Bloomberg

News Opinion Markets Personal Finance Tech Politics Sustainability TV Video Radio

China Hackers Activity Logged Reveals Multiple Victims Worldwide

The Comment group, a Chinese hacking group named for its trademark of infiltrating computers using hidden HTML code known as “comments,” is one of between 10 and 20 hacking groups identified by private researchers and is notable for its frenetic pace of operations. A group of private researchers tracked the Comment group from late June to early August in 2011, logging its members’ daily attacks on some 20 victims. Bloomberg obtained the logs from June 29 to July 21, which revealed infiltration at the highest levels of the European Union and organizations specializing in trade, intellectual property, energy and foreign affairs. Read the full story here.

graphic legend

 

Company
What the
logs show
Number of
hack victims
June
29, 2011
July
5
6
7
8
11
13
14
15
18
21

European Union

See more

11
victims
European Union
As European leaders wrestled over a second bailout for Greece, the hackers stole the e-mails of Van Rompuy and other officials.
business accounts hacked:

Wiley Rein LLP

See more

6
Wiley Rein
Comment group pilfered e-mails from six people at Wiley Rein LLP, a law firm in Washington that handles sensitive trade and sanctions cases, some against Chinese companies. The breach gave hackers access to documents that ran to thousands of pages, according to a person familiar with the investigation.
business accounts hacked:
  • Timothy Brightbill, partner, international trade and climate change
  • Alan Price, partner, chair of international trade practice, head of anti-dumping and countervailing duty practice
  • Nova Daly, public policy consultant specializing in international trade, cybersecurity & network security
  • John Hodges, partner, International trade, environment & safety
  • John Reynolds, at the time a partner at Wiley Rein, now at Davis Polk & Wardwell LLP and an expert on export controls & economic sanctions
  • Cari Stinebower, at the time a lawyer at Wiley Rein, now at Crowell & Moring LLP in the international trade practice group

Talisman Energy Inc.

See more

3
Talisman Energy Inc.
Comment group hacked into Talisman Energy Inc.'s Asian operations in July, the logs show. The intrusion coincided with an outburst of tension in the South China Sea, where Calgary-based Talisman is developing oil fields in cooperation with Vietnam, in territory claimed by China. The hackers gained access to Talisman's Asia domain controller and anything on it, and it took the company six months to boot them out, according to a person familiar with the investigation.
business accounts hacked:
  • Lawrence Bernstein, an exploration executive based in Malaysia
  • Michael Horn, a business development executive in Singapore
  • + one other person

Immigration and Refugee
Board of Canada

See more

1
Immigration and Refugee Board of Canada
The Immigration and Refugee Board of Canada became the target of hackers during the end game of a long extradition battle over a former Chinese business tycoon. In less than five hours of work, the hackers dumped passwords, broke them offline, and returned to snag the e-mails of an adjudicator who had handled a recent hearing for Lai Changxing. Lai was sent back to China and recently sentenced to life in prison there.
business accounts hacked:
  • Leeann King, adjudicator

Halliburton Co.

See more

n/a
Halliburton Co.
The oilfield services giant was already aware of a breach when researchers from the working group notified them of communication between Halliburton systems and Comment's command-and-control servers. The company informed the researchers they were cooperating with the FBI.
business accounts hacked:
  • No specific accounts appear in the logs

ITC Ltd.

See more

1
ITC Ltd.
Comment group had such complete control over the network at ITC Ltd. that logs show it flashing the message "Administrators have complete and unrestricted access to the computer/domain" when the hackers logged in. The hackers potentially had access to the systems of the Indian technology and tobacco conglomerate for more than a year. ITC's chief executive does not use a computer, yet the hackers found the machine used by his assistant and downloaded a cache of tax documents, letters and personal files.
business accounts hacked:
  • personal assistant to CEO Y.C. Deveshwar

International
Republican Institute

See more

8
International Republican Institute (IRI)
Under 20 minutes of rifling through the network of the non-profit International Republican Institute netted 220 documents from the e-mails of eight staff members in late June. The haul from the democracy promotion organization gave the hackers access to details on personnel and programs that IRI refused, a year later, to discuss. The group has received funding to work with reformers within China and to cultivate a network of independent candidates and election observers. Security researchers say the pattern of activity indicates regular breaches of the organization's systems.
business accounts hacked:
  • Lorne Craner, president
  • Julija Belej Bakovic, regional director, Asia
  • Johanna Kao, resident country director based in Hong Kong
  • + five others

Business Executives
For National Security

See more

4
Business Executives For National Security (BENS)
Logs show Comment hackers turning off anti-virus software before accessing the computers of four users at the Washington non-profit Business Executives for National Security (BENS).
business accounts hacked:
  • Henry Hinton Jr., chief operations officer
  • Lisa Jackson, chief information officer
  • + two others

Locke Lord LLP

See more

5
Locke Lord LLP
Hackers got into the computers of at least five people at Locke Lord LLP in July, including specialists in copyright and trademark for high tech industries, unfair competition, as well as a firm IT employee.
business accounts hacked:
  • Alan Sack, of counsel, intellectual property and advertising/ marketing law
  • Scott Greenberg, senior counsel, trademark, copyright and unfair competition matters
  • + at least three others

What do you think about this article? Comment below!