrats in Congress. VOA Political Columnist Jim Malone takes a look.
Video

Video Southern US Cities Preserve Civil Rights Heritage to Boost Tourism

There has been a surge of interest in the American civil rights movement of the 1950s and '60s, thanks in part to the Hollywood motion picture "Selma." Five decades later, communities in the South are embracing the dark chapters of their past with hopes of luring tourism dollars. VOA's Chris Simkins reports.
Video

Video Deep Under Antarctic Ice Sheet, Life!

With the end of summer in the Southern hemisphere, the Antarctic research season is over. Scientists from Northern Illinois University are back in their laboratory after a 3-month expedition on the Ross Ice Shelf, the world’s largest floating ice sheet. As VOA’s Rosanne Skirble reports, they hope to find clues to explain the dynamics of the rapidly melting ice and its impact on sea level rise.

All About America

Circumventing Censorship

An Internet Primer for Healthy Web Habits

As surveillance and censoring technologies advance, so, too, do new tools for your computer or mobile device that help protect your privacy and break through Internet censorship.
More