Tuesday, August 28, 2007

Germany v China

Thanks to the Dark Reading story
China's Premier 'Gravely Concerned' by Hack on Germany
I learned of recent digital economic espionage conducted by China against Germany. I found the most authoritative reference on the event to be published by the magazine that broke the story, which is currently running an article titled Merkel's China Visit Marred by Hacking Allegations:

German Chancellor Angela Merkel was all smiles after meeting Chinese Premier Wen Jiabao on Monday, praising relations between the two countries as open and constructive.

But her visit has been marred by a report in SPIEGEL that a large number of computers in the German chancellery as well as the foreign, economy and research ministries had been infected with Chinese spy software. Germany's domestic intelligence service, the Office for the Protection of the Constitution, discovered the hacking operation in May, the magazine reported in its new edition, published Monday...

The so-called "Trojan" espionage programs were concealed in Microsoft Word documents and PowerPoint files which infected IT installations when opened, SPIEGEL reported. Information was taken from German computers in this way on a daily basis by hackers based in the north-western province of Lanzhou, Canton province and Beijing. German officials believe the hackers were being directed by the People's Liberation Army and that the programs were redirected via computers in South Korea to disguise their origin.

German security officials managed to stop the theft of 160 gigabytes of data which were in the process of being siphoned off German government computers. "But no one knows how much has leaked out," a top official told SPIEGEL.

The hacking operation has triggered fears in Germany that China may also have infiltrated the computer systems of leading German companies, to steal technology secrets and thereby speed up its inexorable economic growth. The domestic intelligence service plans to help businesses hunt for spy programs in their computers.

China's Foreign Ministry spokesperson had this official comment:

Q: German media reported that German government computers were attacked by Chinese hackers. What's your comment?

A: The Chinese Government has always opposed to and forbidden any criminal acts undermining computer systems including hacking. We have explicit laws and regulations in this regard.

Hacking is an international issue and China is also a frequent victim. China has established a sound mechanism of cooperation with many countries in jointly countering internet crimes. China is willing to cooperate with Germany in this regard.

I find it interesting that the Germans are willing to directly confront this problem in public.


Stefan said...

I'd rather say that this is a carefully calculated release of information in order to create an expected political situation. Obviously the Chinese officials will never admit knowledge of things like this, but it could increase pressure on them to react in a certain way.

Anonymous said...

Yes China "cooperates". Right. But a well timed campaign about China's goals and practices I think may be helpful.......do we need all of our business there? Even after they have stolen large amounts of data?

Carsten said...

From last year:
Hackers breached US State Department security

Rob Lewis said...

Just read Ira Winkler's Spies Among Us to find out the orchestrated efforts by China to place agent plants inside all major western companies.

In order to get contracts with China, companies must agree to take on so many Chinese graduates. Some without doubt are there to spy, but which ones? Since they are authorized users, how does one govern what data they may access and how it is used? This is where fine-grained access and auditing control at the data file level comes into play.

Mr. Mike said...

I love how they always say, "...always opposed to and forbidden any criminal acts undermining computer systems including hacking."

What about State sponsored versus criminal? They didn't say they were against those. :-)

Dave Funk said...

this wouldn't sound like the problems that the Department of Defense had with another country with a Peoples Liberation Army would it?

Security4all said...

As a followup: German constitutional protection authorities foresee "secret service procurement offensive"

He also stated that the Iranian secret service was actively attempting to gain access to high tech blueprints in North Rhine-Westphalia. "The targets are primarily weapons technologies and know-how for their nuclear program," opined Möller.