News / Science & Technology

Researcher: Chinese Hackers Spied on Europeans Before G20 Meeting

Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Reuters
Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.
 
The hackers infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as “UStmilitarytoptionstintSyria,” said FireEye, which sells virus fighting technology to companies.
 
When recipients opened these documents, they loaded malicious code on to their personal computers.
 
For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.
 
FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.
 
The U.S. company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the Federal Bureau of Investigation.
 
A spokeswoman for the FBI, Jenny Shearer, declined to comment.
 
“The theme of the attacks was U.S. military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft... The intent was to target those involved with the G20.”
 
The Sept. 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on U.S. President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.
 
Villeneuve said he was confident that the hackers were from China based on a variety of technical evidence, including the language used on their control server and the machines that they used to test their malicious code.
 
However, Villeneuve also admitted that he did not have any hard evidence that linked the hackers to the Chinese government. “All we have is technical data,” Villeneuve said, stressing the impossibility of coming to an absolute conclusion on technical data alone.
 
Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.
 
“U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.
 
One of Dozens
 
Western cybersecurity firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.
 
China has long denied those allegations, saying it is the victim of spying by the United States. Those claims gained some credibility after former National Security Agency contractor Edward Snowden began leaking documents about U.S. surveillance of foreign countries, including China.
 
FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group “Ke3chang,” after the name of one of the files it uses in one of its pieces of malicious software.
 
FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers' command-and-control server.
 
In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.
 
The host name for that campaign's command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.
 
The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.
 
He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

You May Like

HRW: Egypt's Trial of Morsi ‘Badly Flawed’

Human Rights Watch says former Egypt leader's detention without charge for more than three weeks after his removal from office violated Egyptian law; government rejects criticism More

Photogallery Lancet Report Calls for Major Investment in Surgery

In its report published by The Lancet, panel of experts says people are dying from conditions easily treated in the operating room such as hernia, appendicitis, obstructed labor, and serious fractures More

Music Industry Under Sway of Digital Revolution

Millions of people in every corner of the Earth now can enjoy a vast variety and quantity of music in a way that has never before been possible More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Study: Insecticide Damaging Wild Bee Populationsi
X
April 24, 2015 10:13 PM
A popular but controversial type of insecticide is damaging important wild bee populations, according to a new study. VOA’s Steve Baragona has more.
Video

Video Study: Insecticide Damaging Wild Bee Populations

A popular but controversial type of insecticide is damaging important wild bee populations, according to a new study. VOA’s Steve Baragona has more.
Video

Video Data Servers Could Heat Private Homes

As every computer owner knows, when their machines run a complex program they get pretty hot. In fact, cooling the processors can be expensive, especially when you're dealing with huge banks of computer servers. But what if that energy could heat private homes? VOA’s George Putic reports that a Dutch energy firm aims to do just that.
Video

Video Cinema That Crosses Borders Showcased at Tribeca Film Festival

Among the nearly 100 feature length films being shown at this year’s Tribeca Film Festival in New York City are more than 20 documentaries and features with international appeal, from a film about a Congolese businessman in China, to documentaries shot in Pakistan and diaspora communities in the U.S., to a poetic look at disaffected South African youth. VOA’s Carolyn Weaver has more.
Video

Video UN Confronts Threat of Young Radicals

The radicalization and recruitment of young people into Islamist extremist groups has become a growing challenge for governments worldwide. On Thursday, the U.N. Security Council heard from experts on the issue, which has become a potent threat to international peace and security. VOA’s Margaret Besheer reports.
Video

Video Growing Numbers of Turks Discover Armenian Ancestry

In a climate of improved tolerance, growing numbers of people in Turkey are discovering their grandmothers were Armenian. Hundreds of thousands of Armenians escaped the mass deportations and slaughter of the early 1900's by forced conversion to Islam. Or, Armenian children were taken in by Turkish families and assimilated. Now their stories are increasingly being heard. Dorian Jones reports from Istanbul that the revelations are viewed as an important step.
Video

Video Migrants Trek Through Western Balkans to Reach EU

Migrants from Africa and other places are finding different routes into the European Union in search of a better life. The Associated Press followed one clandestine group to document their trek through the western Balkans to Hungary. Zlatica Hoke reports that the migrants started using that route about four years ago. Since then, it has become the second-most popular path into Western Europe, after the option of sailing from North Africa to Italy.
Video

Video TIME Magazine Honors Activists, Pioneers Seen as Influential

TIME Magazine has released its list of celebrities, leaders and activists, whom it deems the world’s “most influential” in 2015. VOA's Ramon Taylor reports from New York.
Video

Video US Businesses See Cuba as New Frontier

The Obama administration's opening toward Cuba is giving U.S. companies hope they'll be able to do business in Cuba despite the continuation of the U.S. economic embargo against the communist nation. Some American companies have been able to export some products to Cuba, but the recent lifting of Cuba's terrorism designation could relax other restrictions. As VOA's Daniela Schrier reports, corporate heavy hitters are lining up to head across the Florida Straits - though experts urge caution.
Video

Video Kenya Launches Police Recruitment Drive After Terror Attacks

Kenya launched a major police recruitment drive this week as part of a large-scale effort to boost security following a recent spate of terror attacks. VOA’s Gabe Joselow reports that allegations of corruption in the process are raising old concerns about the integrity of Kenya’s security forces.
Video

Video Japan, China in Race for Asia High-Speed Rail Projects

A lucrative competition is underway in Asia for billions of dollars in high-speed rail projects. Cambodia, India, Indonesia, Malaysia Thailand and Vietnam are among the countries planning to move onto the fast track. They are negotiating with Japan and the upstart Chinese who are locked in a duel to revolutionize transportation across Asia. VOA Correspondent Steve Herman in Bangkok has details.
Video

Video Scientists: Mosquitoes Attracted By Our Genes

Some people always seem to get bitten by mosquitoes more than others. Now, scientists have proved that is really the case - and they say it’s all because of genes. It’s hoped the research might lead to new preventative treatments for diseases like malaria, as Henry Ridgwell reports from London.
Video

Video Bible Museum Coming to Washington DC

Washington is the center of American political power and also home to some of the nation’s most visited museums. A new one that will showcase the Bible has skeptics questioning the motives of its conservative Christian funders. VOA religion correspondent Jerome Socolovsky reports.
Video

Video Armenia and Politics of Word 'Genocide'

A century ago this April, hundreds of thousands of Armenians of the Turkish Ottoman empire were deported and massacred, and their culture erased from their traditional lands. While broadly accepted by the U.N. and at least 20 countries as “genocide”, the United States and Turkey have resisted using that word to describe the atrocities that stretched from 1915 to 1923. But Armenians have never forgotten.
Video

Video Afghan First Lady Pledges No Roll Back on Women's Rights

Afghan First Lady Rula Ghani, named one of Time's 100 Most Influential, says women should take part in talks with Taliban. VOA's Rokhsar Azamee has more from Kabul.
Video

Video New Brain Mapping Techniques Could Ease Chronic Pain

From Boulder, Colorado, Shelley Schlender reports that new methods for mapping pain in the brain are providing validation for chronic pain and might someday guide better treatment.

VOA Blogs