Germany v China

Thanks to the Dark Reading story
China's Premier 'Gravely Concerned' by Hack on Germany I learned of recent digital economic espionage conducted by China against Germany. I found the most authoritative reference on the event to be published by the magazine that broke the story, which is currently running an article titled Merkel's China Visit Marred by Hacking Allegations:

German Chancellor Angela Merkel was all smiles after meeting Chinese Premier Wen Jiabao on Monday, praising relations between the two countries as open and constructive.

But her visit has been marred by a report in SPIEGEL that a large number of computers in the German chancellery as well as the foreign, economy and research ministries had been infected with Chinese spy software. Germany's domestic intelligence service, the Office for the Protection of the Constitution, discovered the hacking operation in May, the magazine reported in its new edition, published Monday...

The so-called "Trojan" espionage programs were concealed in Microsoft Word documents and PowerPoint files which infected IT installations when opened, SPIEGEL reported. Information was taken from German computers in this way on a daily basis by hackers based in the north-western province of Lanzhou, Canton province and Beijing. German officials believe the hackers were being directed by the People's Liberation Army and that the programs were redirected via computers in South Korea to disguise their origin.

German security officials managed to stop the theft of 160 gigabytes of data which were in the process of being siphoned off German government computers. "But no one knows how much has leaked out," a top official told SPIEGEL.

The hacking operation has triggered fears in Germany that China may also have infiltrated the computer systems of leading German companies, to steal technology secrets and thereby speed up its inexorable economic growth. The domestic intelligence service plans to help businesses hunt for spy programs in their computers.

China's Foreign Ministry spokesperson had this official comment:

Q: German media reported that German government computers were attacked by Chinese hackers. What's your comment?

A: The Chinese Government has always opposed to and forbidden any criminal acts undermining computer systems including hacking. We have explicit laws and regulations in this regard.

Hacking is an international issue and China is also a frequent victim. China has established a sound mechanism of cooperation with many countries in jointly countering internet crimes. China is willing to cooperate with Germany in this regard.

I find it interesting that the Germans are willing to directly confront this problem in public.

Comments

Anonymous said…
I'd rather say that this is a carefully calculated release of information in order to create an expected political situation. Obviously the Chinese officials will never admit knowledge of things like this, but it could increase pressure on them to react in a certain way.
3:21 AM
Anonymous said…
Yes China "cooperates". Right. But a well timed campaign about China's goals and practices I think may be helpful.......do we need all of our business there? Even after they have stolen large amounts of data?
7:05 AM
Anonymous said…
Just read Ira Winkler's Spies Among Us to find out the orchestrated efforts by China to place agent plants inside all major western companies.

In order to get contracts with China, companies must agree to take on so many Chinese graduates. Some without doubt are there to spy, but which ones? Since they are authorized users, how does one govern what data they may access and how it is used? This is where fine-grained access and auditing control at the data file level comes into play.
11:59 AM
Anonymous said…
I love how they always say, "...always opposed to and forbidden any criminal acts undermining computer systems including hacking."

What about State sponsored versus criminal? They didn't say they were against those. :-)
4:05 PM
Anonymous said…
this wouldn't sound like the problems that the Department of Defense had with another country with a Peoples Liberation Army would it?
4:12 PM
Security4all said…
As a followup: German constitutional protection authorities foresee "secret service procurement offensive"
http://www.heise.de/english/newsticker/news/95236

He also stated that the Iranian secret service was actively attempting to gain access to high tech blueprints in North Rhine-Westphalia. "The targets are primarily weapons technologies and know-how for their nuclear program," opined Möller.
7:10 AM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti...
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technica...
Read more