Stolen HBGary e-mail reveals DuPont was hit by the same Chinese hackers that hit Google, Morgan Stanley and Adobe as part of Operation Aurora.
Revelations from HBGary
e-mail keep on rolling in. The latest e-mail identifies several more high-profile
companies hit by attacks similar to Operation Aurora.
E-mail stolen from HBGary's
mail servers by hacktivist group Anonymous earlier this year revealed that
the same Chinese hackers who had attacked Google as Operation Aurora had also
targeted chemical company DuPont in late 2009. Bloomberg
News examined some of the e-mail stored on anonleaks.ch.
publicly disclosed in January 2010 that it had been under continued attack over
a six-month period in 2009. It estimated about 200 companies were victims of
Operation Aurora, although most have not identified themselves. The victims
list includes Adobe, Intel, Juniper Networks, defense contractor Northrop Grumman
and Dow Chemical. Last month, some HBGary e-mail messages came to light
identifying investment bank Morgan
Stanley as another Aurora victim.
A DuPont internal
investigation discovered some of its computers had been implanted with spyware
during a business trip to China, wrote HBGary's Rich Cummings in a Feb. 4,
e-mail. The PCs had been stored in a hotel safe, Cummings said. DuPont
felt the attacks were done by hackers who represented "people, organizations
and countries that strive to do them harm," Bob Slapnik, an HBGary investigator
wrote in an e-mail.
DuPont was hit twice in a
space of 12 months, the e-mail showed. DuPont learned of the second attack from
the Federal Bureau of Investigation on Dec. 9, 2010. After an investigation,
DuPont executives concluded they were the target of a campaign of industrial spying,
according to the e-mail.
"They believe their bad guys
are the Chinese who want to catch up and leapfrog them in the global marketplace,"
The U.S. State Department
and intelligence agencies believe Aurora was sanctioned by the Chinese
government, according to Diplomatic cables released by WikiLeaks. However,
various Chinese officials have steadfastly denied any links. Wang Baodong, a
spokesman for China's embassy in Washington D.C., said China is a victim of
hacking attacks and "the wrong target of unwarranted blame."
Bloomberg News also examined
other e-mail from major companies such as Walt Disney, Sony, Johnson & Johnson
and General Electric, which had been compromised as part of a wide-scale
attack, although it wasn't clear whether HBGary considered those attacks part
of Operation Aurora. E-mail mentioning Sony, Johnson & Johnson and General
Electric focused on the hackers' techniques and less on what was taken or how
deeply the attackers penetrated, according to the article.
There were over 60,000
e-mail messages between HBGary and affected companies discussing the network
breaches, and each decided not to disclose the network breaches publicly to
regulators and investors.
Executives of attacked
companies feared the intrusions would spark questions from investors and
regulators about what was stolen, according to the e-mail. U.S. securities laws
require companies to report events considered "material" to investors. The
e-mail messages do not appear to mention what attackers managed to take.
Many of the affected
companies hired HBGary, a security forensics firm with a large number of both
government and private-sector customers to investigate network breaches.