News / Science & Technology

    Researcher: Chinese Hackers Spied on Europeans Before G20 Meeting

    Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
    Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
    Reuters
    Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.
     
    The hackers infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as “UStmilitarytoptionstintSyria,” said FireEye, which sells virus fighting technology to companies.
     
    When recipients opened these documents, they loaded malicious code on to their personal computers.
     
    For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.
     
    FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.
     
    The U.S. company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the Federal Bureau of Investigation.
     
    A spokeswoman for the FBI, Jenny Shearer, declined to comment.
     
    “The theme of the attacks was U.S. military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft... The intent was to target those involved with the G20.”
     
    The Sept. 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on U.S. President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.
     
    Villeneuve said he was confident that the hackers were from China based on a variety of technical evidence, including the language used on their control server and the machines that they used to test their malicious code.
     
    However, Villeneuve also admitted that he did not have any hard evidence that linked the hackers to the Chinese government. “All we have is technical data,” Villeneuve said, stressing the impossibility of coming to an absolute conclusion on technical data alone.
     
    Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.
     
    “U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.
     
    One of Dozens
     
    Western cybersecurity firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.
     
    China has long denied those allegations, saying it is the victim of spying by the United States. Those claims gained some credibility after former National Security Agency contractor Edward Snowden began leaking documents about U.S. surveillance of foreign countries, including China.
     
    FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group “Ke3chang,” after the name of one of the files it uses in one of its pieces of malicious software.
     
    FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers' command-and-control server.
     
    In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.
     
    The host name for that campaign's command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.
     
    The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.
     
    He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

    You May Like

    Hope Remains for Rio Olympic Games

    Facing a host of problems, Rio prepares for holding the games but experts say some risks, like Zika, may not be as grave as initially thought

    IS Use of Social Media to Recruit, Radicalize Still a Top Threat to US

    Despite military gains against IS in Iraq and Syria, their internet propaganda still commands an audience; US officials see 'the most complex challenge that the federal government and industry face'

    ‘Time Is Now’ to Save Africa’s Animals From Poachers, Activist Says

    During Zimbabwe visit, African Wildlife Foundation President Kaddu Sebunya says poaching hurts Africa as slave trade once did

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Ivorian Chocolate Makers Promote Locally-made Chocolatei
    X
    July 29, 2016 4:02 PM
    Ivory Coast is the world's top producer of cocoa but hardly any of it is processed into chocolate there. Instead, the cocoa is sent abroad to chocolate makers in Europe and elsewhere. This is a general problem throughout Africa – massive exports of raw materials but few finished goods. As Emilie Iob reports from Abidjan, several Ivorian entrepreneurs are working to change that formula - 100 percent Ivorian chocolate bar at a time.
    Video

    Video Ivorian Chocolate Makers Promote Locally-made Chocolate

    Ivory Coast is the world's top producer of cocoa but hardly any of it is processed into chocolate there. Instead, the cocoa is sent abroad to chocolate makers in Europe and elsewhere. This is a general problem throughout Africa – massive exports of raw materials but few finished goods. As Emilie Iob reports from Abidjan, several Ivorian entrepreneurs are working to change that formula - 100 percent Ivorian chocolate bar at a time.
    Video

    Video Tesla Opens Battery-Producing Gigafactory

    Two years after starting to produce electric cars, U.S. car maker Tesla Motors has opened the first part of its huge battery manufacturing plant, which will eventually cover more than a square kilometer. Situated close to Reno, Nevada, the so-called Gigafactory will eventually produce more lithium-ion batteries than were made worldwide in 2013. VOA's George Putic reports.
    Video

    Video Polio-affected Afghan Student Fulfilling Her Dreams in America

    Afghanistan is one of only two countries in the world where children still get infected by polio. The other is Pakistan. Mahbooba Akhtarzada who is from Afghanistan, was disabled by polio, but has managed to overcome the obstacles caused by this crippling disease. VOA's Zheela Nasari caught up with Akhtarzada and brings us this report narrated by Bronwyn Benito.
    Video

    Video Hillary Clinton Promises to Build a 'Better Tomorrow'

    Democratic presidential candidate Hillary Clinton urged voters Thursday not to give in to the politics of fear. She vowed to unite the country and move it forward if elected in November. Clinton formally accepted the Democratic Party's nomination at its national convention in Philadelphia. VOA national correspondent Jim Malone has more.
    Video

    Video Trump Tones Down Praise for Russia

    Republican presidential candidate Donald Trump is toning down his compliments for Russia and Vladimir Putin as such rhetoric got him in trouble recently. After calling on Russia to find 30.000 missing emails from rival Hillary Clinton, Trump told reporters he doesn't know Putin and never called him a great leader, just one who's better than President Barack Obama. Putin has welcomed Trump's overtures, but, as Zlatica Hoke reports, ordinary Russians say they are not putting much faith in Trump.
    Video

    Video Uganda Unveils its First Solar-powered Bus

    A solar-powered bus described by its Ugandan makers as the first in Africa has made its public debut. Kiira Motors' electric bus, Kayoola, displayed recently at a stadium in Uganda's capital. From Kampala, Maurice Magorane filed this report narrated by Salem Solomon.
    Video

    Video Silicon Valley: More Than A Place, It's a Culture

    Silicon Valley is a technology powerhouse and a place that companies such as Google, Facebook and Apple call home. It is a region in northern California that stretches from San Francisco to San Jose. But, more than that, it's known for its startup culture. VOA's Elizabeth Lee went inside one company to find out what it's like to work in a startup.
    Video

    Video Immigrant Delegate Marvels at Democratic Process

    It’s been a bitter and divisive election season – but first time Indian-American delegate Dr. Shashi Gupta headed to the Democratic National Convention with a sense of hope. VOA’s Katherine Gypson followed this immigrant with the love of U.S. politics all the way to Philadelphia.
    Video

    Video Dutch Entrepreneurs Turn Rainwater Into Beer

    June has been recorded as one of the wettest months in more than a century in many parts of Europe. To a group of entrepreneurs in Amsterdam the rain came as a blessing, as they used the extra water to brew beer. Serginho Roosblad has more to the story.
    Video

    Video Commerce Thrives on US-Mexico Border

    At the Democratic Convention in Philadelphia this week, the party’s presumptive presidential nominee, Hillary Clinton, is expected to attack proposals made by her opponent, Republican presidential nominee Donald Trump, to build a wall along the U.S.-Mexico border. Last Friday, President Barack Obama hosted his Mexican counterpart, President Enrique Peña Nieto, to underscore the good relations between the two countries. VOA’s Greg Flakus reports from Tucson.
    Video

    Video Film Helps Save Ethiopian Children Thought to be Cursed

    'Omo Child' looks at effort of African man to stop killings of ‘mingi’ children
    Video

    Video London’s Financial Crown at Risk as Rivals Eye Brexit Opportunities

    By most measures, London rivals New York as the only true global financial center. But Britain’s vote to leave the European Union – so-called ‘Brexit’ – means the city could lose its right to sell services tariff-free across the bloc, risking its position as Europe’s financial headquarters. Already some banks have said they may shift operations to the mainland. Henry Ridgwell reports from London.

    Special Report

    Adrift The Invisible African Diaspora