News / Science & Technology

Researcher: Chinese Hackers Spied on Europeans Before G20 Meeting

Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
TEXT SIZE - +
Reuters
— Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.
 
The hackers infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as “UStmilitarytoptionstintSyria,” said FireEye, which sells virus fighting technology to companies.
 
When recipients opened these documents, they loaded malicious code on to their personal computers.
 
For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.
 
FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.
 
The U.S. company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the Federal Bureau of Investigation.
 
A spokeswoman for the FBI, Jenny Shearer, declined to comment.
 
“The theme of the attacks was U.S. military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft... The intent was to target those involved with the G20.”
 
The Sept. 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on U.S. President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.
 
Villeneuve said he was confident that the hackers were from China based on a variety of technical evidence, including the language used on their control server and the machines that they used to test their malicious code.
 
However, Villeneuve also admitted that he did not have any hard evidence that linked the hackers to the Chinese government. “All we have is technical data,” Villeneuve said, stressing the impossibility of coming to an absolute conclusion on technical data alone.
 
Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.
 
“U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.
 
One of Dozens
 
Western cybersecurity firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.
 
China has long denied those allegations, saying it is the victim of spying by the United States. Those claims gained some credibility after former National Security Agency contractor Edward Snowden began leaking documents about U.S. surveillance of foreign countries, including China.
 
FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group “Ke3chang,” after the name of one of the files it uses in one of its pieces of malicious software.
 
FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers' command-and-control server.
 
In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.
 
The host name for that campaign's command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.
 
The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.
 
He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

You May Like

Multimedia Parents of Disaster Ferry Passengers Lash Out at Authorities

Twenty-nine bodies recovered from water but some 270 remain trapped on board More

War Legacy Haunts Vietnam, US Relations

US congressional delegation initiates $84 million Agent Orange cleanup project More

Wikipedia Proves Useful for Tracking Flu

Technique gave better results than Center for Disease Control (CDC) and Google’s Flu Trends More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Ukraine, Russia, United in Faith, Divided in Politicsi
X
Michael Eckels
April 19, 2014
There is a strong historical religious connection between Russia and Ukraine. But what role is religion playing in the current conflict? In the run-up to Easter, Michael Eckels in Moscow reports for VOA.
Video

Video Ukraine, Russia, United in Faith, Divided in Politics

There is a strong historical religious connection between Russia and Ukraine. But what role is religion playing in the current conflict? In the run-up to Easter, Michael Eckels in Moscow reports for VOA.
Video

Video Face of American Farmer is Changing

The average American farmer is now 58 years old, and farmers 65 and older are the fastest growing segment of the population. It’s a troubling trend signaling big changes ahead for American agriculture as aging farmers retire. Reporter Mike Osborne says a new report from the U.S. Census Bureau is suggesting what some of those changes might look like... and why they might not be so troubling.
Video

Video Donetsk Governor: Ukraine Military Assault 'Delicate But Necessary'

Around a dozen state buildings in eastern Ukraine remain in the hands of pro-Russian protesters who are demanding a referendum on self-rule. The governor of the whole Donetsk region is among those forced out by the protesters. He spoke to VOA's Henry Ridgwell from his temporary new office in Donetsk city.
Video

Video Drones May Soon Send Data From High Seas

Drones are usually associated with unmanned flying vehicles, but autonomous watercraft are also becoming useful tools for jobs ranging from scientific exploration to law enforcement to searching for a missing airliner in the Indian Ocean. VOA’s George Putic reports on sea-faring drones.
Video

Video New Earth-Size Planet Found

Not too big, not too small. Not too hot, not too cold. A newly discovered planet looks just right for life as we know it, according to an international group of astronomers. VOA’s Steve Baragona has more.
Video

Video Copts in Diaspora Worry About Future in Egypt

Around 10 percent of Egypt’s population belong to the Coptic faith, making them the largest Christian minority in the Middle East. But they have become targets of violence since the revolution three years ago. With elections scheduled for May and the struggle between the Egyptian military and Islamists continuing, many Copts abroad are deeply worried about the future of their ancient church. VOA religion correspondent Jerome Socolovsky visited a Coptic church outside Washington DC.
Video

Video Critics Say Venezuelan Protests Test Limits of Military's Support

During the two months of deadly anti-government protests that have rocked the oil-rich nation of Venezuela, President Nicolas Maduro has accused the opposition of trying to initiate a coup. Though a small number of military officers have been arrested for allegedly plotting against the government, VOA’s Brian Padden reports the leadership of the armed forces continues to support the president, at least for now.
Video

Video More Millenials Unplug to Embrace Board Games

A big new trend in the U.S. toy industry has more consumers switching off their high-tech gadgets to play with classic toys, like board games. This is especially true among the so-called millenial generation - those born in the 1980's and 90's. Elizabeth Lee has more from an unusual café in Los Angeles, where the new trend is popular and business is booming.
Video

Video Google Buys Drone Company

In its latest purchase of high-tech companies, Google has acquired a manufacturer of solar-powered drones that can stay in the air almost indefinitely, relaying broadband Internet connection to remote areas. It is seen as yet another step in the U.S. based Web giant’s bid to bring Internet to the whole world. VOA’s George Putic reports.
AppleAndroid