Cyber attacks blamed on China
- 31 January 2013
- From the section China
The New York Times says hackers based in China "persistently" infiltrated its computer network over a period of four months in late 2012 and early 2013.
Repeated cyber attacks on foreign governments, companies and organisations have been traced to China over the past few years and the Chinese government has often been accused of backing them, either directly or by allowing them to go ahead. Analysts say the attacks often appear to be an attempt to gather information and protect China's image.
Beijing routinely denies state-backed hacking and says it is more a victim of hacking than the culprit. Many other countries are also believed to use cyber espionage.
Here are some of the major cyber attacks for which the finger has been pointed at China.
Operation Shady RAT
In 2011, internet security firm McAfee said it had uncovered one of the largest ever series of cyber attacks, targeting 72 different organisations over five years, including the International Olympic Committee, the UN and security firms. It did not name a culprit for the hack, dubbed Operation Shady RAT, but it was widely considered to have been China. Jim Lewis, a cyber expert with the Centre for Strategic and International Studies, said at the time it was "very likely China was behind the campaign because some of the targets had information that would be of particular interest to Beijing".
In 2009, suspicion fell on China when hackers broke into the computers of US defence firm Lockheed Martin and took large amounts of data relating to the Joint Strike Fighter, the most advanced warplane in the world. The Wall Street Journal said investigators had traced the attack with a "high level of certainty" to Chinese IP addresses, the unique number that identifies a computer.
In November 2012, drinks giant Coca-Cola said it had been the victim of a cyber attack for more than a month in 2009, Bloomberg news reported. Code in a malicious email, sent to an executive, allowed hackers to operate undetected, logging commercially sensitive information. The attack happened while the company was attempting to buy the China Huiyuan Juice Group for about $2.4bn (£1.5bn). The takeover collapsed, but had it happened it would have become the largest foreign takeover of a Chinese company.
In January 2010, Google said it had been subjected to a "sophisticated cyber attack originating from China". It said the email accounts of human rights activists were among those hacked. The allegations sparked a row between the search engine and the Chinese government over censorship and internet privacy, which prompted Google to move it's Chinese-language operations to Hong Kong.
Information contained in diplomatic cables leaked by Wikileaks showed that the US embassy believed senior Chinese politicians had been behind the attacks. They alleged that a politburo member ordered them after Googling his name and finding critical comments online.
In June 2011, Google said hackers based in China's Jinan province had compromised the personal email accounts of hundreds of top US officials, military personnel and journalists. China said that to blame it was "unacceptable".
Researchers in Canada announced in 2009 that they had been tracking a vast and sustained cyber attack they called Ghostnet for the past 10 months. Ghostnet was one of the largest hacks uncovered in terms of its geographic reach, infiltrating 1,295 computers in 103 countries, targeting computers belonging to foreign ministries and embassies and those linked with the Tibetan spiritual leader, the Dalai Lama.
While they traced Ghostnet mainly to computers in China, the researchers at Information Warfare Monitor made no direct link to the government and Beijing denied involvement.
The space agency was the victim of 47 cyber attacks during 2011. The most serious was traced to IP addresses in China and accessed computers in the Jet Propulsion Laboratory, which controls Nasa's robots in space. Nasa told the US Congress that the hackers had access to sensitive accounts, could create, delete and modify systems and accounts and upload hacking software. "In other words, the attackers had full functional control over these networks," it said.
The Korean Communications Commission blamed Chinese hackers for stealing data from 35 million accounts on popular social media sites in 2011. The hackers were believed to have stolen phone numbers, email addresses, names and encrypted information about users.
In June 2007, an infiltration of computers at the US Defense Department was blamed on Chinese hackers, with officials saying there was a "very high level of confidence... trending towards total certainty" that the military was behind it, the Financial Times reported. The attack forced the Pentagon to take down its network for a week, although they US said most of the data taken were unclassified. China said the allegation was "totally groundless", the phrase it has routinely used in such circumstances.
The New York Times said it was hacked for four months, though for most of that time it was tracking the hackers through its systems to try to understand what they were doing and how to get rid of them. The paper said the attacks began while it was preparing a report which alleged that the family of Chinese Premier Wen Jiabao had vast hidden wealth, and intensified afterwards, apparently looking for names of sources.
The Times said the attacks bore the hallmarks of previous Chinese hacks, including being routed through the same university computers.
Richard Bejtlich, the chief security officer of the firm hired to investigate, said that if each attack was viewed in isolation it was hard to say with certainty that China's military was to blame.
"When you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction," he said.
In April 2012, Boxun.com - a website based in the US which had reported extensively on the scandal involving senior Chinese politician Bo Xilai - said it was crippled for several hours by a concerted hacking attack. The origin of the attack was not clear but the site's manager Watson Meng was quoted as saying he believed it was ordered by China's security services.