• Iranian Gmail users targeted on eve of election, Google says

    MOUNTAIN VIEW, Calif. -- Google said Wednesday that it has discovered and stopped a series of attempts to hack the accounts of tens of thousands of Iranian users in what the company believes is an attempt to influence the country's upcoming election.

    "For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns," Eric Grosse, the vice president for security engineering, wrote in a post on the company's blog.

    The phishing campaigns are originating in Iran, targeting users there and representing a big surge in the region's hacking activity. They are apparently tied to Iran's presidential election Friday, Grosse said.

    Slideshow: Everyday life in Iran

    At schools, in shops, and on the streets of big cities and small towns, daily life plays out in Iran.

    Launch slideshow

    "The timing and targeting of the campaigns suggest that the attacks are politically motivated," he said. He did not give further details.

    The relatively routine phishing attempts direct users to phony account maintenance pages where they are asked to give their username and password, Grosse said.

    Google Inc. said it used its Chrome browser to detect phishing efforts from what appears to be the same Iranian group in 2011.

    Iranians will vote Friday to find a successor to Mahmoud Ahmadinejad, who cannot run for a third term in office.

    The Associated Press

    Related stories:

  • Iran ups cyber attacks on Israeli computers: Netanyahu

    By Maayan Lubell and Jeffrey Heller, Reuters

    TEL AVIV — Israeli Prime Minister Benjamin Netanyahu accused Iran and its Palestinian and Lebanese allies on Sunday of carrying out "non-stop" cyber attacks on major computer systems in his country.

    He gave no details on the number of attacks but said "vital national systems" had been targeted. Water, power and banking sites were also under threat, he added.

    "In the past few months, we have identified a significant increase in the scope of cyber attacks on Israel by Iran. These attacks are carried out directly by Iran and through its proxies, Hamas and Hezbollah," he told a conference on cyber warfare in his country's commercial hub Tel Aviv.


    "Despite the non-stop attacks on us, you hear only about a few of them because we thwart most of them," he added.

    Netanyahu established a national cyber directorate in 2011 charged with protecting Israel's computer systems from disruption.

    Israel and the United States are widely believed to be behind a series of cyber attacks in recent years against an Iranian nuclear program they say is aimed at developing atomic weapons. Iran says its nuclear activities are peaceful.

    Two months ago, Israel said it weathered a pro-Palestinian cyber attack campaign against government websites. Israeli officials said those attacks briefly disrupted several sites and security protocols were updated in response. 

    Copyright 2013 Thomson Reuters. Click for restrictions.

  • Obama takes diplomatic tack on Chinese cyberespionage charges

    Jewel Samad / AFP - Getty Images

    President Barack Obama shakes hands with Chinese President Xi Jinping before their meeting Friday, June 7, in Rancho Mirage, Calif.

    By M. Alex Johnson and Matthew DeLuca, NBC News

    President Barack Obama sidestepped questions about cyberespionage linked to China, telling reporters Friday after meeting with Chinese President Xi Jinping that accusations against Beijing need further investigation.

    On a day when he had to defend his own government's collection of cyberdata, Obama said he and Xi had had a "very constructive conversation" on the first day of their weekend summit in Rancho Mirage, Calif.

    Earlier in the day, Obama defended the U.S. National Security Agency's collection of so-called metadata from telephone and Internet companies from strongly worded accusations that it amounted to unconstitutional secret spying on U.S. citizens.

    That made for a delicate situation Friday night as Obama spoke to reporters after an evening meeting with Xi.

    Obama said he and Xi agreed that it was important for China and the U.S. to come up with common rules on cybersecurity. But when asked about reports linking cyberattacks back to hackers associated with the government in Beijing, he said caution was needed because hacking often involved "non-state actors."

    Speaking through an interpreter, Xi said China also had major concerns over cybersecurity and had itself been the victim of hacking.

    President Xi Jinping is already being protested by demonstrators against China's crackdown on human rights, but the biggest issue dividing China and the U.S. may be cyber and intellectual property theft. NBC's Andrea Mitchell reports.

    Before the meeting, Obama insisted that addressing difficult issues like cyberespionage wouldn't scuttle a "new model of cooperation" between Washington and Beijing.

    Obama cited human rights and cyberespionage as "inevitable" areas of tension, but he said he hoped the casual setting under the desert palo verde trees at Sunnylands — the 200-acre estate built by late billionaire Walter Annenberg in Rancho Mirage — would foster an informal and "extensive" dialogue.

    While it is the leaders' first big meet and greet, it won't be all desert strolls and pink sunsets. Plenty of weighty issues are to be addressed over the two-day summit. Here's a guide:

    Cyber warfare
    Neither China nor the United States wants to get entangled in a computer-powered showdown, and either world leader might want to bring up some strategies to civilize the online battlegrounds of the future. The two countries have gone back and forth, each accusing the other of being the worst offender when it comes to digital misdeeds, and media outlets, including The Wall Street Journal and The New York Times, have run extensive reports on attacks against their publications that they say came from hackers in China.

    The head of China's Internet security agency said recently that he has "mountains of data" to demonstrate that hackers in the U.S. have targeted his country, Reuters reported. Blaming the government in Washington would not help resolve the issue, he said. The same week as Xi's visit, three members of Congress said they would introduce a bill to punish hackers who received support from the government of China or other foreign countries, like Russia.

