Tuesday, 8 March 2011

"Operation Night Dragon" - Chinese cyber attacks worrying West

China appears to be actively pursuing cyber attacks primarily against Western goverments and companies. The latest attacks are part of a campaign that is known as "Operation Night Dragon":

March 8, 2011: Network security experts throughout the West are calling the increasing number of attacks on corporate and government computer systems as operation "Night Dragon," and describe it as a major Chinese effort to grab as much valuable information as they can before Western defenses get stronger. China is the likely culprit because so many of the operations have been traced back to China, many of the hacking tools are known to be of Chinese origin, and so much of the information is particularly useful to Chinese companies, or the Chinese military. Moreover, China has refused to assist Western network security specialists and law enforcement efforts in getting access to the Chinese based servers that much of the information is being sent back to.

Read the entire article here

More on "Operation Night Dragon":

Chinese hackers working regular business hours shifts stole sensitive intellectual property from energy companies for as long as four years using relatively unsophisticated intrusion methods in an operation dubbed "Night Dragon," according to a new report from security vendor McAfee.
The oil, gas and petrochemical companies targeted were hit with technical attacks on their public-facing Web sites, said Greg Day , director of security strategy. The hackers also used persuasive social-engineering techniques to get key executives in Kazakhstan, Taiwan, Greece, and the U.S. to divulge information.

The attacks have been linked to China due to the use of Chinese hacking tools commonly seen on underground hacking forums. Further, the attacks appeared to originate from computers on IP addresses in Beijing, between 9 a.m. to 5 p.m. local time there, suggesting that the culprits were regular company employees rather than freelance or unprofessional hackers, McAfee said in its report.

Bloomberg recently reported that Exxon, Shell and BP are among the companies recently targeted by Chinese cyber attacks:

Computer hackers working through Internet servers in China broke into and stole proprietary information from the networks of six U.S. and European energy companies, including Exxon Mobil Corp., Royal Dutch Shell Plc and BP Plc, according to one of the companies and investigators who declined to be identified.

According to a US Department of Defense report published last year, the Pentagon is increasingly worried about the Chinese cyber war activities:

“However, developing capabilities for cyberwarfare is consistent with authoritative PLA military writings,” the report added, revealing US fears of China's focus in this area. The People's Liberation Army has already stated that cyberwarfare will be a primary focus of its renewed military programme over the next decade, stating that it wants to close the gap with the US, which is seen as the dominant player in the virtual battleground.

The report also uncovered knowledge of a Chinese digital spying system that affected over a hundred countries: “In March 2009, Canadian researchers uncovered an electronic spy network, apparently based mainly in China, which had reportedly infiltrated Indian and other nations’ government offices around the world. More than 1,300 computers in 103 countries were identified.”

The report highlighted PLA investment in electronic countermeasures, defences against electronic attack, and computer network operations (CNO). It revealed China's efforts to develop electronic and infrared decoys, angle reflectors, and false target generators, as well computer network attacks, computer network exploitation, and computer network defence.

If that were not enough, the PLA is also apparently working on developing viruses to attack enemy computers and networks, even devoting entire information warfare units for this single goal.
US worries about Chinese cyber attacks also feature in cables leaked through Wikileaks:
The US fears China is plotting internet warfare via private companies that are known to have recruited top hackers.
According to leaked cables, the state department is concerned about Beijing's close working relationship with two major providers of information security in China. The companies have hired experienced hackers, who include Lin Yong, aka Lion, who founded the Honker Union of China, a Chinese hacker group that emerged after the US bombing of the Chinese embassy in Belgrade in 1999 and launched a series of cyber attacks on US government-related websites.

No comments: