International cyberspying uncovered
Dozens of countries, companies and organisations, ranging from the United States government to the United Nations and the Olympic movement, have had their computers systematically hacked over the past five years by one country, according to a report by a leading US internet security company.
The report, by McAfee, did not openly blame any country but hinted strongly that China was the most likely culprit, a view endorsed by analysts. China has been implicated in a range of alleged incidents of cyberspying—a practice Beijing vehemently denies—including a concerted attack on Google and several attempts to prise secrets from computers at the UK Foreign Office. But the McAfee report is among the most thorough attempts yet to map the scale and range of such data-theft efforts.
The study traced the spread of one particular spying malware, usually spread by a “phishing” email which, if opened, downloaded a hidden programme on to the computer network. Through tracing this malware and also gaining access to a “command and control” computer server used by the intruders, McAfee identified 72 compromised companies and organisations.
Many more had been hacked but could not be identified from the logs.
“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators,” said Dmitri Alperovitch, the company’s head of threat research and the author of the report.
Of the hacking victims 49 were US-based, among them various arms of federal, state and local government, as well as defence contractors and other industries. Other governments included those of Taiwan, South Korea, and India.
Also found on the logs were records from the United Nations, the International Olympic Committee and two national Olympic committees—one of which was accessed by the hackers for more than two years continuously.
McAfee was at pains not to identify the suspected culprit. However, it did little to disguise its suspicions, noting that the targeting of the Olympic groups, and the sport’s anti-doping agency, immediately before and after the 2008 Beijing Games was “particularly intriguing” and pointed to a country being to blame.
China has been accused in the past. After Google came under a so-called “advanced persistent attack” in 2009 which it said originated in China, the US secretary of state, Hillary Clinton, asked Beijing for an explanation.
While a high proportion of media attention on cybersecurity focuses on the loss of personal data, such as the recent security breaches at Sony, and the activities of hacking collectives such as LulzSec, analysts say this is often minor when compared with the methodical, industrial-scale attempts to seize commercial and state secrets, presumed to be carried out by many countries, chief among them China. Alperovitch said state-orchestrated hacking was so endemic and ambitious it could reshape the workings of the global economy.
He said: “This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organisations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing.” When Google accused China last year the ministry of industry and information technology told the state news agency Xinhua: “Any accusation that the Chinese government participated in cyber-attacks, either in an explicit or indirect way, is groundless and aims to denigrate China. We are firmly opposed to that.”
No one was available for comment at the foreign ministry in Beijing. Chinese officials have previously said that China has strict laws against hacking and is itself one of the biggest victims. Dave Clemente, a cybersecurity analyst from the Chatham House international affairs think-tank in London, said it was likely China was also targeted by hackers acting on behalf of other countries.
“It’s going in both directions, but probably not to the same extent,” he said. “China has a real motivation to gain these types of industrial secrets, to make that leapfrog. There’s probably less motivation for the US to look to China for industrial secrets or high technology. But certainly there’s things China has which they’re interested in, maybe not for commercial advantage but in a geopolitical sense.”
Clemente said McAfee’s characterisation of such hacking efforts as a wholesale theft of intellectual property and secrets was “fairly reasonable”.
While basic security or human errors often made hacking easier, Clemente said, even the biggest organisations struggle to stop sophisticated attacks: “There’s not much even Google can do if China’s really determined to get inside its networks. It’s not a fair fight in that sense.”—