Language Selection

English French German Italian Portuguese Spanish

China 'using worms to steal trade secrets'

Filed under

Cyberspace is becoming a new battleground for the US and China, amid growing concerns about Chinese industrial espionage through various types of computer worms, security professionals claim.

At least one trojan program used to steal files from infected computers has been traced to servers in China, providing further evidence that US companies may be targets, they say.

Security firms have long been concerned about various types of malicious software used to steal files or passwords. But some newer programs seem designed as a more sophisticated and targeted effort.

Joe Stewart, a researcher with the US security firm Lurhq, said that by reverse-engineering a recent PC worm known as Myfip, he found a clear connection to China.

"All the emails we've traced back with this particular attachment came from a single address in China," Stewart said, adding that it was "highly likely" that the program was used for espionage against US high-tech and manufacturing firms.

Stewart said the program appeared to have been originally developed as a way to steal student exam papers and then expanded so that it could now copy many types of documents, including computer-assisted drawings and Microsoft Word files.

Forbes magazine, which first reported the Chinese origin of Myfip, said the worm had been propagating by spam that activated the program when recipients clicked on attachments. Forbes said about a dozen versions of Myfip may have been in circulation and used to steal sensitive documents including mechanical designs and circuit board layouts.

Analysts point out that tracking attacks or malicious software can be tricky because the origins can be disguised.

But Marcus Sachs of SRI International, who also directs the industry-academic SANS internet Storm Centre that monitors cyberattacks, said the evidence against China is solid.

"I believe firmly that the Chinese are using tools like Myfip to conduct industrial espionage on the US and other industrial countries that have mature data networks," he said.

Sachs said the latest types of malicious software, or "malware," represent a new strategy by creators of the programs.

"Most of the credit card theft, money laundering and fraud is coming from Russia or former Soviet Union countries," Sachs said.

"The Chinese seem to be a bit more clever in covering their tracks and are more likely conducting covert raids for corporate secrets, rather than chasing money like their Russian organised crime counterparts."

But the techniques may not be limited to industrial espionage. Some analysts say similar malware may be targeting government agencies in a bid to steal other types of secrets.

The online newsletter SecurityFocus claims the wave of cyberattacks that hit Britain last month may have been part of an effort to obtain government documents from British and US agencies.

Britain's National Infrastructure Security Coordination Centre said last month that a series of trojan-laden email attacks were "targeting UK government and companies," in an apparent "covert gathering and transmitting of commercially or economically valuable information."

The June 16 warning did not specifically mention China but said most of the evidence pointed to computers in "the Far East."


More in Tux Machines

Openwashing (Fake FOSS)

Android Leftovers

Slackware Live Edition – Beta 2

  • Slackware Live Edition – Beta 2
    Thanks for all the valuable feedback on the first public beta of my Slackware Live Edition. It allowed me to fix quite a few bugs in the Live scripts (thanks again!), add new functionality (requested by you or from my own TODO) and I took the opportunity to fix the packages in my Plasma 5 repository so that its Live Edition should actually work now.
  • Updated multilib packages for -current
  • (Hopefully) final recompilations for KDE 5_15.11
    There was still some work to do about my Plasma 5 package repository. The recent updates in slackware-current broke several packages that were still linking to older (and no longer present) libraries which were part of the icu4c and udev packages.

Leftovers: Software

  • Resuming work on Yokadi
    A few weeks ago we started working again on Yokadi, our command-line oriented, todo list. We are now finally ready to release version 1.0. This new version fixes a few bugs but does not bring new features. This lack of new features is actually a conscious decision: we wanted to make changes under the hood, and doing changes under the hood at the same time as adding new features is often a recipe for disaster.
  • remctl 3.10
    remctl is a simple and secure remote command execution protocol using GSS-API. Essentially, it's the thinnest and simplest possible way to deploy remote network APIs for commands using Kerberos authentication and encryption.
  • rra-c-util 5.9
    A minor release of my C utility library, including some changes required for the previous release of pam-afs-session and the upcoming release of remctl.
  • Feeding Emacs
    For the past fifteen years, I have been tweaking my ~/.emacs continously, most recently by switching to Spacemacs. With that switch done, I started to migrate a few more things to Emacs, an Atom/RSS reader being one that's been in the queue for years - ever since Google Reader shut down. Since March 2013, I have been a Feedly user, but I wanted to migrate to something better for a long time. I wanted to use Free Software, for one.
  • ELKI 0.7.0 on Maven and GitHub
    Version 0.7.0 of our data mining toolkit ELKI is now available on the project homepage, GitHub and Maven.