Language Selection

English French German Italian Portuguese Spanish

China 'using worms to steal trade secrets'

Filed under
Security

Cyberspace is becoming a new battleground for the US and China, amid growing concerns about Chinese industrial espionage through various types of computer worms, security professionals claim.

At least one trojan program used to steal files from infected computers has been traced to servers in China, providing further evidence that US companies may be targets, they say.

Security firms have long been concerned about various types of malicious software used to steal files or passwords. But some newer programs seem designed as a more sophisticated and targeted effort.

Joe Stewart, a researcher with the US security firm Lurhq, said that by reverse-engineering a recent PC worm known as Myfip, he found a clear connection to China.

"All the emails we've traced back with this particular attachment came from a single address in China," Stewart said, adding that it was "highly likely" that the program was used for espionage against US high-tech and manufacturing firms.

Stewart said the program appeared to have been originally developed as a way to steal student exam papers and then expanded so that it could now copy many types of documents, including computer-assisted drawings and Microsoft Word files.

Forbes magazine, which first reported the Chinese origin of Myfip, said the worm had been propagating by spam that activated the program when recipients clicked on attachments. Forbes said about a dozen versions of Myfip may have been in circulation and used to steal sensitive documents including mechanical designs and circuit board layouts.

Analysts point out that tracking attacks or malicious software can be tricky because the origins can be disguised.

But Marcus Sachs of SRI International, who also directs the industry-academic SANS internet Storm Centre that monitors cyberattacks, said the evidence against China is solid.

"I believe firmly that the Chinese are using tools like Myfip to conduct industrial espionage on the US and other industrial countries that have mature data networks," he said.

Sachs said the latest types of malicious software, or "malware," represent a new strategy by creators of the programs.

"Most of the credit card theft, money laundering and fraud is coming from Russia or former Soviet Union countries," Sachs said.

"The Chinese seem to be a bit more clever in covering their tracks and are more likely conducting covert raids for corporate secrets, rather than chasing money like their Russian organised crime counterparts."

But the techniques may not be limited to industrial espionage. Some analysts say similar malware may be targeting government agencies in a bid to steal other types of secrets.

The online newsletter SecurityFocus claims the wave of cyberattacks that hit Britain last month may have been part of an effort to obtain government documents from British and US agencies.

Britain's National Infrastructure Security Coordination Centre said last month that a series of trojan-laden email attacks were "targeting UK government and companies," in an apparent "covert gathering and transmitting of commercially or economically valuable information."

The June 16 warning did not specifically mention China but said most of the evidence pointed to computers in "the Far East."

AFP

More in Tux Machines

Raspberry Pi powered juggling performance

Flashing pins are spinning tens of feet into the air on a pitch dark stage. It's a juggling performance. All of the pins are perfectly synchronized to flash different colors in time to the music. It's part of the magic of theater and a special night out with friends to enjoy a distraction from daily life. Part of the magic—and why it's called magic—is that the audience doesn't know how these secrets are made backstage. Read more

Munich Reversal Turnaround, Linus on the Desktop, and Red Hat Time Protocol

Monday we reported that Munich was throwing in the Linux towel, but today we find that may not be exactly the case. In other news, Linus Torvalds today said he still wants the desktop. There are lots of other LinuxCon links and a few gaming posts to highlight. And finally today, Red Hat's Eric Dube explains RHEL 7's new time protocol. Read more

NHS open-source Spine 2 platform to go live next week

Last year, the NHS said open source would be a key feature of the new approach to healthcare IT. It hopes embracing open source will both cut the upfront costs of implementing new IT systems and take advantage of using the best brains from different areas of healthcare to develop collaborative solutions. Meyer said the Spine switchover team has “picked up the gauntlet around open-source software”. The HSCIC and BJSS have collaborated to build the core services of Spine 2, such as electronic prescriptions and care records, “in a series of iterative developments”. Read more

What the Linux Foundation Does for Linux

Jim Zemlin, the executive director of the Linux Foundation, talks about Linux a lot. During his keynote at the LinuxCon USA event here, Zemlin noted that it's often difficult for him to come up with new material for talking about the state of Linux at this point. Every year at LinuxCon, Zemlin delivers his State of Linux address, but this time he took a different approach. Zemlin detailed what he actually does and how the Linux Foundation works to advance the state of Linux. Fundamentally it's all about enabling the open source collaboration model for software development. "We are seeing a shift now where the majority of code in any product or service is going to be open source," Zemlin said. Zemlin added that open source is the new Pareto Principle for software development, where 80 percent of software code is open source. The nature of collaborative development itself has changed in recent years. For years the software collaboration was achieved mostly through standards organizations. Read more