China Implicated In Hack Of French G20 Files

The French finance ministry has been targeted by hackers using Internet addresses in China, in a cyber attack aimed at stealing files on the G20 summit held in Paris in February.

Budget minister Francois Baroin said that an investigation into the incident is underway, and that the government is following up leads. The claims were first revealed by Paris Match magazine, which said that more than 150 computers at the finance ministry were affected last year.

“What was targeted, it seems, was the organisation of the G20,” Baroin told Europe 1 radio. He confirmed that the details of individual French taxpayers had not been compromised.

Professional hackers

Patrick Pailloux, director general of the French National Agency for IT Security, told the magazine that the perpetrators were professional, determined and persistent. “It is the first attack of this size and scale against the French state,” he said.

According to David Harley, senior research fellow at ESET, the attack was most likely to have been carried out with targeted Trojans, using information specific to the organisation and even to targeted individuals, to persuade them to open a malicious attachment.

“This could be a program file passed off as something else, or embedded in or attached to a document (e.g. a spreadsheet or PDF),” Harley told eWEEK Europe. “These are common spear-phishing techniques used in espionage, often using a known vulnerability or even a zero-day in order to increase the likelihood of the malicious object being opened/executed.”

There is no evidence that the Chinese government is responsible for the hack, but Paris Match quoted an anonymous official as saying that “a certain amount of the information was redirected to Chinese sites”.

Harley explained that, although the Chinese connection has not been proved, there are hacker groups in China specialising in this sort of attack and claiming to be funded – directly or indirectly – by the military and/or government.

China denies hacking

The Chinese government has consistently denied supporting hacking, despite several high-profile incidents involving Google, Morgan Stanley and Yahoo, among others. At the end of last year it was revealed by the Ministry of Public Security that hundreds of computer hackers had been arrested in China in 2010, as part of a large-scale crackdown on cyber crime.

“Currently the situation regarding cyberattacks in China is still extremely grim, and hacking attacks domestically are still widespread,” the ministry said in a statement.

State media in China warned at the time that military commanders should be seriously considering how to tackle the challenge of information and Internet security, and deal with the issue of cyberwarfare.

In this case it is thought that China may have wanted to get its hands on a list of targets drawn up at G20 for reducing imbalances in the global economy. The Chinese government had resisted calls at the summit to target exchange rate valuations, currency reserves and economic surpluses.