    Any comparison made between activity by the U.S. and Chinese government in cyberspace is "nuts," said Tim Junio, a cybersecurity fellow at Stanford University's Center for International Security and Cooperation. "The main issue is China doesn't really acknowledge all the intellectual property theft as well as espionage that's happening from Chinese territory."

    North Korea
    Xi and Obama might be able to find some common ground on North Korea. Neither country has much to gain from rookie dictator Kim Jong Un's saber-rattling, like when he said he'd "settle accounts" with the U.S. and put rockets on standby in March.


    "For the first time, the areas of common interest between the U.S. and China are much more evident in China's declarations," said Orville Schell, director of the U.S.-China Relations at the Asia Society. "They're fed up. And they don't want some tin-pot dictator across their border messing life up for them, and they're now beginning to make utterances to that effect."

    North Korea has long depended on friendly relations with China, from whom it gets crucial food and other supplies. There may be limits to how far China will bend for its neighbor to the south, however.

    "We do not want to see chaos and conflict on China's doorstep," Chinese Foreign Ministry spokesman Hong Lei said in an April interview with NBC News.

    Trade
    The proposed $4.6 billion purchase of Smithfield Foods, a U.S. pork producer, by the Chinese company Shuanghui International raised some consumers' eyebrows recently, though officials from the company, which was founded in Virginia in 1936, said the acquisition won't affect the quality of the bacon on stateside breakfast tables.

    When it comes to trade and investment between the two countries, overreaction may be the worst possible response.

    "The biggest new challenge is Chinese investment in America. They have the money, and we need it," Schell said. "We are traditionally the most open economy in the world, and I think it's emphatically in our interest to welcome Chinese investment."

    Better trade relations between the two countries might also have positive effects for people of Chinese descent in the U.S. who may feel discriminated against because of China's growing influence in the global market.

    "A lot of people regard China as a threat or a potential competitor," Yong Chen, associate professor of Asian American studies at the University of California, Irvine, told The Associated Press. "Many people want China and the United States to have good relations so that Chinese-Americans will not be treated in a hostile manner."

    Reuters contributed to this report.

    Related:


    This story was originally published on Fri Jun 7, 2013 3:42 AM EDT

  • US-Chinese summit aimed at building a 'new type of great power relationship'

    By Ian Williams, correspondent, NBC News

    Marco Ugarte / AP

    Chinese President Xi Jinping and his wife, Peng Liyuan, wave upon their arrival in Mexico City on Tuesday. Xi was in Mexico for a three-day visit before heading to California to meet President Barack Obama.

    BEIJING — When Chinese President Xi Jinping and President Barack Obama meet Friday at Sunnylands, a desert retreat in California, the largely informal and unscripted summit is expected to be groundbreaking in U.S.-China relations. While previous official visits between Chinese and U.S. leaders have frequently been bogged down by stifling issues of protocol, they are meant to be largely absent this time.

    In China, Xi's willingness to forgo the formality of a state visit is being interpreted as a sign of his confidence and a more relaxed style, which he's adopted since becoming head of state in March (he was selected head of the Communist Party, a more powerful job, in November) — a marked contrast to his rather stiff and wooden predecessor, Hu Jintao, whose handlers obsessed over every minutia of summit diplomacy.

    The two leaders are expected to discuss a wide range of issues — from cyberspying to North Korea, with China looking to take credit for an apparent lowering of the rhetoric from Pyongyang — as well as territorial disputes in the South China Sea and the Middle East, human rights and the global economy. With an open agenda, the talks could range anywhere — and may be dominated by cybersecurity issues.

    But the goal of the two-day summit at the glamorous estate built by Walter H. Annenberg in Rancho Mirage is essentially about building what Chinese officials are describing as a "new type of great power relationship."

    Glam first lady
    Xi's more assertive and warm public attitude has been greatly aided by a glamorous and high-profile wife, Peng Liyuan.

    First ladies have never been prominent in China, kept in the shadows if seen at all. But before Xi became the Communist Party leader, his wife, a folk singer, was probably more famous. Some have dubbed her the "Carla Bruni of the East.”

    Her style and dress have become the talk of the media here and have sparked a frenzy online.

    "As a woman to represent Chinese women, people do feel quite pleased," Angelica Cheung, editor-in-chief of Vogue China, told NBC News. "I feel that way, too. Her tastes, particularly her clothes, have really won her a lot of new fans."

    Given the sensitivity around the wealth of China's elites, however, Peng seems to have shunned foreign luxury brands in favor of domestic designers. And China's censors have even been trying to contain discussion of her clothing on social media sites, according to The Wall Street Journal. 

    Reed Saxon / AP

    The Annenberg Retreat at Sunnylands, a conference center and desert garden adjacent to the Annenberg's Sunnylands mansion, that will host President Barack Obama and Chinese President Xi Jinping on June 7 and 8.

    Over the last few days, the media in China have been full of Peng with her husband on a charm offensive through Mexico and the Caribbean — joining a steel band in Port of Spain as it struck up one of her signature folk tunes about happy farmers.

    She's also being seen as the face of China's "soft power."

    She'll be with Xi in California, and there has been much anticipation here about her first encounter with Michelle Obama, although that will have to wait, since America's first lady will be staying in Washington — a decision that's provoked some groaning in China's social media.

    China on cybercrime: 'We're victims, too'
    With cyberspying expected to be at the top of the agenda, China has been rolling out hitherto obscure, unheard of or possibly nonexistent organizations to show that they is not the perpetrator of cybercrime, but rather "we're victims, too."

