China blamed for multi-continent cyberspying caper in 2011

For six months last year, cyberspies infiltrated and siphoned key data from the computer networks of at least 20 organizations in the US, Australia, Canada, and Europe – all of them with policy, economic, or political interests pending in China – then laundered them through a coopted server in the US and transmitted the information to China.

Operating undetected from late March to mid-September 2011, the sprawling cyberespionage program targeted, among others, a mining executive doing deals in China during a steel shortage there, Canadian immigration officials dealing with a Chinese businessman fleeing prosecution in Canada, and an international maritime executive promoting a new vessel design standard to minimize greenhouse gas emissions – a move China had publicly refuted.

Unlike cybercriminals who typically convert ill-gotten data – such as credit-card numbers – into quick cash, the attacker appeared to be trying to win long-term economic and strategic advantage for an unknown client in China, says a new report by Cyber Squared, an Arlington, Va., cybersecurity firm.

"When you look at all those independent targets as a collective, you start to see that whoever launched such a campaign had great resources and very large motives that were geopolitical and strategic in nature," Adam Vincent, CEO of Cyber Squared, says in an interview. "In this case it's commercial, not military, information that's the primary focus. We're dealing with an advanced, sophisticated, and highly resourced adversary that makes it their job to get into our organizations and conduct espionage operations."

While not claiming to have "solid evidence that the Chinese state is the culprit," the report says investigators familiar with the details are satisfied that "China is the most logical and direct benefactor of information stolen from these entities during the time of compromise."

"The intent was to acquire insider information regarding a variety of issues," the report, called Project Enlightenment, states. "Insight to these sectors could have been used to influence or preempt negotiations, strategic business, legal settlements and national policies."

It's not the first time cybersleuths have traced the path of digital spies. This new investigation parallels other investigations that point to a nation-state – most commonly claimed to be China – conducting a systematic and persistent type of attack that continues to higher levels of sophistication if one mode of attack is found out.

• In 2011, the security firm McAfee announced it had detected a cyberespionage program aimed at international energy firms that it dubbed "Night Dragon."
• A year earlier, the Monitor reported that a China-linked cyberespionage attack targeted several US oil companies. 
• Canadian researchers in 2009 reported on GhostNet, a cyberespionage program crossing continents and hundreds of organizations with a single common link: China.

But in this case, Project Enlightenment investigators were able to pin cyberespionage attacks to a tight timeline of events, which was not possible for the earlier attacks. Indeed, all the victims have "a common denominator," Cyber Squared found. "They are all uniquely and individually tied to Chinese strategic interests at the time of the compromise."

The thread that unraveled the larger plot began simply enough. In September, two US congressmen proposed the Taiwan Airpower Modernization Act (TAMA), which would have required the US to sell 66 upgraded F-16 jets to Taiwan.

1 | 2

Next