Did China Hack Into IMF?

0 Likes
10 comments

Late last week, Bloomberg ran a story announcing ‘China-Based Spies Said To Be Behind Hacking in Investigators' View’:

‘Investigators probing the recent ransacking of International Monetary Fund computers have concluded the attack was carried out by cyber spies connected to China, according to two people close to the investigation.’

The article went on to provide general details about why:

‘Evidence pointing to China includes an analysis of the attack methods, as well as the electronic trail left by hackers as they removed large quantities of documents from the IMF’s computers. The multistaged attack, which used US-based servers as part of their equipment, ended on May 31, people involved in the investigation said on the condition they not be identified because they aren’t authorized to speak about it.’

The report added that the analysis included ‘analysing the code left behind in networks and tracing patterns in multiple attacks that may use the same infrastructure.’ This sounded to me like the automated analysis performed by something like HB Gary’s ‘Digital DNA.’ The problem with that solution, and others like it, is that while it can analyse commonalities in the tools used, as well as the malware code, it can’t discern the nationality of the hackers responsible, and certainly not the nation state that may have engaged them.

A Remote Access Tool that was created by a Chinese-speaking person doesn’t mean that it was used by a Chinese hacker working on behalf of the State Council or a Chinese intelligence agency. Those tools are broadly available and used by black hats all over the world.

The more important thing that should have been being looked at, then, was motivation. Why should China be interested in hacking into an organization that it’s one of the most powerful members of?

Last October, for example, the IMF approved the G20 Agreement on Quotas and Governance, which amended the list of its top ten largest shareholders to be the ‘United States, Japan, the BRICs (Brazil, China, India and Russia), and the four largest European countries (France, Germany, Italy, and United Kingdom).’ Canada and Saudi Arabia lost their former top ten positions. In fact, according to this IMF fact sheet on quotas, China is now the third most powerful member in the IMF.

On top of all this, on July 12, former senior Chinese central banker Zhu Min was nominated to be a deputy managing director of the organisation, elevating China's stature and influence still further.

In fairness to the IMF, it did back away from the anonymous claims that were being reported in the media, with an IMF spokesman stating that: ‘We are not prepared to finger-point at this time. We also may never know who perpetrated this cyber-attack.’ 

In light of the information available, it seems a more sensible position.

This is an edited version of an entry that also appears on Carr's blog. Carr is also the author of 'Inside Cyber Warfare: Mapping the Cyber Underworld' (O'Reilly Media, 2009).

Comments
10
anon
July 31, 2011 at 21:07

from the post, “The report added that the analysis included ‘analysing the code left behind in networks and tracing patterns in multiple attacks that may use the same infrastructure.’ This sounded to me like the automated analysis performed by something like HB Gary’s ‘Digital DNA.’ The problem with that solution, and others like it, is that while it can analyse commonalities in the tools used, as well as the malware code, it can’t discern the nationality of the hackers responsible, and certainly not the nation state that may have engaged them.”

The problem here is the author clearly did no research of his own into this incident. He’s simply guessing. Anyone who did forensic analysis of the code or infrastructure used in this campaign would be able to assign attribution for this incident.

Another gem from the post, “A Remote Access Tool that was created by a Chinese-speaking person doesn’t mean that it was used by a Chinese hacker working on behalf of the State Council or a Chinese intelligence agency. Those tools are broadly available and used by black hats all over the world.”

Again, the author has no idea what he is talking about here. He’s clearly never analyzed the code. No, these tools are not broadly available many of them are custom made and tightly controlled.

Frankly, this post is worthless. Its simply uniformed opinion.

a_canadian_observer
July 31, 2011 at 13:50

@Againstnonsense: You are very mean and mad! And I will keep telling the truth about you and the likes of you, until you stop telling lies about us (non-chinese).

a_canadian_observer
July 31, 2011 at 13:46

@Dr. Rice: Very well said! Indeed, with the level of control on the internet traffic. It’s impossible that the chinese government has nothing to do with the hacking.

Jon
July 29, 2011 at 16:17

Michael – Try reading the articles before you comment. The writer actually makes clear he doesn’t think it’s China’s fault.

Dr. Rice
July 29, 2011 at 05:19

I find it unlikely that a Chinese hacker who was capable of hacking into the IMF doesn’t have any support from the Chinese government. However, I don’t believe that means that the Chinese government supported this hacking. It is very likely that China gives the means for its hackers to do what they want because they assume that the majority of its hackers on their payroll will do things that will benefit them in the long run. But the government doesn’t give specific orders to these hackers so the Chinese can always play the card of deniability. It is a perfect system. Regardless, the Chinese government seems to gain very little from hacking and stealing files from the IMF.

Michael
July 29, 2011 at 01:42

More BS western reporting! Everything is China’s fault these days!

Against nonsense
July 28, 2011 at 21:03

People, if you care to track this “a_canadian_observer” guy in all the Diplomat’s comment threads, you can easily come to the conclusion that this is a person who I am afraid is an anti-China mad man (or woman) whose mental state is approaching that of Anders Breivik of Norway. But at least Anders Breivik could cobble together a 1500 page manifesto, this a_canadian_observer guy (gal) can’t even make one cohesive argument in his anti-China rants. When someone is totally consumd by (political) emotions wrapped in hate, that person is a walking time bomb. Being a critic is normal but being a hater of an identifiable racial group is an entirely different matter.

Sinodefender
July 28, 2011 at 07:43

Your proof, Chinese government is behind those hacks? China is a member and it seems like someone is trying to frame China.

a_canadian_observer
July 27, 2011 at 21:00

Blah..blah..blah… chinese government is behind the hacks. Don’t make excuses. At least have the courage to admid.

yang zi
July 27, 2011 at 18:05

China hack stories are overblown. but I think there are many young people in China just want to attack US websites randomly, because they don’t like US meddling with China and want some revenge. these attacks are not advanced and can be easily defended, but it does gives a bad taste. China need to do something to stop this, because it creates unnecessary irritations.

Share your thoughts

Your Name
required
Your Email
required, but not published
Your Comment
required

Newsletter
Sign up for our weekly newsletter
The Diplomat Brief