    On Thursday, it was the turn of one Qin An, described as a director of the China Institute of Cyberspace Strategy, who declared in the state-run Global Times that the two countries face a common threat.

    Earlier, in the China Daily, Huang Chengqing, director of the rather awkwardly named National Emergency Response Technical Team/Coordination Center of China (CNCERT), declared that China has "mountains of data" on cyberattacks coming from the U.S.

    While CNCERT appears to be a bona fide organization, it has operated largely in the shadows, does not have a listed address and did not respond to emailed requests for an interview.

    And a trawl through English and Chinese search engines finds no reference to An's institute whatsoever — apart from  the bylines for four articles he has written in the Global Times since April, one of them alleging a big U.S. conspiracy in cyberspace.  

    Phantoms or not, at least Beijing appears to have awakened to the seriousness with which Washington is taking the cybersecurity issue.

    But while there is no doubting there's a world of budding hackers out there threatening us all, Beijing has largely ducked the central U.S. accusation: that China has an official, organized and concerted cyberspying strategy aimed (and apparently quite successful) at stealing U.S. military and commercial secrets. 

    In an interview with NBC News, Gregory Gilligan, chairman of the American Chamber of Commerce in China, said more than a quarter of his members reported cyber-intrusion or other data theft.

    "It's quite possible it's the tip of the iceberg," he said. And most of the targets are in areas identified by Beijing as strategically important industries.

    Accusations of currency manipulation by China, which have dominated previous U.S.-China summits, have suddenly fallen far down on the agenda. The U.S. economy is on the rebound, and it's China that's now slowing.

    Gilligan calls cybersecurity "the new currency," taking over from the currency issue as the biggest point of contention between the two countries. He's worried it might drown out a host of other concerns and issues — and he may well be right.

    Related: 

  • Chinese hacked Obama, McCain campaigns, took internal documents, officials say

    Cyberattacks linked to the Chinese government will be at the top of the U.S. agenda when President Obama meets with Chinese president Xi Jinping Friday in California. Chinese officials deny any role in the cyberattacks, but U.S. experts say the 2008 attack was a "wake up call." NBC's Michael Isikoff reports.

    By Michael Isikoff, National investigative correspondent

    The U.S. secretly traced a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain to hacking  units backed by the People’s Republic of China, prompting  high level warnings to Chinese officials to stop such activities,  U.S. intelligence officials tell NBC News.


    The disclosure on the eve of a two-day summit between the U.S. and Chinese presidents highlights what has become a persistent source of tension between the two global powers: Beijing’s aggressive, orchestrated campaign to pierce America’s national security armor at any weak point – in this case the computers and laptops of top campaign aides and advisers who received high-level briefings.

    The goal of the campaign intrusion, according to the officials: to export massive amounts of internal data from both campaigns—including internal position papers and private emails of key advisers in both camps.

    “Based on everything I know, this was a case of political cyberespionage by the Chinese government against the two American political parties,” said Dennis Blair, who served as President Obama’s director of national intelligence in 2009 and 2010. “They were looking for positions on China, surprises that might be rolled out by campaigns against China.”

    The intrusion into the campaigns’ computer networks and subsequent efforts to penetrate them were highly sophisticated and continued for months after they were first detected by the FBI in the summer of 2008, according to the officials and an Obama campaign security consultant hired to thwart them. The intrusions and some details of what was targeted have been previously reported, but not publicly attributed to government-backed Chinese hackers.

    President Obama's 2008 campaign manager, David Plouffe, tells NBC's Michael Isikoff about the cyberattacks that infiltrated Obama's campaign. At the time, Plouffe said, Obama's reaction was one of surprise because there was no precedent for such an attack.

    Obama publicly referred to the attacks -- in general terms -- at a May 29, 2009, White House event announcing a new cybersecurity policy. “Hackers gained access to emails and a range of campaign files, from policy position papers to travel plans,” he said then.

    But neither the president nor his top aides publicly spoke about the identity of the hackers, or the depth and gravity of the attack.

    Officials and former campaign officials now acknowledge to NBC News that the security breach was far more serious than has been publicly known, involving the potential compromise of a large number of internal files. And, in one case, it included the apparent theft of private correspondence from McCain to the president of Taiwan.

    Cyberattacks by the Chinese are expected to be at the top of the president’s agenda this weekend. U.S. officials say that such intrusions – many of them traced to a unit of the People’s Republic of China in Shanghai – have gotten even more brazen since the 2008 campaign.

    Shawn Henry, president of CrowdStrike Services, tells NBC's Michael Isikoff there's "little doubt" the Chinese government has an aggressive electronic espionage program targeting the US government and the commercial sector.

    “There’s been successful exfiltration of data from government agencies (by the Chinese) up and down Pennsylvania Avenue,” said Shawn Henry, who headed up the FBI’s probe of the 2008 attacks as the bureau’s chief of cyberinvestigations. He is now president of Crowdstrike, a computer security firm.

    David Plouffe, Obama campaign manager, vividly recalls getting a phone call from Josh Bolton, then President George W. Bush’s chief of staff, in the middle of August 2008 alerting him to the intrusion and that the FBI was investigating the attack. “He said we have reason to believe that your campaign system has been penetrated  by a foreign entity,” Plouffe said in an interview.

