Britain's MI5: Chinese Cyberattacks Target Top Companies
The British government has openly accused China of carrying out state-sponsored espionage against vital parts of Britain's economy, including the computer systems of big banks and financial-services firms.
In an unprecedented alert, Jonathan Evans, the director-general of Britain's vaunted MI5 domestic intelligence agency, last week sent a confidential letter to 300 chief executives and security chiefs at banks, accountants and legal firms warning them that they were under attack by "Chinese state organizations."
It is believed to be the first time that the British government has directly accused China of involvement in Web-based espionage.
Such a blunt and explicit warning from Evans could have serious diplomatic consequences and cast a shadow over Prime Minister Gordon Brown's first official visit to China in his new position early next year.
A summary of the MI5 warning, a copy of which has been seen by The Times, was posted on a secure government Web site. It says that Evans wrote to business leaders "warning them of the electronic espionage attack."
The summary, on the Web site of the Center for the Protection of the National Infrastructure, says: "The contents of the letter highlight the following: the Director-General's concerns about the possible damage to UK business resulting from electronic attack sponsored by Chinese state organizations, and the fact that the attacks are designed to defeat best-practice IT security systems."
It adds: "The letter acknowledges the strong economic and commercial reasons to do business with China, but the need to ensure management of the risks involved."
Access to the site is limited to groups that form part of the country's critical infrastructure, which include telecoms firms, banks and water and electricity companies.
The document gives warning that British companies doing business in China are being targeted by the Chinese People's Liberation Army, which is using the Internet to steal confidential commercial information.
The Home Office, which supervises MI5, refused to comment Friday night on what it called leaked private correspondence. A spokesman for the Chinese Embassy in London said he was unaware of the allegations and that the embassy had not received any complaints from the British authorities.
Martin Jordan, a principal adviser at the Big Four accounting firm KPMG, who has seen the contents of the letter, said: "If the Chinese know that a British firm is trying to buy a company or other assets such as land in China, then they are using every means at their disposal to discover details such as exactly how much money the British company is prepared to spend for that asset."
Firms known to have been compromised recently by Chinese attacks include one of Europe's largest engineering companies and a large oil company, The Times has learned.
Another source familiar with the MI5 warning said, however, that known attacks had not been limited to large firms based in the City of London.
Law firms and other businesses in the regions that deal even with only small parts of Chinese-linked deals are being probed as potential weak spots, he said.
A security expert who has also seen the letter said that among the techniques used by Chinese groups were "custom Trojans," software designed to hack into the network of a particular firm and feed back confidential data.
The MI5 letter includes a list of known "signatures" that can be used to identify Chinese Trojans and a list of Internet addresses known to have been used to launch attacks.
A big study released last week by the computer-security firm McAfee warned that government and military computer systems in Britain were coming under sustained attack from China and other countries.
It followed a report presented to the U.S. Congress last month describing Chinese espionage in the U.S. as so extensive that it represented "the single greatest risk to the security of American technologies."
Ian Brown of Oxford University, one of the report's authors, said that attacks traced back to China have been found attempting to crack British government passwords.
The report identified China as the country most active in Internet-enabled spying operations and attacks, but says that 120 other countries are using the same techniques.
The Center for the Protection of National Infrastructure, one of several British bodies charged with protecting the country's computer systems, has described the threat posed by cyberattacks as enormous.
Defense departments across the globe are already rewriting manuals in anticipation of future digital warfare.
The U.S. has recorded 37,000 attempted breaches of government and private systems this year, and a new unit at the U.S. Air Force, staffed by 40,000 people, has been set up to prepare for cyber-war.
McAfee's Virtual Criminology Report found that attacks had progressed from initial curiosity probes to well-funded and well-organized operations to conduct political, military, economic and technical espionage.
Chinese subcontractors blamed for trojan horses
VIRUS: Investigators say the tainted Maxtor portable hard disc, made by Seagate, uploads information saved on the computer automatically to Web sites in Beijing
By Lin Ching-lin
STAFF REPORTERS Taipei Times
Monday, Nov 12, 2007, Page 2
Following findings by the Investigation Bureau that portable hard discs produced by US disk-drive manufacturer Seagate Technology that were sold in Taiwan contained Trojan horse viruses, further investigations suggested that "contamination" took place when the products were in the hands of Chinese subcontractors during the manufacturing process.
On Saturday, Seagate Technology LLC, the manufacturer of the Maxtor portable hard drive, said on its Web site (www.seagate.com) that Maxtor Basics Personal Storage 3200 hard drives sold after August could be infected with the virus.
Anti-virus software manufacturer Kaspersky Labs also issued a similar warning. The hard drive has been temporarily pulled off the shelves and is no longer available for purchase.
The Investigation Bureau said the tainted portable hard drives automatically upload any information saved on the computer to Beijing Web sites without the user's knowledge .
While investigating a Chinese subcontractor involved in the manufacturing process, Seagate found that a small number of drives were infected with the viruses. The company said the products from the problem factory had been scanned and all viruses had been eliminated, adding that all inventory would also be treated before the product was returned to stores.
Seagate did not disclose the stage in the manufacturing process where the Chinese subcontractor installed the Trojan horse.
Seagate recommended that all customers who had purchased the product install protective anti-virus software.
To this end, Seagate said that Kaspersky Labs would offer all Seagate customers a 60-day fully functional version of the Kaspersky Lab Anti-Virus 7.0 software for download and installation.
In September, the British online information technology magazine The Register published information saying that Kaspersky Labs had found a pre-installed virus named Virus.Win32.AutoRun.ah on Maxtor 3200 external hard drives sold in the Netherlands.
When the virus accesses software, it looks for gaming passwords and deletes mp3 files.
The publication asked Seagate to verify the information, but a company spokesperson said: "This scenario seems unlikely because the 3200 does not have any software preloaded on the drive so there is not an opportunity for a virus to be loaded. Yes, the drive is formatted, but I have never heard of a virus that lives in the master boot record."
The Register said that Kaspersky Labs believes the virus is installed as soon as a user installs the drive and double clicks on its icon.
I am convinced China is behind the rick rolling.. it only makes perfect sense..
I don't know why anyone puts up with that shit. We ought to SHUT THEIR SHIT DOWN for about a week to show them we can play that game too.
Those pushy bastards need to be shown that the rest of the world can AND WILL deal with them any time we want in any arena they want to fight in.
It'd be better to go ahead and show'em just a little of what we COULD do now so they don't get cocky and miscalculate and start something really bad.
WOW,That is timely.
My thoughts exactly. They are probing right now to see how we will respond. They arn't getting much in return, it's just going to get worse...
The bastards are probably licking their chops hoping Hitlery wins so they can pick up right where they left off when slick willie was in there.
The fact that Clinton isn't in jail or worse for what he gave / sold them just proves how totally fucked we really are.