DuPont Allegedly Hit By Chinese Attack

Stolen emails reveal that DuPont was another victim of the Operation Aurora attack carried out by Chinese hackers

Revelations from HBGary email keep on rolling in. The latest email identifies several more high-profile companies hit by attacks similar to Operation Aurora.

Email stolen from HBGary’s mail servers by hacktivist group Anonymous earlier this year revealed that the same Chinese hackers who had attacked Google as Operation Aurora had also targeted chemical company DuPont in late 2009. Bloomberg News examined some of the email stored on anonleaks.ch.

HBGary is a security forensics firm with a large number of both government and private-sector customers.

Operation Aurora

Google publicly disclosed in January 2010 that it had been under continued attack over a six-month period in 2009. It estimated about 200 companies were victims of Operation Aurora, although most have not identified themselves. The victims list includes Adobe, Intel, Juniper Networks, defense contractor Northrop Grumman and Dow Chemical. Last month, some HBGary email messages came to light identifying investment bank Morgan Stanley as another Aurora victim.

A DuPont internal investigation discovered some of its computers had been implanted with spyware during a business trip to China, wrote HBGary’s Rich Cummings in a 4 February email. The PCs had been stored in a hotel safe, Cummings said. DuPont felt the attacks were done by hackers who represented “people, organisations and countries that strive to do them harm”, Bob Slapnik, an HBGary investigator, wrote in an email.

DuPont was hit twice in a space of 12 months, the email showed. DuPont learned of the second attack from the Federal Bureau of Investigation on 9 December, 2010. After an investigation, DuPont executives concluded they were the target of a campaign of industrial spying, according to the email.

“They believe their bad guys are the Chinese who want to catch up and leapfrog them in the global marketplace,” Slapnik wrote.

The US State Department and intelligence agencies believe Aurora was sanctioned by the Chinese government, according to Diplomatic cables released by WikiLeaks. However, various Chinese officials have steadfastly denied any links. Wang Baodong, a spokesman for China’s embassy in Washington D.C., said China is a victim of hacking attacks and “the wrong target of unwarranted blame”.

Bloomberg News also examined other email from major companies such as Walt Disney, Sony, Johnson & Johnson and General Electric, which had been compromised as part of a wide-scale attack, although it wasn’t clear whether HBGary considered those attacks part of Operation Aurora. Email mentioning Sony, Johnson & Johnson and General Electric focused on the hackers’ techniques and less on what was taken or how deeply the attackers penetrated, according to the article.

Network breaches

There were over 60,000 email messages between HBGary and affected companies discussing the network breaches, and each decided not to disclose the network breaches publicly to regulators and investors.

Executives of attacked companies feared the intrusions would spark questions from investors and regulators about what was stolen, according to the email. US securities laws require companies to report events considered “material” to investors. The email messages do not appear to mention what attackers managed to take.

Many of the affected companies hired HBGary to investigate network breaches.