A recent report in Der Spiegel, a prominent German weekly newsmagazine, detailed a sustained campaign of Chinese cyber espionage against the German government. According to the report, German intelligence officials discovered the intrusions in May 2007 and were able to prevent the theft of 160 gigabytes of data (source).
Chinese Denials
Predictably, the Chinese government has denied these allegations and labeled the charges as, “irresponsible speculation without a shred of evidence.” In a somewhat more conciliatory but equally evasive tone, China’s Premier Wen Jiabao said, “we in the government took (the reports) as a matter of grave concern. Hackers breaking into and sabotaging computers is a problem faced by the entire world (source).”
Other Attacks
While China has denied the allegations of espionage, it is worthwhile to note that the cyber attacks described against the German government are similar to an ongoing series of cyber attacks against the US government dubbed “Titan Rain” and attributed to China by US officials investigating the espionage campaign. The following US government agencies have been targeted during the “Titan Rain” attacks:
• The US Naval War College (Previous Report)
• The US State Department (Previous Report)
• The US Department of Energy (Previous Report)
• The US Commerce Department (Previous Report)
• The US Department of Defense (Previous Report)
Similar Methods
The cyber attacks against the German government were triggered by spear-phishing emails with infected Microsoft Word and PowerPoint documents. A spear-phishing email uses social engineering techniques to convince the targeted user to open the email and attachment. When German government employees opened these attachments a Trojan Horse was installed and silently stole data from the infected network.
It is widely believed that many of the “Titan Rain” attacks against the US government made use of the same tactics (Previous Report). Of note, the British government has also suffered from similar phishing attacks that appeared to originate from “East Asia” (Previous Report).
Widening Scope
As more countries are targeted and the scope of the above cyber espionage continues to grow in the public record, it becomes evident that
• A campaign on such a large scale likely requires the resources of a nation-state to sponsor and coordinate.
• China is unlikely to abandon its campaign of cyber espionage against its rivals and allies due to the low risks and high rewards of the attacks.
As a result, it is imperative that the US government ensures the confidentiality, integrity, and availability of the sensitive information stored on its digital networks lest that information continue to be compromised in an ongoing campaign of cyber espionage by a rival nation-state.