The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission. 

Chinese hackers linked to G20 spying, targeted five European countries

A private security firm has presented evidence of hacking to the FBI but has not linked the attacks to the Chinese government

James Vincent
Tuesday 10 December 2013 18:09 GMT
Comments
French President Francois Hollande and Chinese President Xi Jinping at the G20 Summit in St. Petersburg, September 5, 2013.
French President Francois Hollande and Chinese President Xi Jinping at the G20 Summit in St. Petersburg, September 5, 2013.

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Chinese hackers are allegedly responsible for computer breaches at five European foreign ministries prior to this year’s G20 summit in September, according to independent research by computer security firm FireEye Inc.

A report released by the firm explains how government staff members were tricked into downloading malicious files masquerading as reports and documents, with such as “US_military_options_in_Syria”. Instead, these files contained malicious code that hijacked the recipients’ computers.

Although FireEye did not detail which nations were targeted, the New York Times has named the countries as the Czech Republic, Portugal, Bulgaria, Latvia and Hungary. Strings of the code and webpages used in the attack were written in Chinese.

FireEye researcher Nart Villeneuve told the paper that although the attack could not be linked to any specific groups or individuals within China, the operation appeared to be state-affiliated: “Unlike other groups, which tend to attack commercial targets, this campaign specifically targeted ministries of foreign affairs,” he said.

The filenames used by the hackers also indicate their intent to infiltrate government targets: the 5-6 September G20 conference was dominated by talk of the Syrian crisis, and files that purportedly reported on the situation were more likely to be downloaded.

The Californian-based FireEye has said that its researchers gained access to the “inner workings” of the computer server that acted as a base of operations for the hackers. From this location the individuals snooped on government computers, but FireEye says they lost track of the criminals just as they prepared to steal actual data.

The internet security company says it had been following the group of unidentified hackers for several years, naming the gang “Ke3Chang” after the title of a component in one of their computer viruses.

Previous operatiopns by the hackers included one during a summit meeting in Paris for G20 Finance ministers. This lured victims into downloading malware with promises that a file contained nude images of Carla Bruni, the French-Italian singer and wife of the French ex-President Nicolas Sarkozy.

“Beyond the fact they are Chinese, we don’t know who the attackers are or what their motivations might be,” Villeneuve told the New York Times.

FireEye say that they have reported the incident to the FBI, but neither American nor Chinese officials have yet to issue any official statement.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in