Monday, March 7, 2011

G20 Data Targeted: PCs at French Ministry of Finance Infected with Spyware

Via -

The French Budget Minister, François Baroin, has confirmed a report by Paris Match magazine which said that his ministry fell victim to a cyber attack in December 2010. During the attack, 150 PCs were reportedly infected with spyware. The as yet unknown attackers appear to have targeted documents in connection with the French G20 presidency. The report said that although no official traces have been confirmed, there is evidence that the documents found their way to the unknown attackers via Chinese computers.

First evidence of an attack already appeared in January 2011. Since then, the French Network and Information Security Agency, Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), has been investigating the case. The report didn't state how the attackers compromised the PCs or which vulnerabilities were exploited.

Reportedly, other government ministries were also attacked, but without success. A similar attack on the G20 presidency was apparently already carried out last year when the Canadian Department of Trade and Commerce chaired the G20.

In total, over 150 computers in the ministry have been infiltrated through targeted spear-phishing emails containing a malicious attachment. First detected 2 months ago, it seems the investigators from the General Secretariat of Defense and National Security (SGDSN) were able to use a variety of lures to trace suspect exchanges between the compromised computers and some remote servers that were driving the attack. A Ministry senior official who wishes to remain unnamed added that some of the compromised data was redirected to sites in China.
Inevitably the finger of suspicion is likely to point towards China for the hacking attack, but I think it's dangerous to conclude that a hack was state-endorsed unless there's definitive proof.

The truth is that proving the origin of a hack attack is complicated by the fact that cybercriminals can use compromised PCs owned by innocent people to act as a go-between when trying to break into someone's computer. In other words - yes, a Chinese computer might have tried to connect to yours, but it may be under the control of someone in, say, Great Britain.

We'd be naive to think that the Chinese (and just about every other country around the world) isn't using the internet for its political, commercial and military advantage, but we should be very cautious about making assumptions without having all the proof in front of us.

No comments:

Post a Comment