    Within days, the campaign dispatched a computer security team from Kroll Advisory Solutions to Chicago to cleanse the campaign’s infected computers — including the laptops of senior staffers.   

    In retrospect, the attack seems simple. It was delivered by a “phishing” email – outlining the “agenda” for an upcoming meeting — that circulated among top staffers and  contained a zip file attachment with “malware,” a hidden malicious virus.

    But it was no ordinary virus, said Alan Brill, the senior managing director of Kroll Solutions. The malware was “as sophisticated as anything we had seen” and was part of what he called “an infection chain” that replicated itself throughout the Obama campaign’s computer system. It also was designed to stay buried in the computers for months, if not years, he said.

    He and his consultants were unable to determine precisely what had been compromised, but Brill says the bombardment of viruses by the attackers continued for months.  “It was like a firefight,” Brill said. “This was starting every day knowing that you didn’t know what they were going to throw at you.” 

    Trevor Potter, who served as general counsel to the McCain campaign, said he got a similar warning about the cyberintrusion during a briefing from U.S. law enforcement officials at campaign headquarters..  “They told us, ‘You've been compromised, your computers are under the control of someone else. You need to get off network’,” said Potter.

    In one incident that caused concern among U.S. intelligence officials, the Chinese hackers appeared to have gotten access to private correspondence between McCain, then the GOP presidential candidate, and Ma Ying-jeou, the newly elected president of Taiwan. On July 25, 2008, McCain had signed a personal letter — drafted on campaign computers — pledging his support for the U.S. –Taiwanese relationship and Ma’s efforts to modernize the country’s military. A copy of the letter has been obtained by NBC News. 

    But before the letter had even been delivered, a top McCain foreign policy adviser got a phone call from a senior Chinese diplomat in Washington complaining about the correspondence. “He was putting me on notice that they knew this was going on,” said Randall Schriver, a former State Department official who was serving as a top McCain adviser on Asian policy. “It certainly struck me as odd that they would be so well-informed.”

    A spokesman for the Chinese Embassy said officials were unavailable for comment because they were busy preparing for this weekend’s summit between President Obama and Chinese President Xi Jinping in California. But in recent weeks, Chinese officials have denied any role in cyberattacks against the U.S. government and private enterprise. “China opposes all forms of cyberattacks,” Zheng Zeguang, assistant Chinese foreign minister, said in a press briefing in Beijing last week.

    When the summit does take place this weekend,  hacking  by the Chinese is expected to be at the top of the president’s agenda.

    U.S. officials say that Chinese  intrusions have escalated in the years since, involving repeated attacks on U.S. government agencies, political campaigns, corporations, law firms, and defense contractors — including the theft of national security secrets and hundreds of billions of dollars in intellectual property.

    A recent report from a U.S. commission chaired by former Intelligence Director Blair and former U.S. Ambassador to China Jon Huntsman Jr., estimated that the theft of intellectual property – mostly from China – was costing the U.S. $300 billion a year.

    “It’s stealing of information and there should be outrage,” said Henry, the former FBI executive assistant director.  

    Previous warnings to the  Chinese about cyberattacks have been brushed off. The 2008 attacks, for example, prompted U.S. intelligence officials to sternly warn the Chinese that they had “crossed the line,” says one former senior U.S. official who was directly involved in the investigation.

    “We told them we knew what they were up to – and that this had gone too far,” said the former official.  Chinese officials listened politely and denied they had anything to do with the attacks on the campaign, the former official said.

    More from Open Channel:

    Follow Open Channel from NBCNews.com on Twitter and Facebook 

     

     

  • China labels US the 'real hacking empire' after Pentagon report

    Mark Ralston / AFP - Getty Images

    A Chinese paramilitary officer rides a scooter in Beijing on Wednesday. Beijing dismissed an annual Pentagon report that accused it of widespread cyberspying on the U.S. government, rejecting it as an "irresponsible

    By Sui-Lee Wee, Reuters

    BEIJING -- China on Wednesday accused the United States of sowing discord between it and its neighbors after the Pentagon said Beijing is using espionage to fuel its military modernization, branding Washington the "real hacking empire.”

    The latest salvo came a day after China's foreign ministry dismissed as groundless a Pentagon report that accused China for the first time of trying to break into U.S. defense computer networks.

    The Pentagon also cited progress in Beijing's effort to develop advanced-technology stealth aircraft and to build an aircraft carrier fleet to project power further offshore.

    The People's Liberation Army Daily called the report a "gross interference in China's internal affairs.”

    "Promoting the ‘China military threat theory’ can sow discord between China and other countries, especially its relationship with its neighboring countries, to contain China and profit from it," the newspaper said in a commentary that was carried on China's Defense Ministry website.

    The United States is "trumpeting China's military threat to promote its domestic interests groups and arms dealers,” the newspaper said, adding that it expects "U.S. arms manufacturers are gearing up to start counting their money.”

    The remarks in the newspaper underscore the escalating mistrust between China and the United States over hacking, now a top point of contention between Washington and Beijing.

    A U.S. computer security company, Mandiant, said in February a secretive Chinese military unit was likely behind a series of hacking attacks that targeted the United States and stole data from more than 100 companies.

    That set off a war of words between Washington and Beijing.

    China has said repeatedly that it does not condone hacking and is the victim of hacking attacks -- most of which it says come from the United States.

    "As we all know, the United States is the real 'hacking empire' and has an extensive espionage network," the People's Daily, a newspaper regarded as a mouthpiece of the Chinese Communist Party, said in a commentary.

