Chinese Hackers Linked To Canadian Breach
September 28, 2012

Chinese Hackers Linked To Breach of Canadian Energy Giant

Peter Suciu for — Your Universe Online

Hackers often like to prove to the world they have power. Earlier this month, a team of Chinese hackers reportedly breached energy giant Telvent Canada Ltd.´s network. The company has informed its customers in a letter sent earlier this month. Telvent is the maker of industrial control systems that remotely control smart grid networks used in a portion of the electric grid.

The company informed its customers on September 10 that hackers — now believed to be from the Chinese hacker group known as “Comment Group” — breached Telvent´s internal firewall and security systems. In addition, the hackers are believed to have implanted malicious software and even to have stolen project files.

Digital fingerprints that were left behind by the hacker(s) suggest ties to Comment Group. On September 25, Telvent executives reportedly provided details about the malware that was used and this pointed “strongly” to the Chinese group.

Back in July, a Bloomberg report on Comment Group noted it has been suspected of involvement in deploying sophisticated attacks to harvest intellectual property, along with trade secrets, from energy companies, patent law firms and even investment banks. Over the last two months, it is believed that the group infiltrated at least 20 organizations.

In response to these attacks, Telvent has cut data links between at-risk portions of its internal network and clients´ systems as a precautionary measure while it continues to investigate the breach.

Law enforcement, which has been called in to investigate the attack, issued the following statement:

“Telvent is aware of a security breach of its corporate network that has affected some customer files. Customers have been informed and are taking recommended actions, with the support of Telvent teams. Telvent is actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained."

This is just the latest in a string of cyber attacks that have been targeted at corporate interests this year. Primarily, the energy sector continues to be in the crosshairs. In August, Saudi Arabian-based Saudi Aramco, the world´s largest crude oil exporter, was hit by a computer virus. It was discovered that malware had entered through personal computers. The company responded that its network linked to oil production wasn´t affected.

Earlier this month it was reported that one or more insiders with the company may have helped spread the virus.

That attack was believed to be linked to hacktivist groups and used the Shamoon virus. An amateurish coding error in the malware led investigators to believe someone other than an experienced programmer had created it.

However, sometimes even those with real hacking chops can show a sense of humor. Earlier this year, other malware was used to cripple the Iranian nuclear facilities and, in one incident in July, the malware found Iranian engineers “Thunderstruck” as the bizarre attack results in music from the Australian heavy metal band AC/DC being played at high volume often in the middle of the night.

These attacks have been seen as a wake-up call in the United States as politicians in Congress and the Obama administration are becoming more vocal, having even have accused China and Russia of hacking U.S. computer networks for economic gain, espionage or other motives.

The war of the future could indeed be one of cyber warfare.