Chinese cyber hackers target multinational energy firms

The hackers, working in China, broke into the systems to steal bidding plans and other critical proprietary information.

The report, by McAfee, does not identify the five known companies that had been hacked.

It said that another seven or so had also been broken into but could not be identified.

The latest hacking operation has been dubbed “Night Dragon”.

This wasn’t using very advanced technology – it was using things that are pretty available on the web. Sal Viveros, McAfee

Channel 4 News asked both Shell and BP to confirm or deny whether they had been targeted. Both companies refused to comment.

The hackers got into the computers in one of two ways, either through their public websites or through infected emails sent to company executives.

Read more: Terrorism and cyber attacks are the UK's biggest threats

Sal Viveros, a security expert at McAfee, told Channel 4 News this was not a sophisticated plot: “Basically what these hackers did was use tools that are on the internet and look for vulnerabilities that are already well known, target them and take over a computer.

“It wasn’t using very advanced technology – it was using things that are pretty available on the web.”

The implications

Cyber security has already been made a priority by the British Government.

Kingston University cyber security expert, Dr Eckhard Pfluegel, told Channel 4 News the implications for companies were serious.

“Sufficient resources need to be allocated in order to monitor traffic to websites and employees need to be trained in security aspects.

“In the future we could see more organisations using biometrics – asking employees to leave a fingerprint each time they are about to send an email.”

Dr Pfluegel added: “The details in this story are still coming to light but generally there is a fear that cyber security wars will be increasingly triggered by politically-motivated parties or indeed, entire countries.

“The dimensions of computer security are truly global reach. Not surprisingly, the British Government is spending a huge amount of money on cyber security development.”

Who was responsible?

The hack was traced back to China via a server leasing company in Shandong Province that hosted the malware – another term for malicious software – and to a Beijing IP address.

McAfee’s report did not identify who was behind the hacking.

Mr Viveros said: “A lot of times these are organised criminals and you have groups of people going after specific information and data.

“What we found uniquely in this attack was most of the people using the information were working from 09.00 until 17.00 Beijing time so it wasn’t your typical hackers, it was people hired to go out and find the information.”

McAfee provided the data to the Federal Bureau of Investigation, which did not respond to requests for comment.

“This is normal business practice in China. It’s not always state-sponsored. And they do it to each other,” said Jim Lewis, a cyber expert with the Centre for Strategic and International Studies think tank.

I really have no grasp of this situation, but we frequently hear about these types of reports. Ma Zhaoxu, Chinese Foreign Ministry

Asked if Beijing normally agreed to arrest hackers, Lewis responded: “It’s not impossible, but it hasn’t happened very often.”

The Chinese government often says its country is also a victim of hacking. But Foreign Ministry spokesman Ma Zhaoxu told reporters at a regular press briefing on Thursday in Beijing that he was unaware of this case.

“I really have no grasp of this situation, but we frequently hear about these types of reports,” Ma said.

Cyber threat from China

Western governments and companies have long been concerned about corporate espionage based in China.

“We are aware of these types of threats, but we can’t comment specifically about what’s in the Night Dragon report,” said FBI spokeswoman Jenny Shearer.

Washington believes that hacking attacks on Google Inc, which briefly prompted the company to pull out of China, were orchestrated by two members of the country’s ruling body, according to U.S. diplomatic cables released by Wikileaks.

The French government is looking into a possible Chinese role in spying on carmaker Renault SA’s and Nissan’s electric vehicle programme.

In 2007, a Chinese student working at car parts maker Valeo was sentenced to prison for obtaining confidential documents from the automaker. A French tribunal stopped short of an industrial espionage verdict, instead finding that she had “abused trust.”