The Vietnamese government rebuffed charges by Google that Vietnamese PC owners were being targeted by attackers.
The comments, posted online Saturday, were in response to a blog post by a member of Google’s security team outlining a malware attack. According to Google’s Neel Mehta, the infected computers were used to build a botnet that launched distributed denial-of-service (DDoS) attacks against blogs belonging to critics of a Chinese-backed mining operation in Vietnam.
“Such comments are groundless,” said Vietnamese Foreign Ministry spokesperson Nguyen Phuong Nga, in a statement. “We have on many occasions clearly expounded our view on issues relating to access to and use of information and information technology, including the Internet. Vietnam law puts in place specific regulations against computer virus and malware as well as on information security and confidentiality.”
Google was not the only company to mention the attack. Researchers at McAfee said the malware was disguised as the keyboard driver VPSKeys, which is popular among Vietnamese users and is used to insert accents at the appropriate locations when using Windows. Once a machine was infected, it became part of a botnet with about a dozen command and control servers located around the globe, McAfee reported. The command and control servers were accessed predominantly from IP addresses inside Vietnam.
“Specifically, these attacks have tried to squelch opposition to bauxite mining efforts in Vietnam, an important and emotionally charged issue in the country,” Mehta wrote in his blog post.
There has been opposition in Vietnam to bauxite mining efforts backed by the Vietnamese government and state-run Chinese aluminum firm Chinalco. Though neither Google nor McAfee accused China or Vietnam of direct involvement in the attacks, the political nature of the attacks has become another foil in the ongoing debate over state-sponsored cyber-activity that gained steam in the wake of the Aurora attacks reported by Google. Though the Vietnamese attacks were initially thought to be related, it is now believed that the Aurora attacks were smaller than previously thought.
“We suspect the effort to create [this] botnet started in late 2009, coinciding by chance with the Operation Aurora attacks,” McAfee CTO George Kurtz blogged March 30. “While McAfee Labs identified the malware during our investigation into Operation Aurora, we believe the attacks are not related. The bot code is much less sophisticated than the Operation Aurora attacks. It is common bot code that could use infected machines to launch distributed denial of service attacks, monitor activity on compromised systems and for other nefarious purposes.”
Meanwhile, security researchers with the University of Toronto issued a report today dissecting a cyber-espionage network traced to Chinese-based hackers that compromised government, business and academic systems in India, the office of the Dalai Lama and the United Nations. The report did not accuse the Chinese government of any involvement.
”We have from time to time heard this kind of news. I don’t know the purpose of stirring up these issues,” Foreign Ministry spokeswoman Jiang Yu told a regular press conference in response to questions about the report, according to the Associated Press. ”We are firmly opposed to various kinds of hacking activities through the Internet.”