    "In recent years, the United States has continued to strengthen its network tools for political subversion against other countries,” the article said.

    "Cyber weapons are more frightening than nuclear weapons," the People's Daily said. "To establish military hegemony on the Internet by repeatedly smearing other countries is a dangerous and wrong path to take and will ultimately end up in shooting themselves in the foot."

    Related links:

    Report: China snooping around Pentagon computers

    'Not based in fact': China angrily denies being behind widespread US hacking

    Analysis: As cyberthreat looms, here's what really matters

     

  • Cyber attack on South Korea said to come from Chinese address

    Handout / Reuters

    Employees of the Korean Broadcasting System (KBS) check computers as they try to recover a server of the company's network at main office of KBS in Seoul, on March 21.

    By Jack Kim, Reuters

    SEOUL - A hacking attack on the servers of South Korean broadcasters and banks originated from an IP address based in China, officials in Seoul said on Thursday, raising suspicions the intrusion came from North Korea.

    An unnamed official from South Korea's presidential office was quoted by the Yonhap news agency as saying the discovery of the IP address indicated Pyongyang was responsible for the attack on Wednesday.

    A previous attack on a South Korean newspaper that the government in Seoul traced back to North Korea also used a Chinese IP address.


    "We've identified that a Chinese IP is connected to the organizations affected," a spokesman for South Korea's Communications Commission told a press conference. 

    The attack brought down the network servers of television broadcasters YTN, MBC and KBS as well as two major commercial banks, Shinhan Bank and NongHyup Bank. South Korea raised its alert levels in response.

    Investigations of past hacking incidents on South Korean organizations have been traced to Pyongyang's large army of computer engineers trained to infiltrate the South's computer networks.

    "There can be many inferences based on the fact that the IP address is based in China," the communications commission's head of network policy, Park Jae-moon said. "We've left open all possibilities and are trying to identify the hackers."

    It took the banks hours to restore operations. Damage to the servers of the TV networks was believed to be more severe, although broadcasts were not affected.

    About 32,000 computers at the six organizations were affected, according to the South's state-run Korea Internet Security Agency, adding it would take up to five days to fully restore their functions.

    Earlier story: South Korea on alert after hackers strike banks, broadcasters

    North Korea has in the past targeted South Korea's conservative newspapers, banks and government institutions.

    The biggest hacking effort attributed to Pyongyang was a 10-day denial of service attack in 2011 that antivirus firm McAfee, part of Intel Corp, dubbed "Ten Days of Rain". It said that attack was a bid to probe the South's computer defenses in the event of a real conflict.

    North Korea last week said it had been a victim of cyber attacks, blaming the United States and threatened retaliation.

     

    Copyright 2013 Thomson Reuters. Click for restrictions.

  • South Korea on alert after hackers strike banks, broadcasters

    Several major South Korean banks and broadcast stations are stuck today after a cyberattack paralyzed their computer systems. Authorities have yet to resolve the hack.

    By Ju-min Park and Joyce Lee, Reuters

    SEOUL -- South Korean police were investigating a hacking attack on an Internet provider that brought down the servers of three broadcasters and two major banks on Wednesday, and the army raised its alert level due to concerns of North Korean involvement.

    The network provided by LG UPlus Corp. showed a page that said it had been hacked by a group calling itself the "Whois Team," an unknown group. It featured three skulls and a warning that this was the beginning of "Our Movement."

    Servers at television networks YTN, MBC and KBS were affected as well as Shinhan Bank and NongHyup Bank, both major financial institutions, police and government officials said.

    "We sent down teams to all affected sites. We are now assessing the situation. This incident is pretty massive, and it will take a few days to collect evidence," a police official said.

    Police and government officials declined to speculate on whether North Korea, which has threatened to attack both South Korea and the United States after it was hit with United Nations sanctions for its February nuclear test, was behind the cyberattack.

    North Korea has in the past staged cyberattacks on the world's most wired country, targeting conservative newspapers, banks and government institutions.

    South Korea's military said it was not affected but raised its state of readiness in response.

    None of South Korea's oil refineries, power stations, ports or airports was affected.

    The biggest attack by Pyongyang was a 10-day denial of service attack in 2011 that antivirus firm McAfee, part of Intel Corp, dubbed "Ten Days of Rain" and which it said was a bid to probe the South's computer defenses in the event of a real conflict.

    Shinhan Bank, one of the financial institutions affected, said its servers were back up by 4 p.m. local time (3 a.m. ET).

    Related:

    Full South Korea coverage from NBC News

    Full technology and science coverage from NBC News

    This story was originally published on Wed Mar 20, 2013 2:49 AM EDT

    Copyright 2013 Thomson Reuters. Click for restrictions.

  • Exclusive: Corporate victims of Chinese hackers speak out

    The former head of the CIA and NSA, Gen. Michael Hayden, says that China is launching cyberattacks against every sector of the U.S. economy. Most companies do not say much - if anything - about being hacked. But in an exclusive television interview with CNBC's David Faber, one victim describes how the cyber-attack unfolded before his eyes.

    By Anna Schecter
    Rock Center

    This article was originally published on Oct. 11 and was updated on Feb. 22, as more information became available.

    UPDATE: In a new report released this week, cyber-security firm, Mandiant, pinpointed exactly where some of the most sophisticated hackers in China are working – in or around a building that serves as a Chinese military unit's headquarters on the outskirts of Shanghai.

