News / Science & Technology

Researcher: Chinese Hackers Spied on Europeans Before G20 Meeting

Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
TEXT SIZE - +
Reuters
— Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.
 
The hackers infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as “UStmilitarytoptionstintSyria,” said FireEye, which sells virus fighting technology to companies.
 
When recipients opened these documents, they loaded malicious code on to their personal computers.
 
For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.
 
FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.
 
The U.S. company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the Federal Bureau of Investigation.
 
A spokeswoman for the FBI, Jenny Shearer, declined to comment.
 
“The theme of the attacks was U.S. military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft... The intent was to target those involved with the G20.”
 
The Sept. 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on U.S. President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.
 
Villeneuve said he was confident that the hackers were from China based on a variety of technical evidence, including the language used on their control server and the machines that they used to test their malicious code.
 
However, Villeneuve also admitted that he did not have any hard evidence that linked the hackers to the Chinese government. “All we have is technical data,” Villeneuve said, stressing the impossibility of coming to an absolute conclusion on technical data alone.
 
Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.
 
“U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.
 
One of Dozens
 
Western cybersecurity firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.
 
China has long denied those allegations, saying it is the victim of spying by the United States. Those claims gained some credibility after former National Security Agency contractor Edward Snowden began leaking documents about U.S. surveillance of foreign countries, including China.
 
FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group “Ke3chang,” after the name of one of the files it uses in one of its pieces of malicious software.
 
FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers' command-and-control server.
 
In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.
 
The host name for that campaign's command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.
 
The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.
 
He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

You May Like

Multimedia Anti-Keystone XL Protests Continue

Demonstrators are worried about pipeline's effect on climate change, their traditional way of life, health and safety More

Thailand's Political Power Struggle Continues

Court gave Prime Minister Yingluck Shinawatra until May 2 to prepare her defense over abuse of power charges but uncertainty remains over election timing More

Malaysia Plane Search Tests Limits of Ocean Mapping Technology

Expert tells VOA existing equipment’s maximum operating depth is around 6 kilometers as operation continues on ocean bed for any trace of MH370 More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Pet Kangaroo Helps Spread Environmental Messagei
X
Penelope Poulou
April 22, 2014 5:53 PM
Children’s author Julia Heckathorn travels the world to learn about different ecosystems and endangered animals. She pours her knowledge into children’s books, hoping the next generation will right the environmental wrongs of our times. As in many children's books, the main character in Heckathorn's stories is an animal. Unlike those other characters, though, this one is real - a kangaroo, that lives in the author’s backyard. VOA’s Penelope Poulou has more.
Video

Video Pet Kangaroo Helps Spread Environmental Message

Children’s author Julia Heckathorn travels the world to learn about different ecosystems and endangered animals. She pours her knowledge into children’s books, hoping the next generation will right the environmental wrongs of our times. As in many children's books, the main character in Heckathorn's stories is an animal. Unlike those other characters, though, this one is real - a kangaroo, that lives in the author’s backyard. VOA’s Penelope Poulou has more.
Video

Video Pro-Russian Separatists Plan 'Federalization Referendum' in Eastern Ukraine

Pro-Russian separatists in eastern Ukraine say they plan to move forward next month with a referendum vote for greater autonomy, despite the Geneva agreement reached with Russia, the U.S. and Ukraine to end the political conflict. VOA's Brian Padden reports from the city of Donetsk in Eastern Ukraine.
Video

Video Pope Francis Hopes Dual Canonizations Will Reconcile Church

On April 27, two popes - John the XXIII and John Paul II - will be made saints in a ceremony at St. Peter’s Square. VOA religion correspondent Jerome Socolovsky says the dual canonization is part of the current pope’s program to reconcile liberals and conservatives in the Roman Catholic Church.
Video

Video In Capturing Nature's Majesty, Film Makes Case for Its Survival

French filmmaker Luc Jacquet won worldwide acclaim for his 2005 Academy Award-winning documentary "March of the Penguins". Now Jacquet is back with a new film that takes movie-goers deep into the heart of a tropical rainforest - not only to celebrate its grandeur, but to make the case for its survival. VOA's Rosanne Skirble reports.
Video

Video Boston Marathon Bittersweet for Many Runners

Monday's running of the Boston Marathon was bittersweet for many of the 36,000 participants as they finished the run that was interrupted by a double bombing last year. Many gathered along the route paid respect to the four people killed as a result of two bombings near the finish line. VOA's Carolyn Presutti returned to Boston this year to follow two runners, forever changed because of the crimes.
Video

Video International Students Learn Film Production in World's Movie Capital

Hollywood - which is part of Los Angeles - is the movie capital of the world, and many aspiring filmmakers go there in hopes of breaking into the movie business. Mike O'Sullivan reports that regional universities are also a magnet for students who hope to become producers or directors.
Video

Video Pacific Rim Trade Deal Proves Elusive

With the U.S.-led war in Iraq ended and American military involvement in Afghanistan winding down, President Barack Obama has sought to pivot the country's foreign policy focus towards Asia. One aspect of that pivot is the negotiation of a free-trade agreement among 12 Pacific Rim nations. But as Obama leaves this week on a trip to four Asian countries he has found it very difficult to complete the trade pact. VOA's Ken Bredemeier has more from Washington.
Video

Video Autistic Adults Face Housing, Job Challenges

Many parents of children with disabilities fear for the future of their adult child. It can be difficult to find services to help adults with disabilities - physical, mental or emotional - find work or live on their own. The mother of an autistic boy set up a foundation to advocate for the estimated 1.2 million American adults with autism, a developmental disorder that causes communication difficulties and often social difficulties. VOA's Faiza Elmasry reports.
AppleAndroid