Western Powers Wary of Chinese Cyber Espionage Ops

Monday, September 26, 2011



Early this year, the son of an editor at the National Journal made an interesting observation while perusing some of the U.S. government cables released by WikiLeaks in late November of 2010.

The astute reader noticed a series of emails sent in 2009 to five State Department officials requesting comment on climate change issues. The emails were spoofed to appear to have originated from the National Journal’s editor and columnist Bruce Stokes, and were titled "China and Climate Change”.

At the time, the State Department officials contacted were engaged in sensitive negotiations with the Chinese government on greenhouse-gas emissions. The emails contained attachments infested with malware that would have allowed the attackers access to the recipient's computers by way of a backdoor.

''The event appears to be a targeted 'spear-phishing' [gleaning sensitive information via email] attempt and may be indicative of efforts to gather intelligence on the US's position on climate change issues," a State Department official in the cyber threat analysis division wrote several weeks after the incident.

There is no public evidence either way regarding the success of the spearfishing attack, and the assumption that the Chinese may have been behind the operation is purely circumstantial, based solely on the timing and the targets.

Spear-fishing refers to a social engineering strategy aimed at specific individuals using information tailored to fool the targets into providing sensitive information or, as was the case with the State Department officials, opening a malware-tainted document because they assume an attachment is from a trusted source.

This particular incident may have gone unacknowledged had it not been for the sharp eye of the unnamed editor's son who, after stumbling upon the emails, sent a message to his father stating, “I see that the Chinese government is using your magazine as a tool for international espionage.”

A leaked cable dated November 2008 proclaimed that an operation known as ''Byzantine Hades … [is] a cover term for a series of related computer network intrusions with a believed nexus to China, has affected US and foreign governments as well as cleared defense contractors since at least 2003."

Alan Dupont, the Director of Sydney University's Centre for International Security Studies and a security strategy expert, believes that China has been heavily engaged in cyber espionage efforts despite Western government's reluctance to discuss the matter, according to the Sydney Morning Herald.

''The broad international view based on a fair bit of empirical evidence, is that China is one of the countries at the forefront of cyber attacks on other states, which it is doing for fairly obvious reasons - intelligence gathering, political and strategic advantage, and also for defensive purposes,'' Dupont said.

Other Western powers concur that China is routinely using social engineering, phishing, and malware laden messaging to further their intelligence gathering efforts, as evidenced by a leaked 2008 cable from Germany's domestic security agency Bundesamt fur Verfassungsschutz (BfV):

''The BfV surmises the intention of PRC actors is espionage, and the primary attack vector used in their malicious activity is socially engineered email messages containing malware attachments and/or embedded links to hostile websites.''

The BfV had identified more than 500 similar operations targeting a wide variety of interests including commercial, military, and technology focused organizations.

''The socially engineered email messages delivered to German computer systems were spoofed to appear to come from trusted sources and contain information targeted specifically to the recipient's interests, duties, or current events,'' the BfV cable noted.

Australian official's concur, especially after the much publicized hack of Parliamentary systems and at least ten ministries, including those of the Prime Minister, of which Chinese hackers are suspected.

"It seems the more rocks we turn over in cyber space, the more we find. Electronic intelligence gathering is now a huge industry. It is being used against Australia on a massive scale to extract confidential information from governments, the private sector and ordinary individuals," said the Australian Security Intelligence Organisation's Director-General of Security David Irvine.

Former U.S. National Security Advisor Richrd Clarke also agrees that Chinese cyber espionage operations targeting both the public and private sectors is rampant.

"Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans. In a global competition among knowledge-based economies, Chinese cyberoperations are eroding America's advantage," Clarke wrote in a Wall Street Journal opinion piece recently.

Source:  http://www.smh.com.au/world/code-red-the-cyber-spy-threat-20110923-1kp9w.html

Possibly Related Articles:
Phishing China malware Cyberwar Headlines Espionage National Security United States Germany Australia Byzantine Hades
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.