Friday, January 15, 2010

China's govt behind cyberattacks, report says

The cyberattacks which targeted Google's Gmail services and over 30 other companies were initiated by the Chinese government, a report says. VeriSign's iDefense security lab has published a report with technical details concerning the attack which prompted Google to announce they would no longer censor its search results and might pull out of China altogether. 

Google said that the intrusion attempt originated from China and was executed with the goal of obtaining information about political dissidents. However, the company stopped short of pointing the finger at the Chinese government. Citing sources in the defence contracting and intelligence consulting community, the iDefense report unambiguously declares that the Chinese government was behind the effort. The report also says that the malicious code was deployed in PDF files that were crafted to exploit a vulnerability in Adobe's software. 

"The source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof," the report says. The researchers determined there were significant similarities between the recent attack and a seemingly related one that was carried out in July against a large number of US companies. Both attacks were apparently managed through the same command-and-control servers, iDefense say. 

"The servers used in both attacks employ the HomeLinux DynamicDNS provider, and both are currently pointing to IP addresses owned by Linode, a US-based company that offers Virtual Private Server hosting. The IP addresses in question are within the same subnet, and they are six IP addresses apart from each other," the report says. "Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July."

If the report's findings are true it suggests the Chinese government has been engaged for months in a massive campaign of industrial espionage against US companies. It adds to a growing wealth of data that point to increased industrial and political espionage carried out by Chinese authorities. Last November the USCC released an in depth report concerning cyberattacks and hacking attempts coming from China [PDF].

Adobe has disputed the claim that their software was responsible in helping expedite the attacks. In a statement they say, "We are continuing our investigation into the incident, but to date, none of the work done by Adobe or any third party has uncovered evidence to indicate that Adobe technology was an attack vector." [Adobe] Security software firm McAfee suggest that the attack used exploits existing in Internet Explorer. "In our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer," George Kurtz, writes on the McAfee blog.

Internet web hosting company Rackspace has confirmed it was one of several companies targeted by the cyberattacks and the Washington Post says that Dow Chemical and Northrop Grumman were also targeted. Meanwhile Microsoft have confirmed that a vulnerability in Internet Explorer may have been to blame [Computerworld]. 

China consistently evade the issue or deny they have any involvement in such attacks. Following the announcement by Google this week, reports in Chinese media failed to mention the hacking attempts. An official response was also slow in coming. The first report of the news was published by Xinhua around 10 hours after Google had posted its statement. The report said China was "seeking clarification" from Google and quoted an unnamed official from China's State Council Information Office as saying, "It is still hard to say whether Google will quit China or not. Nobody knows." The post also said staff at Google were worried about their future. Citing another anonymous individual they quoted the person as saying, "We were told that Google might quit China at a general meeting Wednesday morning, and all of us feel very sad." [Xinhua]

The next day, the Foreign Ministry spokeswoman Jiang Yu, insisted China's Internet was "open" and said that "cyber crime" was illegal in China. "China's Internet is open," Jiang said. "China has tried creating a favourable environment for Internet," she said in response to a question on Google's possible retreat. "China welcomes international Internet companies to conduct business within the country according to law," she said. "China's law prohibits cyber crimes including hacker attacks." [Xinhua]

The statement seemed somewhat incongruous given so many foreign services are blocked by Chinese censors. There has been growing uncertainty over the future of the country's Internet in the last few weeks. New rules set by the MIIT [Ministry for Industry and Information Technology] have raised concerns that China may retreat from the world wide web and become a vast Intranet [FT]. The most recent tightening was an announcement by the MIIT last month that it would start requiring all websites to register their domain names with the government. "Domain names which are not registered will not be resolved or transferred," the ministry said on 15th December. It is not yet clear how fully the regulators intend to implement the new rule. But strict enforcement would amount to creating a list of "allowed" websites inside China. It might even lock out all foreign content on domain names registered in other countries. "The Chinese are being kept in the internet's stone age," said Xie Wen, a prominent Internet commentator.

Jeremy Warner, assistant editor at the Daily Telegraph, says that China's stance is beginning to concern more than a few 'netizens' and expats who can't access Facebook and social networking sites. "Google's experience should serve as a warning to all companies and nations drooling in anticipation at the growth opportunities apparently afforded by the Chinese market," he says in a blog published on Wednesday. "The trouble with doing business in China is that it's all take and no give." Warner claims many Western firms struggle to make money in China, and says "respect for intellectual property rights and most other conventions of the free market economy is about zero."

It is still unclear whether Google will follow through on its threat to leave China. What is clear is that there is growing resentment of the way China does business with the West.

tvnewswatch, Beijing, China

No comments: