News / Science & Technology

Researcher: Chinese Hackers Spied on Europeans Before G20 Meeting

Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Reuters
Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.
 
The hackers infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as “UStmilitarytoptionstintSyria,” said FireEye, which sells virus fighting technology to companies.
 
When recipients opened these documents, they loaded malicious code on to their personal computers.
 
For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.
 
FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.
 
The U.S. company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the Federal Bureau of Investigation.
 
A spokeswoman for the FBI, Jenny Shearer, declined to comment.
 
“The theme of the attacks was U.S. military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft... The intent was to target those involved with the G20.”
 
The Sept. 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on U.S. President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.
 
Villeneuve said he was confident that the hackers were from China based on a variety of technical evidence, including the language used on their control server and the machines that they used to test their malicious code.
 
However, Villeneuve also admitted that he did not have any hard evidence that linked the hackers to the Chinese government. “All we have is technical data,” Villeneuve said, stressing the impossibility of coming to an absolute conclusion on technical data alone.
 
Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.
 
“U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.
 
One of Dozens
 
Western cybersecurity firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.
 
China has long denied those allegations, saying it is the victim of spying by the United States. Those claims gained some credibility after former National Security Agency contractor Edward Snowden began leaking documents about U.S. surveillance of foreign countries, including China.
 
FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group “Ke3chang,” after the name of one of the files it uses in one of its pieces of malicious software.
 
FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers' command-and-control server.
 
In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.
 
The host name for that campaign's command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.
 
The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.
 
He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

You May Like

Video Indiana Controversy Points to Divergent Notions of Religious Freedom

Gay-marriage opponents are looking for ways to maintain their beliefs in face of changing culture, one writer says More

UNICEF Denies North Korean Measles Outbreak

Agency dismisses Russian media report after government, WHO assurances More

Turkey Seen Taking Harder Stance Against Militant Kurds

Stance comes as President Recep Tayyip Erdogan is being seen as moving closer to generals More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Indiana Controversy Highlights Divergent Meanings of Religious Freedomi
X
Jerome Socolovsky
April 01, 2015 1:41 AM
Indiana’s state government has triggered a nationwide controversy by approving a law that critics say is aimed at allowing discrimination against gays and lesbians. The controversy stems from divergent notions of religious freedom in America. VOA's Jerome Socolovsky reports.
Video

Video Indiana Controversy Highlights Divergent Meanings of Religious Freedom

Indiana’s state government has triggered a nationwide controversy by approving a law that critics say is aimed at allowing discrimination against gays and lesbians. The controversy stems from divergent notions of religious freedom in America. VOA's Jerome Socolovsky reports.
Video

Video Nigerians Welcome Buhari's Return to Power

Crowds of jubilant Nigerians nationwide have celebrated the return to power of former military ruler Muhammadu Buhari. The retired army general won this year's presidential election with more than 2 million votes more than incumbent President Goodluck Jonathan. Buhari's supporters hope he can strengthen the country's economy and security once he takes office in late May. Zlatica Hoke has this story.
Video

Video Report: State of Black America a 'Tale of Two Nations'

The National Urban League has described this year's "State of Black America" report as a "tale of two nations." The group's annual report, released earlier this month (March), found that under an equality index African Americans had only 72% parity compared to whites in areas such as education, economics, health, social justice and civic engagement. It’s a gap that educators and students at Brooklyn’s Medgar Evers College are looking to close. VOA's Daniela Schrier reports from the school.
Video

Video Film Tells Story of Musicians in Mali Threatened by Jihadists

At this year's annual South by Southwest film and music festival in Austin, Texas, some musicians from Mali were on hand to promote a film about how their lives were upturned by jihadists who destroyed ancient treasures in the city of Timbuktu and prohibited anyone from playing music under threat of death. As VOA’s Greg Flakus reports from Austin, some are afraid to return to their hometowns even though the jihadists are no longer in control there.
Video

Video Gamma Ray Observatory to Open Soon in Mexico

American and Mexican scientists have completed construction of the world's largest gamma ray observatory, situated high in central Mexico’s Sierra Negra Mountain. The observatory's huge array of water-based detectors will soon start discovering secrets about black holes and supernovas. VOA’s George Putic reports.
Video

Video Ebola Vaccine Trials Underway in West Africa

Ebola has claimed the lives of more than 10,000 people in West Africa. Since last summer, researchers have rushed to get anti-Ebola vaccines into clinical trials. While it's too early to say that any of the potential vaccines work, some scientists say they are seeing strong results from some of the studies. VOA's Carol Pearson reports.
Video

Video Philippines Wants Tourists Spending Money at New Casinos

Tourism is a multi-billion dollar industry in the Philippines. Close to five million foreign visitors traveled there last year, perhaps lured by the country’s tropical beaches. But Jason Strother reports from Manila that the country hopes to entice more travelers to stay indoors and spend money inside new casinos.
Video

Video Civilian Casualties Push Men to Join Rebels in Ukraine

The continued fighting in eastern Ukraine and the shelling of civilian neighborhoods seem to be pushing more men to join the separatist fighters. Many of the new recruits are residents of Ukraine made bitter by new grievances, as well as old. VOA's Patrick Wells reports.
Video

Video Islamic State Prisoners Talk of Curiosity, God, Regret

Islamic State fighter, a prisoner of Kurdish YPG forces, asked his family asking for forgiveness: "I destroyed myself and I destroyed them along with me." The Syrian youth was one of two detainees who spoke to VOA’s Kurdish Service about the path they chose; their names have been changed and identifying details obscured. VOA's Zana Omer reports.
Video

Video Germanwings Findings Raise Issue of Psychological Testing for Pilots

More is being discovered about the co-pilot in the crash of Germanwings Flight 9525 in the French Alps. Investigators say he was hiding a medical condition, raising questions about the mental qualifications of pilots. VOA's Carolyn Presutti reports.
Video

Video Liberia's Almost Last Ebola Patient Grateful but Still Grieving

Beatrice Yardolo was to make history as Liberia’s last Ebola patient. Liberians recently started counting down 42 days, the period that has to go by without a single new infection until the World Health Organization can declare a country Ebola-free. That countdown stopped on March 20 when there was another new case of Ebola, making Yardolo’s story a reminder that Ebola is far from over. Benno Muchler reports from Monrovia.
Video

Video Cambodian Land Grabs Threaten Traditional Communities

Indigenous communities in Cambodia's Ratanakiri province say the government’s economic land concession policy is taking away their land and traditional way of life, making many fear that their identity will soon be lost. Local authorities, though, have denied this is the case. VOA's Say Mony went to investigate and filed this report, narrated by Colin Lovett.

VOA Blogs

Circumventing Censorship

An Internet Primer for Healthy Web Habits

As surveillance and censoring technologies advance, so, too, do new tools for your computer or mobile device that help protect your privacy and break through Internet censorship.
More