The number of computer attacks from China – some of which use Chinese government websites to download malicious code – has risen sharply in recent months, say private cyber-security specialists.
They say a rise in Chinese activity led Jonathan Evans, director-general of MI5, Britain’s security service, to write last week to the heads of British companies and banks, warning that sensitive commercial data could be at risk from hacking by Chinese state agencies.
Private security specialists have noted a sharp rise in attacks from China that infect computers with so-called trojans to collect data from users. This information is fed back into sites, also based in China, which then refine the attacks.
Yuval Ben-Itzhak, chief technology officer for Finjan, a web security group with headquarters in San Jose, California, says his company is in the middle of a study into new hacking techniques that has found “a centralised group of activity based from China”.
“In the last three months, the attacks [from China] have almost tripled,” he said.
The attacks use infected websites that download trojans and then install them on users’ computers. These then feed data to other websites, which monitor the attack and can refine it to secure desired information. Some use new and sophisticated techniques, including malware for which there is no security patch.
Mr Ben-Itzhak said his company had identified a number of Chinese government websites that included malicious code that downloaded trojans on to users’ computers. These included pages on websites of the Economic Committee of Shanghai City, the GuanYang Municipal Office in Sichuan province and the Xincheng Environmental Protection Office in Xian City, Shaanxi province. Harvested information is fed to Chinese-based sites including www.126.com and www.ip369.net.
Owners of websites do not necessarily know their sites are infected.
The attacks do not require users to visit the site concerned. Trojans can be downloaded from other sites – including social networking sites such as MySpace – which contain links to the infected sites.
On Wednesday, Yang Jiechi, China’s foreign minister, denied his government supported computer hackers targeting UK companies. He said hacking was prohibited by Chinese law and that government websites also suffered attacks from hackers.
“Certain reports, about attempts by government agencies to engage in espionage by hacking, are totally baseless,’’ he told an audience at London’s Chatham House think tank.
Private experts say they cannot tell whether hackers are government-sponsored or not, though they assume UK intelligence services have access to other sources that allowed Mr Evans to be explicit in his reference to espionage by Chinese state agencies.
Security specialists say Chinese intelligence-gathering officially is carried out either by the third department of the general staff of the People’s Liberation Army or by the Ministry of State Security.
Private security experts said Mr Evans’s letters were prompted in part by a surge in more targeted attacks at UK enterprises. The letters followed briefings earlier this month to cyber-security experts at Britain’s Centre of the Protection of National Infrastructure, which Mr Evans oversees.
The letters have also been sent to law and accountancy firms linked to banks.
Martin Jordan, principal IT adviser at KPMG, said hackers seeking commercial information often targeted third parties with more lax security.
So while a bank working on an acquisition, for example, could have sophisticated cyber-defences, the computers of a law firm with which it shared this sensitive information might well be easier to infiltrate.
He said many business people used websites such as Facebook, where they disclosed home e-mail accounts and other potentially useful data to hackers seeking commercial information.
Get alerts on Global Economy when a new story is published