China under suspicion over cyber espionage

Although no firm evidence of Chinese state-sponsored hacking of global companies has been put into the public domain, the country is seen as a major threat.

Powered by automated translation

China is suspected of having conducted an orchestrated series of hacking attacks on the websites of a number of oil and gas giants. There is evidence that the Middle East is increasingly becoming a focus for many of these attacks.

According to the US security company McAfee, covert and targeted cyberattacks have been conducted against global oil, energy and petrochemical companies since November 2009.

The intruders are alleged to have used hacking software in the form of remote administration tools, Rats for short, in order to temporarily take control of a large part of the targeted corporations' IT systems.

McAfee believes the attacks originate from China. The continuing attacks, which McAfee calls Night Dragon, are reported to have harvested sensitive competitive proprietary information on operations and project-financing administration regarding oil and gas field bids. McAfee reports that hacking tools developed in China and widely available on Chinese underground hacker websites were used to establish "back doors" that allowed the attackers to bypass network security.

Analysts suspect the attacks have already been used to gain a competitive advantage in the oilfields of the Middle East.

"The kind of information that this type of hack is trying to capture is far more valuable than the simple credit card hacks of the past," says Graham Titterington, an analyst at the IT and communications research company Ovum. "I have heard that when several oil companies were bidding for exploration rights in Iraq, all but one was hacked. Again the finger of suspicion pointed to China."

The alleged Chinese state hacking of energy companies suggests that computer hacking has moved well beyond being the preserve of teenagers using PCs in their bedrooms or even of criminal hackers trawling the internet for credit card details.

"We are no longer living in a world where malware is generally written by spotty faced teenage geeks," says Graham Cluley, a senior technology consultant at the internet security company Sophos.

Mr Titterington says hacking has been criminalised and is no longer the preserve of kids.

"In fact, it is the most lucrative form of crime around," he says. "The bulk of hacking is still to steal credit cards and financial information."

But he adds: "The real problem is that some of the hacking is now being driven by nation states. One suspects the Chinese. In the absence of any real proof, China still remains the number one suspect."

However, some security experts believe that hacking by government agencies such as the Chinese People's Liberation Army, believed to have a regiment of highly trained hackers, is only the tip of an iceberg of international espionage.

"It would be naive to think that companies are not using cybercrime-style hacking to gain intelligence," said Mr Cluley. "Using the internet is easier and safer than trying to insert people to physically steal information."

It is also believed that governments other than China are using the internet for purposes of industrial espionage.

"All countries including the UK are also collecting cyber intelligence in this way," Mr Cluley says. "In this age of government budget cuts, it would be remarkable if MI6, for example, were not taking full advantage of the internet's capacity for garnering information."

But the world of cyber espionage is filled with shadows, and even government agencies are often unsure of who is hacking into their IT systems or those of their national industries.

According to Mr Cluley, there is no firm evidence that the Chinese authorities are guilty of cyber espionage, despite the widespread allegations of hacking.

"We cannot be sure it was state-sponsored," he says. "There have been a number of similar cases in recent years and there were allegations that the Chinese People's Liberation Army or some other official arm of the government was responsible. But as there is no firm evidence to support the allegations, the hacking from China could just as well be the work of private citizens or even people based outside China."

There is also some industry scepticism regarding the reports that energy companies are unique in being targeted by the new breed of super-hacker. This form of industrial espionage may be far more widespread than is appreciated.

"It may not be that oil and gas companies are being as precisely targeted as the recently released findings might suggest," Mr Cluley says. "A lot of malware is written to have a scattergun approach and it could be that other companies are being affected as well. All companies should be aware of the potential dangers of this type of hacking."

McAfee also agrees that the threat from the new breed of cyber hacker may also be more far-reaching than previously assumed.

"Well co-ordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise,"McAfee said last week in a security white paper examining the alleged Chinese attacks.

"These targets have now moved beyond the defence industrial base, government and military computers to include global corporate and commercial targets,"McAfee said. "While Night Dragon attacks focused specifically on the energy sector, the tools and techniques of this kind can be highly successful when targeting any industry."

There is also evidence that cyberattacks of this kind have evolved to a state where no company in any industry is truly safe from electronic intrusions aimed not only at filching financial information but also at stealing business strategies.

"Our experience has shown that many other industries are currently vulnerable and are under continuous and persistent cyber espionage attacks of this type," McAfee said. "More and more, these attacks focus not on using and abusing machines within the organisations being compromised, but rather on the theft of specific data and intellectual property."

Corporate and state espionage on such an unprecedented scale will force all companies to guard their IT systems from malicious hacks designed to plunder not only cash but also their innermost corporate secrets.

BHP fears China, rivals have been spying, b9