Defence Firm QinetiQ Pillaged By Chinese Hackers

A British defence firm has been repeatedly targeted by Chinese hackers, which resulted in large-scale thefts of intellectual property and sensitive defence information from the company.

Indeed, for more than three years, hackers linked to China thoroughly compromised UK-based QinetiQ, according to reports of the attacks.

National Security

The long-running breach resulted in numerous visits from federal investigators from December 2007 until late 2010, according to Bloomberg News, which first reported the massive compromise. The incident, spelled out in emails leaked from security firm HBGary in 2011, resulted in large swaths of data on sensitive technologies – such as drones and military helicopters – getting transmitted overseas.

“The scary part of this particular type of intrusion is you are no longer talking about business interests and intellectual property, but about national security, and that raises the stakes quite a bit,” Alex Cox, principal research analyst for RSA’s FirstWatch incident response group.

The report is the latest evidence linking compromises at defence and critical-infrastructure companies to a Chinese group known as the “Comment Crew.” In February, incident response firm Mandiant released a report identifying the group as the source of more than 140 incidents of espionage investigated by the firm since 2006. The group is a part of the People’s Liberation Army known as Unit 61398, Mandiant said.

It’s one of several espionage groups backed by nation-states known within defence and security circles as specialists in advanced persistent threats (APTs). In January, the New York Times and the Wall Street Journal revealed that hackers thought to be from China had compromised their networks.

The widespread attacks on sensitive corporate and government organisations had top US cyber officials ranking the threat above terrorism, in terms the threat posed to US interests. In March, the Director of National Intelligence and the head of the US Cyber Command both warned of the danger of the ongoing espionage.

QinetiQ Attacks

In the recently reported incident, QinetiQ suffered a number of attacks over three years. A July 2010 report, leaked from security firm HBGary by hacktivists linked to Anonymous, discussed two of the attacks that resulted in the compromise of at least 71 systems – about 3.5 percent of systems investigated.

Among the tools used by the hackers to control compromised systems was a remote access Trojan (RAT) known as “lprinp.dll,” the report stated.

“It is a well known and used variety of malware that is customised and built from source code (that is, not an attack toolkit/generator),” the report stated. “HBGary believes this malware strain to be tightly coupled to a Chinese hacking group that targets the DoD and its contractors. HBGary has code-named this threat group as ‘Soysauce.’ This group is also known as ‘Comment Crew’ by some.”

The chain of compromises of QinetiQ’s network stretched back to December 2007, when the Naval Criminal Investigative Service contacted the company and notified them that two of their employees had lost information to hackers, according to the Bloomberg article. Over the next three year, the company called in a succession of security contractors but limited their investigations and failed to take adequate steps to stop the attacks, the report stated.

How well do you know Internet security? Try our quiz!

Originally published on eWeek.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

View Comments

  • It amazes me how even companies doing National Defence continue to keep using Windows even though it is, always has been, and probably always will be by far the most inherently insecure OS there is.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago