News / Science & Technology

Researcher: Chinese Hackers Spied on Europeans Before G20 Meeting

Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Reuters
Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.
 
The hackers infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as “UStmilitarytoptionstintSyria,” said FireEye, which sells virus fighting technology to companies.
 
When recipients opened these documents, they loaded malicious code on to their personal computers.
 
For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.
 
FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.
 
The U.S. company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the Federal Bureau of Investigation.
 
A spokeswoman for the FBI, Jenny Shearer, declined to comment.
 
“The theme of the attacks was U.S. military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft... The intent was to target those involved with the G20.”
 
The Sept. 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on U.S. President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.
 
Villeneuve said he was confident that the hackers were from China based on a variety of technical evidence, including the language used on their control server and the machines that they used to test their malicious code.
 
However, Villeneuve also admitted that he did not have any hard evidence that linked the hackers to the Chinese government. “All we have is technical data,” Villeneuve said, stressing the impossibility of coming to an absolute conclusion on technical data alone.
 
Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.
 
“U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.
 
One of Dozens
 
Western cybersecurity firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.
 
China has long denied those allegations, saying it is the victim of spying by the United States. Those claims gained some credibility after former National Security Agency contractor Edward Snowden began leaking documents about U.S. surveillance of foreign countries, including China.
 
FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group “Ke3chang,” after the name of one of the files it uses in one of its pieces of malicious software.
 
FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers' command-and-control server.
 
In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.
 
The host name for that campaign's command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.
 
The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.
 
He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

You May Like

Cambodia Seeks Official UN Maps for Vietnam Border

Notice of request comes as 2 countries open border talks Tuesday after a clash last month More

From South Africa to Vietnam, Cyclists Deliver Message Against Rhino Horns

Appalled by poaching they saw firsthand, sisters embark on tour to raise awareness in countries where rhino horn products are in demand More

Uber Wants Johannesburg Police Protection

Request follows recent protests outside ride-hailing service's Johannesburg office More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Getting it Done Beyond a Nuclear Deali
X
July 07, 2015 12:02 PM
If a nuclear deal is reached between Iran and world powers in Vienna, it will be a highly technical road map to be used to monitor nuclear activity in Iran for years to come to ensure Tehran does not make nuclear weapons. Equally as complicated will be dismantling international sanctions that were originally intended to be ironclad. VOA’s Heather Murdock talks to experts about the key challenges any deal will present.
Video

Video Getting it Done Beyond a Nuclear Deal

If a nuclear deal is reached between Iran and world powers in Vienna, it will be a highly technical road map to be used to monitor nuclear activity in Iran for years to come to ensure Tehran does not make nuclear weapons. Equally as complicated will be dismantling international sanctions that were originally intended to be ironclad. VOA’s Heather Murdock talks to experts about the key challenges any deal will present.
Video

Video Rice Farmers Frustrated As Drought Grips Thailand

A severe drought in Thailand is limiting the growing season of the country’s important rice crop. Farmers are blaming the government for not doing more to protect a key export. Steve Sandford reports from Chiang Mai, Thailand.
Video

Video Making Music, Fleeing Bombs: New Film on Sudan’s Internal Refugees

In 2012, Sudanese filmmaker Hajooj Kuka went to make a documentary among civil war refugees in Sudan’s Blue Nile and Nuba Mountains region. What he found surprised him: music was helping to save people from bombing raids by their own government. VOA’s Carolyn Weaver has more.
Video

Video 'From This Day Forward' Reveals Difficult Journey of Transgender Parent

In her documentary, "From This Day Forward", filmmaker Sharon Shattuck reveals the personal journey of her transgender father, as he told his family that he always felt he was a woman inside and decided to live as one. VOA’s Penelope Poulou has more.
Video

Video Floodwaters Threaten Iconic American Home

The Farnsworth House in the Midwest State of Illinois is one of the most iconic homes in America. Thousands of tourists visit the site every year. Its location near a river inspired the design of the house, but, as VOA’s Kane Farabaugh reports, that very location is now threatening the existence of this National Historic Landmark.
Video

Video Olympics Construction Scars Sacred Korean Mountain

Environmentalists in South Korea are protesting a Winter Olympics construction project to build a ski slope through a 500-year-old protected forest. Brian Padden reports that although there is strong national support for hosting the 2018 Pyeongchang Winter Olympics, there are growing public concerns over the costs and possible ecological damage at the revered mountain.
Video

Video Xenophobia Victims in South Africa Flee Violence, Then Return

Many Malawians fled South Africa early this year after xenophobic attacks on African immigrants. But many quickly found life was no better at home and have returned to South Africa – often illegally and without jobs, and facing the tough task of having to start over. Lameck Masina and Anita Powell file from Johannesburg.
Video

Video Family of American Marine Calls for Release From Iranian Prison

As the crowd of journalists covering the Iran talks swells, so too do the opportunities for media coverage.  Hoping to catch the attention of high-level diplomats, the family of American-Iranian marine Amir Hekmati is in Vienna, pleading for his release from an Iranian prison after nearly 4 years.  VOA’s Heather Murdock reports from Vienna.
Video

Video UK Holds Terror Drill as MPs Mull Tunisia Response

After pledging a tough response to last Friday’s terror attack in Tunisia, which came just days before the 10th anniversary of the bomb attacks on London’s transport network, British security services are shifting their focus to overseas counter-terror operations. VOA's Henry Ridgwell has more.
Video

Video Obama on Cuba: This is What Change Looks Like

President Barack Obama says the United States will soon reopen its embassy in Cuba for the first time since 1961, ending a half-century of isolation. VOA White House correspondent Luis Ramirez reports.
Video

Video Hate Groups Spread Influence Via Internet

Hate groups of various kinds are using the Internet for propaganda and recruitment, and a Jewish human rights organization that monitors these groups, the Simon Wiesenthal Center, says their influence is growing. The messages are different, but the calls to hatred or violence are similar. VOA's Mike O’Sullivan reports.
Video

Video Blind Somali Journalist Defies Odds in Mogadishu

Despite improving security in the last few years, Somalia remains one of the most dangerous countries to be a journalist – even more so for someone who cannot see. Abdulaziz Billow has the story of journalist Abdifatah Hassan Kalgacal, who has been reporting from the Somali capital for the last decade despite being blind.

VOA Blogs