    This elite group of hackers has been dubbed the "Shanghai Group." They've struck 141 times since 2006 across all sectors of the U.S. economy.  This is the first time such a group has been tracked right to the doorstep of the People's Liberation Army.

    Two major United States newspapers, The New York Times and The Wall Street Journal, reported earlier this year that their computer systems have been repeatedly targeted by hackers based in China for the past several months.

    The New York Times said the attacks, which began in mid-September, were in response to a Times investigation of the relatives and family of China’s Premier Wen Jiabao. The Wall Street Journal simply stated that the infiltration was "for the apparent purpose of monitoring the newspaper's China coverage."

    This is not the first time cyber-attacks originating from China have been in the national spotlight. According to current and former intelligence officials at the highest levels of government, the Chinese have playing dirty in the international spy game for years.

    “This is stealing American wealth.  It's stealing American jobs.  It's stealing American competitive advantage,” General Michael Hayden, former head of the Central Intelligence Agency and the National Security Agency, said in an interview with NBC News.

    Hayden’s comment was echoed by a House Intelligence Committee report released on October 8, 2012 warning that two Chinese telecommunications companies, Huawei and ZTE, could be funneling sensitive information back to Beijing, and cautioned American carriers to avoid doing business with them.

    Intelligence Committee Chairman Mike Rogers, R-Mich., told NBC News that the Chinese have targeted every sector of the American economy.

    “Everything you can possibly imagine we have seen the Chinese make a concerted effort to steal that information and use it for their own economic advantage,” he said.

    That includes blueprints for the next generation of auto parts, formulas for pesticides and pharmaceuticals, and other information that makes American companies competitive in the global marketplace.

    Though the United States limits its espionage to national security interests, intelligence officials said, China has launched a well-organized campaign to steal American corporate secrets via the Internet.

    “I know states steal secrets. Our states steal secrets. And we're actually pretty good at it.  But we self-limit.  We steal things that are valuable and useful for your security, for your liberty and for your safety,” Hayden said.

    One of the first to find himself on the front lines of the economic cyber war with China at the corporate level was Brian Shields. He was a computer security specialist for Nortel, a giant Canadian telecommunications company.

    A success story from the early Internet age, Nortel made cell phone and computer network equipment. At its height, the company employed 20,000 people in the U.S.

    Shields said he first got wind of the Chinese in Nortel’s network in 2004.  An employee working in highly technical research and development saw some curious activity on a computer server.  His documents were being downloaded apparently by a senior executive named Brian McFadden, who worked in a completely different department.

    Shields said McFadden had not downloaded anything.  Instead, someone had hacked into the computer network using McFadden’s stolen password. Shields said he discovered that seven passwords had been stolen, including that of then CEO Frank Dunn.

    Though Shields could never determine who the individual hacker was, he was able to track the activity to servers in Shanghai and Hangzhou, China.

    In total more than 1,400 documents were stolen including product designs and valuable customer information, according to Shields.

    “They could know what companies we're buying, how much. They could know where we saw our future product. They could know where we saw our profitability,” he said.

    After the attack, Shields said he watched his company steadily lose business, while a competitor, Huawei, began to grow.  Nortel went bankrupt in 2009, while Huawei has become one of the world’s premiere telecommunications companies. Shields said he believes Nortel went under as a result of spying by companies like Huawei. 

    Most industry insiders say that Nortel was a victim of bad business decisions coupled with the burst of the Internet bubble.

    A spokeswoman for Nortel said the company responded appropriately to the 2004 attacks and “found no evidence of wide spread security issues.”

    Huawei has denied stealing from Nortel or any other company. In a statement emailed to NBC News, the spokeswoman said the company has "the highest respect for the intellectual property of others."

    In response to October 8th's House Intelligence Committee report, a Huawei spokesman said the accusations were based on rumors. The company defended its record as a member of the Fortune 500 list of the largest companies in the world.

    “For the past 25 years, we have held an upstanding record…We have been emphasizing that Huawei is committed to cooperating transparently with any and all government agencies who wish to carry out an open and impartial dialogue about our company and the products and services that have made us successful internationally,” read a Huawei statement responding to the report.

    Huawei has already sold equipment to a dozen small carriers in the U.S.

    The Huawei spokesman said company is a “partner to the U.S. high-tech industry” and “helps create jobs in the U.S.”

    ZTE released a statement saying that the company is China’s “most transparent, independent, globally focused, publicly traded telecom company.”

    Click here to read a full response from Huawei

    In response to this story, China’s Foreign Ministry Spokesman Hong Lei denied stealing from any corporations, adding that last year the Chinese helped international agencies address hundreds of cyber-attacks.   He said the Mandiant report linking attacks to the Chinese military was “unfounded” and “unprofessional.”

    “China is also a victim of cyber-attacks, and we take a firm stance on continuously playing an active role in international cooperation,” Hong Lei told NBC News.

    But top American brass said they are exasperated by China’s efforts to portray themselves as victims. Hayden said it is time to hold China accountable.

    “Don't treat me like a child.  We know what you're doing.  We have good evidence with regard to what you're doing.  And if you continue to do what you do actions will have consequences,” said Hayden.

    Rogers advocated that the White House make Chinese cyber espionage the number one issue in bilateral relations with China.

    “They do respond to embarrassment.  And we ought to embarrass them for being thieves of the research and development of the United States of America.”

