News / Science & Technology

Researcher: Chinese Hackers Spied on Europeans Before G20 Meeting

Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Russia's President Vladimir Putin speaks during a media conference after a G20 summit in St. Petersburg, Russia on Sept. 6, 2013.
Reuters
— Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.
 
The hackers infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as “UStmilitarytoptionstintSyria,” said FireEye, which sells virus fighting technology to companies.
 
When recipients opened these documents, they loaded malicious code on to their personal computers.
 
For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.
 
FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.
 
The U.S. company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the Federal Bureau of Investigation.
 
A spokeswoman for the FBI, Jenny Shearer, declined to comment.
 
“The theme of the attacks was U.S. military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft... The intent was to target those involved with the G20.”
 
The Sept. 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on U.S. President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.
 
Villeneuve said he was confident that the hackers were from China based on a variety of technical evidence, including the language used on their control server and the machines that they used to test their malicious code.
 
However, Villeneuve also admitted that he did not have any hard evidence that linked the hackers to the Chinese government. “All we have is technical data,” Villeneuve said, stressing the impossibility of coming to an absolute conclusion on technical data alone.
 
Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.
 
“U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.
 
One of Dozens
 
Western cybersecurity firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.
 
China has long denied those allegations, saying it is the victim of spying by the United States. Those claims gained some credibility after former National Security Agency contractor Edward Snowden began leaking documents about U.S. surveillance of foreign countries, including China.
 
FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group “Ke3chang,” after the name of one of the files it uses in one of its pieces of malicious software.
 
FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers' command-and-control server.
 
In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.
 
The host name for that campaign's command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.
 
The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.
 
He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

You May Like

Computer Crash Halts US Visa, Passport Operation

Problems with database have resulted in extensive backlog of applications, affected State Department's consular offices all over the world More

Migrant Issues Close to Home Spur Groups to Take Action

Groups placing water, food in the desert, or aiding detainees after release, have one common goal: no more deaths of migrants crossing illegally into the US More

World Bank: Boko Haram Stalls African Aid Projects

Islamist group’s terrorism sets back agriculture, health efforts in Cameroon, Chad and Nigeria More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Israel Targets Gaza Supply Tunnelsi
X
July 24, 2014 4:42 AM
The Israeli military has launched a ground operation in Gaza to destroy the myriad tunnels that may have been used to smuggle weapons to Hamas. VOA's Zlatica Hoke reports that could mean more hardship for the people of Gaza, who obtain some of their essential supplies through these underground passages
Video

Video Israel Targets Gaza Supply Tunnels

The Israeli military has launched a ground operation in Gaza to destroy the myriad tunnels that may have been used to smuggle weapons to Hamas. VOA's Zlatica Hoke reports that could mean more hardship for the people of Gaza, who obtain some of their essential supplies through these underground passages
Video

Video MH17's 'Black Boxes' Could Reveal Crash Details

The government of Malaysia now has custody of the cockpit voice and flight data recorders from Malaysia Airlines Flight 17, which was hit by a missile over Ukraine before crashing last week. As VOA's Carolyn Presutti reports, the so-called black boxes may hold information about the final minutes of the flight.
Video

Video Living in the Shadows Panel Discussion

Following a screening of the new VOA documentary, "AIDS - Living in the Shadows," at the World AIDS conference in Melbourne, a panel discussed the film and how to combat the stigma associated with HIV/AIDS.
Video

Video IAEA: Iran Turns its Enriched Uranium Into Less Harmful Form

Iran has converted its stockpiles of enriched uranium into a less dangerous form that is more difficult to use for nuclear weapons, according to the United Nations’ Atomic Energy Agency. The move complies with an interim deal reached with Western powers on Iran's nuclear program last year, in exchange for easing of sanctions. Henry Ridgwell reports for VOA from London.
Video

Video Relic of Saint Draws Catholics Worried About Immigration Issue

A Roman Catholic saint who is a figure of devotion for those crossing the border into the United States is attracting believers concerned about the plight of undocumented immigrants. Mike O'Sullivan reports from Los Angeles, where a relic of Saint Toribio has drawn thousands to local churches.
Video

Video US Awards Medal of Honor for Heroics in Bloodiest of Afghan Battles

U.S. combat troops are withdrawing from Afghanistan, on pace to leave the country by the end of this year. But on Monday, U.S. President Barack Obama took time to honor a soldier whose actions while under fire in Afghanistan earned him the Medal of Honor. VOA's Jeff Seldin has more from the Pentagon.
Video

Video Ukraine Rebels Surrender MH17 Black Boxes

After days of negotiations, a senior separatist leader handed over two black boxes from an airliner downed over eastern Ukraine to Malaysian experts early Tuesday. While on Monday, the U.N. Security Council unanimously demanded that armed groups controlling the crash site allow safe and unrestricted access to the wreckage.
Video

Video In Cambodia, HIV Diagnosis Brings Deadly Shame

Although HIV/AIDS is now a treatable condition, a positive diagnosis is still a life altering experience. In Cambodia, people living with HIV are often disowned by friends, family and the community. This humiliation can be unbearable. We bring you one Cambodian woman’s struggle to overcome a life tragedy and her own HIV positive diagnosis.

AppleAndroid