Hacked? Don't blame China, blame Denmark

Summary:Forget pointing the finger at China when government systems and defence contractors are compromised — it's the dirty work of Danish hackers, says Finnish security researcher, Mikko Hyppönen.

Forget pointing the finger at China when government systems and defence contractors are compromised — it's the dirty work of Danish hackers, says Finnish security researcher, Mikko Hyppönen.

F-Secure chief research officer, Mikko Hyppönen

The security researcher told ZDNet.com.au that although China is often accused of being behind targeted attacks on government agencies, ministries and defence contractors to gain industrial and national secrets, and despite evidence pointing to its involvement, he will never accuse the country of being behind the cyberattacks.

Hyppönen said it's just as likely a country such as Denmark is behind them, after analysing targeted back-door and trojan attacks against governments for the past three years.

"[Targeted attacks] are rare, but when it happens to you it's a nightmare. Normally viruses are bad luck, but in these cases, it wasn't bad luck — it's only you who got infected," he said.

"If I would have a guess, I would say it's Denmark. It could be bunch of Danish hackers doing it for fun and making it look as if it was China," he said.

"Obviously all the evidence would make it easy to connect the dots and say the Chinese did it, but at the end of the day, there is no real evidence linking anything to China," he told ZDNet.com.au.

The evidence pointing to China is that three key groups have been targeted with the same zero day exploits which use information-stealing trojans, says Hyppönen: large multinational companies (mostly defence contractors); governments, ministries, embassies and agencies; and non-profit organisations.

"We have evidence linking these three attack targets and it's the same attacks hitting large defence contractors and small non-profit organisations (NPOs)," he said.

"Most of these trojans are to steal information and are sending it to servers that are always located in China or that operate DNS routers in Chinese," he added.

But it's this last group — non-profit — that raises questions. Why would hackers risk exposing to the world highly-prized zero day exploits on such low-value targets?

"These are very small non-profit organisations in many different counties — organisations which might have five or six employees who are not getting money for their work. These organisations are getting hit with zero day exploits several times a month," Hyppönen said.

The common element to these NPOs is that they all support political irritants to the Chinese government. "They are typically non-profit organisations supporting the independence of Tibet, the liberalisation of Taiwan or supporting the Falun Gong," he said.

But the problem with using these attacks on the NPOs, whose mutual enemy is the Chinese government, to confirm that the Chinese are behind them is that hackers commonly obfuscate the source of an attack, or use already-hacked computers to launch remote attacks.

"If an attacker is clever, they would make it look like the Chinese [but] I will refuse to go on the record saying it's the Chinese," said Hyppönen.

Topics: Government, AUSCERT, Government : AU, Malware, Security, Tech Industry

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.