  • 'Not based in fact': China angrily denies being behind widespread US hacking

    Carlos Barria / Reuters

    A Chinese People's Liberation Army soldier stands guard in front of 'Unit 61398,' a secretive Chinese military unit on the outskirts of Shanghai, on Tuesday. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.

    By Ed Flanagan, Producer, NBC News

    BEIJING -- China's military on Wednesday responded angrily to accusations by an American computer security company of systematic hacking of U.S. business and military interests, arguing it "lacked technical proof and was "not based on fact."

    In a statement published on the Chinese Defense Ministry's website in response to the controversial report by Mandiant Corp., the military denied the charges, arguing the data was not enough to connect the hacking to them.

    "The report, in only relying on linking IP address to reach a conclusion the hacking attacks originated from China, lacks technical proof," the ministry wrote in its statement, "Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis."

    The ministry also argued that there was no globally accepted definition of what constitutes hacking.

    NBC's Kristen Welker has more on what the White House may be planning to do about foreign agencies hacking into U.S. trade secrets.

    "There is still no internationally clear, unified definition of what consists of a 'hacking attack'. There is no legal evidence behind the report subjectively inducing that the everyday gathering of online (information) is online spying."

    The Defense Ministry said that China itself is a frequent victim of hacking, a common theme in China's rebuttal of accusations of foul play in cyberspace. The ministry said it had tracked a "considerable number" of attacks against its networks that originated in the United States, but it noted that those intrusions had not been used "as a pretext to accuse the U.S. side [of hacking]."

    The statement came a day after Mandiant released an explosive report, first detailed in a New York Times article, that tied a People's Liberation Army unit based in Shanghai to a prolonged and focused campaign of stealing corporate and defense trade secrets.

    According to Mandiant, the Chinese hacking unit, believed to be "PLA Unit 61398," employed hundreds, perhaps even thousands, of operatives to raid secure American servers, extracting trade secrets, blueprints, pricing data and other valuable information.

    In total, Unit 61398 was said to have pillaged hundreds of terabytes of information from 141 companies -- 115 of which were American -- representing 20 industries in a variety of fields including telecommunications and defense.

    The hackers reportedly used techniques such as "spear-phishing" -- using spoof e-mails to trick users into granting access to internal servers -- demonstrating a strong proficiency in English and advanced understanding of computer security and network operations.

    China pointed out that its Ministry of Public Security had assisted more than 50 countries and regions in investigating cybercrime cases and that the Beijing had entered into a number of bilateral law enforcement cooperation agreements with those countries to help combat hacking.

    The Mandiant report and the media maelstrom around it prompted Chinese state media to lash out at the hacking accusations, though the Chinese-language version of the New York Times story was still blocked in China.

    China's typically nationalistic newspaper, Global Times, said Beijing should be more vocal in exposing hacking attacks conducted against China.

    "Some officials have been punished for internally reporting that government websites have been hacked and secrets leaked, but almost no details have come out," the paper wrote.

    "The Americans really know how to talk this (issue) up. All China can do is concede defeat."

    Related: 

    Report: Chinese army tied to widespread U.S. hacking

    Congress urged to probe Chinese computer espionage

     

  • Report: Chinese army tied to widespread US hacking

    Carlos Barria / Reuters

    A general view of 'Unit 61398,' a secretive Chinese military unit on the outskirts of Shanghai on Feb. 19. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.

    By Ed Flanagan, Producer, NBC News

    BEIJING – A group of hackers linked to the Chinese military has stolen reams of sensitive data from more than 100 prominent American companies and organizations, according to an explosive new report.

    “The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them,” U.S. computer-security firm Mandiant Corp. said in a 74-page report released on Tuesday.

    The story was first reported by The New York Times.

    One group originating from China that Mandiant had been tracking since 2006 and identified in the study as “APT1” allegedly swiped data from 141 companies in 20 industries ranging from aerospace to telecommunications, according to the report. More than 110 of those companies were American, according to Mandiant.

    Mandiant said that the data suggests that the hacker group was either working for or sponsored by China’s People’s Liberation Army. Indeed, according to the organization’s information, APT1’s activity originated from a People’s Liberation Army cyberware division known as “Unit 61398.”

    “Our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources,” it said, according to the report.  “PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.”

    Mandiant said that the hacking originated from a drab 12-story office building on the outskirts of Shanghai. Hundreds, maybe even thousands, of operatives performed covert corporate espionage and extracted trade secrets, blueprints, pricing data and other corporate information from countless American servers from the innocuous tower, according to Mandiant.

    The Wall Street Journal and The New York Times reported on Thursday that Chinese hackers repeatedly penetrated their computer systems. NBC's Pete Williams reports.

    The hackers used techniques like “spear-phishing” -- using spoof emails to trick users into granting access to internal servers --demonstrating a strong proficiency in the English language and advanced understanding of computer security and network operations, the organization said.

    Media blackout
    Though the story exploded on Twitter and in the foreign news media, it has hardly made any waves in China. Twitter has long been blocked in the country and foreign media companies that broadcast on the mainland like CNN were blacked out when the report was mentioned on air. 

    Coverage of Mandiant’s report was also absent from Chinese news websites, but some discussion of the report could still be found on China’s Twitter-like service, Weibo.

    “Chinese hackers are so capable! I always thought Americans are very powerful!” exclaimed one user.

