The Guardian, 11 March 2012

Beijing cyber-spies accused of using fake social networking accounts in bid to steal military secrets from the west

Nato’s most senior military commander has been repeatedly targeted in a Facebook scam thought to have been co-ordinated by cyber-spies in China, the Observer has learned. The spies are suspected of being behind a campaign to glean information about Admiral James Stavridis from his colleagues, friends and family, sources say.

This involved setting up fake Facebook accounts bearing his name in the hope that those close to him would be lured into making contact or answering private messages, potentially giving away personal details about Stavridis or themselves.

This type of “social engineering” impersonation is an increasingly common web fraud. Nato said it wasn’t clear who was responsible for the spoof Facebook pages, but other security sources pointed the finger at China.

Last year, criminals in China were accused of being behind a similar operation, which was given the codename Night Dragon. This involved hackers impersonating executives at companies in the US, Taiwan and Greece so that they could steal business secrets.

The latest disclosure will add to growing fears in the UK and US about the scale of cyber-espionage being undertaken by China. As well as targeting senior figures in the military, the tactic has been blamed for the wholesale theft of valuable intellectual property from some leading defence companies.

The sophistication and relentlessness of these “advanced persistent threat” cyber attacks has convinced intelligence agencies on both sides of the Atlantic that they must have been state-sponsored. Nato has warned its top officials about the dangers of being impersonated on social networking sites, and awarded a £40m contract to a major defence company to bolster security at the organisation’s headquarters and 50 other sites across Europe. A Nato official confirmed that Stavridis, who is the supreme allied commander Europe (Saceur), had been targeted on several occasions in the past two years: “There have been several fake Saceur pages. Facebook has cooperated in taking them down… the most important thing is for Facebook to get rid of them.”

The official added: “First and foremost, we want to make sure that the public is not being misinformed. Saceur and Nato have made significant policy announcements on either the Twitter or Facebook feed, which reflects Nato keeping pace with social media. It is important the public has trust in our social media.”

Nato said it was now in regular contact with Facebook account managers and that the fake pages were usually deleted within 24 to 28 hours of being discovered. Finding the actual source in cases such as these is notoriously difficult, but another security source said: “The most senior people in Nato were warned about this kind of activity. The belief is that China is behind this.”

Stavridis, who is also in charge of all American forces in Europe, is a keen user of social media. He has a genuine Facebook account, which he uses to post frequent messages about what he is doing, and where. Last year he used Facebook to declare that the military campaign in Libya was at an end.

The threat posed by Chinese cyber activity has been causing mounting concern in the UK and the US, where it is judged to be a systematic attempt to spy on governments and their militaries. They also accuse Beijing of being involved in the anonymous theft and transfer of massive quantities of data from the west. In a surprisingly pointed report to Congress last year, US officials broke with diplomatic protocol and for the first time challenged China directly on the issue. The National Counterintelligence Executive said Chinese hackers were “the world’s most active and persistent perpetrators of economic espionage”.

It said China appeared to have been responsible for “an onslaught of computer network intrusions”. The report also claimed that Chinese citizens living abroad were being leaned on to provide “insider access to corporate networks to steal trade secrets”. The use of moles was, it said, a clear exploitation of people who might fear for relatives in China.

Security analysts in Washington said they believed China had undertaken comprehensive cyber-surveillance of the computer networks that control much of America’s critical infrastructure. This has stoked a political debate on Capitol Hill, where Democrats and Republicans are locked in an ideological battle about how to tackle cyber threats. President Barack Obama wants to introduce regulation to ensure companies are taking them seriously, but that approach is opposed by Republicans, including Senator John McCain.

James Lewis, a cyber expert from the Centre for Strategic and International Studies thinktank in Washington, said the time for dithering had passed. “We know that Russia and China have done the reconnaissance necessary to plan to attack US critical infrastructure,” he said. “You might think we should put protection of critical infrastructure at a slightly higher level. It is completely vulnerable.”

Shawn Henry, an executive assistant director at the FBI, told the Observer that the agency was dealing with thousands of fresh attacks every month. “We recognise that there are vulnerabilities in infrastructure. That’s why we see breaches by the thousand every single month,” he said. “There are thousands of breaches every month across industry and retail infrastructure. We know that the capabilities of foreign states are substantial and we know the type of information they are targeting.”

The department of homeland security has been tasked by the White House with countering the cyber threat, but without making people lose confidence in the web. Its senior counsellor for cyber-security, Bruce McConnell, said: “The internet is civilian space. It is a marketplace. Like the market in Beirut in the 1970s, it will sometimes be a battleground. But its true nature is peaceful, and that must be preserved.”

http://www.guardian.co.uk/world/2012/mar/11/china-spies-facebook-attack-nato