News / Science & Technology

    Researcher: Chinese Hackers Spied on Europeans Before G20 Meeting

    Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
    Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
    Reuters
    Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.
     
    The hackers infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as “UStmilitarytoptionstintSyria,” said FireEye, which sells virus fighting technology to companies.
     
    When recipients opened these documents, they loaded malicious code on to their personal computers.
     
    For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.
     
    FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.
     
    The U.S. company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the Federal Bureau of Investigation.
     
    A spokeswoman for the FBI, Jenny Shearer, declined to comment.
     
    “The theme of the attacks was U.S. military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft... The intent was to target those involved with the G20.”
     
    The Sept. 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on U.S. President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.
     
    Villeneuve said he was confident that the hackers were from China based on a variety of technical evidence, including the language used on their control server and the machines that they used to test their malicious code.
     
    However, Villeneuve also admitted that he did not have any hard evidence that linked the hackers to the Chinese government. “All we have is technical data,” Villeneuve said, stressing the impossibility of coming to an absolute conclusion on technical data alone.
     
    Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.
     
    “U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.
     
    One of Dozens
     
    Western cybersecurity firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.
     
    China has long denied those allegations, saying it is the victim of spying by the United States. Those claims gained some credibility after former National Security Agency contractor Edward Snowden began leaking documents about U.S. surveillance of foreign countries, including China.
     
    FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group “Ke3chang,” after the name of one of the files it uses in one of its pieces of malicious software.
     
    FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers' command-and-control server.
     
    In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.
     
    The host name for that campaign's command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.
     
    The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.
     
    He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

    You May Like

    Video As Refugees Perish, Greek Graveyards Fill

    Before burial at overflowing cemeteries, unidentified dead being swapped for DNA, in case some day relatives come to learn their fate

    Russian Opposition Leader Sues Putin for Conflict of Interest

    Alexei Navalny tells VOA in exclusive interview why transfer of $2 billion from country’s wealth fund to company with ties to President Putin’s son-in-law triggered lawsuit

    Clinton, Sanders Fight for African American Votes

    Some African American lawmakers lining up to support Clinton in face of perceived surge by Sanders in race for Democratic nomination in presidential campaign

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    As Refugees Perish, Greek Graveyards Filli
    X
    Hamada Elsaram
    February 11, 2016 8:01 PM
    Aid workers on the Greek island of Lesbos say they are struggling to bury the increasing number of bodies of refugees that have been recovered or washed up ashore in recent months.  The graveyards are all full, they say, yet as tens of thousands of people clamor to get out of Syria, it is clear refugees will still be coming in record numbers. For VOA, Hamada Elrasam reports from Lesbos, Greece.
    Video

    Video As Refugees Perish, Greek Graveyards Fill

    Aid workers on the Greek island of Lesbos say they are struggling to bury the increasing number of bodies of refugees that have been recovered or washed up ashore in recent months.  The graveyards are all full, they say, yet as tens of thousands of people clamor to get out of Syria, it is clear refugees will still be coming in record numbers. For VOA, Hamada Elrasam reports from Lesbos, Greece.
    Video

    Video To Fight Zika, Scientists Target Mosquitoes

    Mosquitoes strike again. The Zika virus outbreak is just the latest headline-grabbing epidemic carried by these biting pests, but researchers are fighting back with new ways to control them. VOA's Steve Baragona takes a look.
    Video

    Video Mosul Refugees Talk About Life Under IS

    A top U.S. intelligence official told Congress this week that a planned Iraqi-led operation to re-take the city of Mosul from Islamic State militants is unlikely to take place this year. IS took over the city in June 2014, and for the past year and a half, Mosul residents have been held captive under its rule. VOA's Zana Omar talked to some families who managed to escape. Bronwyn Benito narrates his report.
    Video

    Video Scientists Make Progress Toward Better Diabetes Treatment, Cure

    Scientists at two of the top U.S. universities say they have made significant advances in their quest to find a more efficient treatment for diabetes and eventually a cure. According to the International Diabetes Federation, the disease affects more than 370 million people worldwide. VOA’s George Putic reports.
    Video

    Video NATO to Target Migrant Smugglers

    NATO has announced plans to send warships to the Aegean Sea to target migrant smugglers in the alliance's most direct intervention so far since a wave of people began trying to reach European shores.
    Video

    Video Russia's Catholics, Orthodox Hopeful on Historic Pope-Patriarch Meeting

    Russia's Catholic minority has welcomed an historic first meeting Friday in Cuba between the Pope and the Patriarch of Russia's dominant Orthodox Church. The Orthodox Church split with Rome in 1054 and analysts say politics, both church and state, have been driving the relationship in the centuries since. VOA's Daniel Schearf reports from Moscow.
    Video

    Video Used Books Get a New Life on the Streets of Lagos

    Used booksellers are importing books from abroad and selling them on the streets of Africa's largest city. What‘s popular with readers may surprise you. Chris Stein reports from Lagos.
    Video

    Video After NH Primaries All Eyes on South Carolina

    After Tuesday's primary in New Hampshire, US presidential candidates swiftly turned to the next election coming up in South Carolina. The so-called “first-in-the-South” poll may help further narrow down the field of candidates. Zlatica Hoke reports.
    Video

    Video US Co-ed Selective Service Plan Stirs Controversy

    Young women may soon be required to register with the U.S. Selective Service System, the U.S. government agency charged with implementing a draft in a national emergency. Top Army and Marine Corps commanders told the Senate Armed Services Committee recently that women should register, and a bill has been introduced in Congress requiring eligible women to sign up for the military draft. The issue is stirring some controversy, as VOA’s Bernard Shusman reports from New York.
    Video

    Video Lessons Learned From Ebola Might Help Fight Zika

    Now that the Ebola epidemic has ended in West Africa, Zika has the world's focus. And, as Carol Pearson reports, health experts and governments are applying some of the lessons learned during the Ebola crisis in Africa to fight the Zika virus in Latin America and the Caribbean.
    Video

    Video Smartphone Helps Grow Vegetables

    One day, you may be using your smartphone to grow your vegetables. A Taipei-based company has developed a farm cube — a small, enclosed ecosystem designed to grow plants indoors. The environment inside is automatically adjusted by the cube, but it can also be controlled through an app. VOA's Deborah Block has more on the gardening system.
    Video

    Video Illinois Voters Have Mixed Emotions on Obama’s Return to Springfield

    On the ninth anniversary of the launch of his quest for national office, President Barack Obama returned to Springfield, Illinois, to speak to the Illinois General Assembly, where he once served as state senator. His visit was met with mixed emotions by those with a front-row seat on his journey to the White House. VOA's Kane Farabaugh reports.
    Video

    Video Exhibit Turns da Vinci’s Drawings Into Real Objects

    In addition to being a successful artist, Renaissance genius Leonardo da Vinci designed many practical machines, some of which are still in use today, although in different forms. But a number of his projects were never realized — until today. VOA’s George Putic reports.
    Video

    Video Heated Immigration Debate Limits Britain’s Refugee Response

    Compared to many other European states, Britain has agreed to accept a relatively small number of Syrian refugees. Just over a thousand have arrived so far -- and some are being resettled in remote corners of the country. Henry Ridgwell reports on why Britain’s response has lagged behind its neighbors.
    Video

    Video Russia's Car Sales Shrink Overall, But Luxury and Economy Models See Growth

    Car sales in Russia dropped by more than a third in 2015 because of the country's economic woes. But, at the extreme ends of the car market, luxury vehicles and some economy brands are actually experiencing growth. VOA's Daniel Schearf reports from Moscow.