    “Reports by foreign media cannot be fully trusted,” warned another user, “but there must be something.”

    Related: Wall Street Journal infiltrated by Chinese hackers

    This was a sentiment partly shared by China’s Foreign Ministry spokesman, Hong Lei, who responded today to questions about the hacking report by calling them “groundless” and reiterating the government’s unwavering position on the matter.

    “To make groundless accusations based on some rough material is neither responsible nor professional,” he said, before noting that China was also the victim of hacking attacks.

    Hong also argued that the new evidence provided by Mandiant and the New York Times will not withstand closer scrutiny.

    But China’s cyber activities have been under increasingly closer scrutiny in recent weeks, as a slew of news stories have come out about Beijing’s reported hacking ambitions. Last month, the New York Times reported that its own servers had been attacked by hackers originating in China, possibly in response to an embarrassing expose it published showing the hidden riches of out-going Chinese premier, Wen Jiabao.

    While the White House has largely remained silent on the hacking issue -- President Barack Obama mentioned hacking in his State of the Union but did not specifically cite China -- the government has been noticeably increasing efforts to strengthen cyber security.

    Last week Obama issued an Executive Order calling for the improving of critical infrastructure tied to cyber security. That the move came on the eve of the publication of two similar exposes -- last week Bloomberg printed another story demonstrating PLA hacking of American systems -- suggests the administration could be taking a long called for tougher stance on Chinese hacking by “naming and shaming” known mainland hacking groups.  

    NBC News' Le Li contributed to this report.

    Related:

    Congress urged to probe Chinese cyber-espionage

    Internet Explorer zero-day exploit linked to China

  • Leveson report on Rupert Murdoch, son: Evidence 'suggests a cover-up by somebody'

    In its report on Britain's phone-hacking scandal, the Leveson Inquiry described a failure of management systems at newspapers owned by Rupert Murdoch and others.

    By Keir Simmons, NBC News

    LONDON -- The phone hacking scandal at Rupert Murdoch’s News of the World involved more than just allegations that journalists on the paper illegally listened to people’s cell phone messages. As is often the case with major scandals, there were also allegations of a cover-up. It is these claims that have caused the biggest headache for senior people at News Corporation.


    Dig down into Thursday’s inquiry report and it is the possibility of a cover-up that is the focus. From page 348, the report, overseen by Lord Justice Brian Leveson, accuses Rupert Murdoch, his son James and News Corporation of either failing to address allegations of "widespread criminality within the organization” or — if they didn’t know about it — being guilty of a "significant failure in corporate governance."

    These are words that will concern lawmakers in the United States, where News Corporation has many media arms, including Fox News and 20th Century Fox, and recently announced that it is buying a 49 percent stake in the Yankees Entertainment and Sports Network.

    The Leveson report refers to a series of e-mails and meetings in 2008 when James Murdoch signed off on a substantial payment to a phone hacking victim. He was then head of News Corporation's UK arm, News International. The question during the inquiry was this: How much was James Murdoch told about phone hacking at the News of the World when he signed that check. Those involved said they couldn’t remember.

    "If the explanation of James and Rupert Murdoch is correct," the report concludes, then "One or more parts of the management… was engaged in a determined cover-up to keep relevant information about potential criminality within the organization from senior management."

    Rupert Murdoch's papers, UK media condemned in phone-hacking report

    The official inquiry into the practices and standards British newspapers, prompted by the phone hacking scandal is out. NBC's Keir Simmons reports.

    Leveson does not appear convinced that this was the way events actually unfolded, writing that managers had "no reason or motive to conceal relevant facts" from James Murdoch. He goes no further — acknowledging there is an ongoing criminal investigation of what happened at News of the World. But he says again and again, if people at News Corporation didn't know what was going on, that itself is a significant failure.

    "In truth, at no stage, did anybody drill down into the facts to answer the myriad of questions that could have been asked and which could be encompassed by the all embracing question 'what the hell was going on'?" Leveson says. "On any showing, these questions were there to be asked and simple denials should not have been considered sufficient. This suggests a cover up by somebody and at more than one level."

    Earlier in the report, on page 305, Leveson considers the integrity of Rupert Murdoch’s company. "An organizational culture that is founded on integrity and honesty would require not only full co-operation with law enforcement, but also a determination to expose behavior that failed to comply with the law," Leveson says.

    "What happened at the (News of the World) in relation to voicemail interception in this context is particularly informative about the culture that pertained both within the corporate and editorial operation," he concludes.

    News Corporation has cooperated closely with British police in the last two years, authorities have said.

    None of this reveals any new information, but it does tell us what an independent and experienced British judge makes of it. The British criminal investigation is still underway and the potential trials of former senior Murdoch executives, Rebekah Brooks and Andy Coulson, may bring new details of what went on inside of Murdoch’s businesses. When those trials are over, likely sometime next year, Leveson will write another report that should provide more conclusive analysis.

    Olivia Harris / Reuters

    Chris Bryant, a member of the British parliament, leaves Queen Elizabeth hall carrying copies of a report by Lord Justice Brian Leveson's on media practices, in London on Thursday. The far-reaching inquiry into British newspapers called for a new independent watchdog enshrined in law to regulate the press and prevent the type of excesses which led to a phone hacking scandal within Rupert Murdoch's News of the World tabloid.

    More world stories from NBC News:

    Follow World News from NBCNews.com on Twitter and Facebook


     

     

     

     

Older posts