Shell, Rolls-Royce reportedly hacked by Chinese spies

MI5 has warned some 300 banks and accounting and legal firms to guard data

Britain's domestic intelligence agency is warning that cybercrime perpetrated by China is on the rise following hacking attacks against Rolls-Royce PLC and Royal Dutch Shell PLC.

The agency, known as MI5, recently sent letters to some 300 banks and accounting and legal firms warning that "state organizations" of China were plying their networks for information, according to the Times of London on Monday.

The U.K. government refused to confirm the letters. However, the reported correspondence comes just a month after the U.K.'s top domestic intelligence officer warned of "high levels" of covert activity by at least 20 foreign intelligence agencies, with those of Russia and China the most active.

"A number of countries continue to devote considerable time and energy trying to steal our sensitive technology on civilian and military projects, and trying to obtain political and economic intelligence at our expense," Jonathan Evans, director general of MI5, said in Manchester, England, on Nov. 5.

"They do not only use traditional methods to collect intelligence but increasingly deploy sophisticated technical attacks, using the Internet to penetrate computer networks," he said.

The Times, quoting an unnamed source, reported that Chinese hackers infected Rolls-Royce's network with a Trojan horse that sent information back to a remote server. Shell uncovered a Chinese spying ring in Houston that was trying to pilfer confidential pricing information for the oil giant's operations in Africa, the paper said, citing "security sources."

Representatives for both companies contacted in London did not immediately return calls for comment.

The rise in hacking originating in China and Russia has been well documented by security researchers. But it has been harder to distinguish between state-sponsored hackers and those just operating in the same geographic region, said Graham Cluley, senior technology consultant at security firm Sophos PLC.

Some 30% of the malicious software created is written in China, Cluley said. But about 17% of those programs are designed to steal the passwords of users who play online games and is not intended for industrial espionage, he said.

"It's not all James Bond," Cluley said.

Hackers are also tough to trace, since they can often control networks of other computers, called botnets, which can be used to carry out commands and attacks.

Botnet investigations are time-intensive and difficult for law enforcement to conduct, since the computers are often in different countries, meaning international legal cooperation is necessary for such probes to proceed.

Spying to gain an advantage over a commercial competitor is nothing new, and it's hard to definitively blame China for it, said Peter Sommer, who teaches information systems security at the London School of Economics and wrote The Industrial Espionage Handbook under the pseudonym "Hugo Cornwall."

The job of an industrial spy has also become a lot easier with the advent of the Internet, Sommer said. About 90% of intelligence collected by agents is "open source," or already public information.

"You no longer have to get into buildings and try and meet people," Sommer said.

Public Web sites of companies are rife with e-mail addresses of employees who can be "spear-phished," or singled out to be sent e-mail with a malicious software such as a keystroke logger. The hacker uses social-engineering tricks in order to get the worker to open the attachment, opening up access to a company's network.

Copyright © 2007 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon