Finnish state and armaments industry targeted by online espionage
Viruses sent in e-mails from Chinese server
|
|
|
The Finnish state and companies operating in the weapons industry have been targeted by online espionage.
The snooping has involved concentrated attacks, in which one or more employees have been sent an e-mail message containing a computer virus, which has allowed the attacker to use the Internet connection to download information that the employee has access to from the infected computer. The virus has also given the cyber-spies access to networks protected by passwords.
The Finnish Security Police (SUPO) is not giving out more details on which computers have been attacked, the degree of success of the espionage, or what information the snoopers have gained access to.
“The targets were state institutions dealing with foreign relations, as well as enterprises in the defence industry”, says systems expert Mari Kononow.
The first targeted attacks took place in 2004, when two attempts at espionage were uncovered.
“Since then, the number of attempts has constantly increased. The number of cases uncovered in the early part of 2008 is already greater than in the whole of the previous year”, Kononow says.
SUPO will not disclose the exact number of cases it has knowledge of, for operational reasons.
Some of the espionage attempts have been traced to a Chinese server.
“The modus operandi has been similar, and has developed. The traces in all cases lead in the same direction”, Kononow says.
Online espionage is organised, skilful, and well-funded, says Mikko Hyppönen, head of research at the data security company F-Secure.
The fact that the targeted attacks have been traced to China does not necessarily mean that the spies are Chinese.
“If the attacker is smart, as he or she undoubtedly is, the attack can be made to look like it’s coming from China”, Hyppönen says.
In a typical targeted attack, an employee will get an e-mail, which appears to come from a colleague or family friend. The message may concern a real matter, such as the agenda of an upcoming meeting, for instance.
The message will have a seemingly safe Word, Exel, or PDF file as an attachment, which actually contains a virus programmed for that specific attack. Antivirus software is generally powerless against viruses programmed for a one-off attack.
The virus causes no damage to the computer, and remains unnoticed by the user. The purpose is simply that of gathering secret information.
Such an operation requires weeks or even months of advance surveillance, because the message aimed at luring the victim to open the mail needs to be credible.
Hyppönen says that the victim is chosen in such a way as to gain access to large amounts of data.
The most complicated and most meticulously prepared attacks in the world have targeted small human rights organisations.
The choice of targets might be seen to reveal something about the spy. The victims are often groups calling for a free Tibet, or supporters of the Falun Gong movement.
The US State Department and the American armaments industry have also been targeted by thousands of similar attacks.
The US administration has blamed the attacks on Chinese nationalist hackers, whose activities the Chinese government is reluctant to interfere with, even though it is known to keep close tabs on Internet use within China.
There have even been claims that Chinese hackers were behind the massive power outages that struck the United States in 2003 and earlier this year.
China has repeatedly denied any involvement in online espionage.
One well-documented case of orchestrated cyber-attacks against state infrastructure was in Estonia last spring, when the country's banks, police stations, and government offices were struck in the wake of the dispute over the removal of a Soviet war memorial in Tallinn.
Previously in HS International Edition:
Virtual harassment, but for real (8.5.2007)
Helsingin Sanomat
|
| 11.6.2008 - TODAY |
Finnish state and armaments industry targeted by online espionage
|
|
