One security firm finds a worm intended for stealing files traces its origins back to one country – China.
Beijing doesn’t just want our oil and gas producers. They want our trade secrets as well. According to the Sydney Morning Herald, reverse-engineering a worm known as Myfip pointed a blood-stained finger across the Pacific.
“All the emails we’ve traced back with this particular attachment came from a single address in China,” said Joe Stewart, a researcher with the Lurhq security company. He considered it “highly likely” the program was used for espionage against technology firms.
Forbes magazine has already disclosed Myfip’s origins in China. That publication contends the worm and several variants may have been used to steal trade secrets, like designs for circuit boards.
In June, a warning from Britain’s National Infrastructure Security Coordination Center claimed a series of Trojan-laden emails were “targeting UK government and companies” in an attempt to swipe information. The advisory from NISCC indicated the attacks were generated in the Far East.
Governments like those of Britain and the US have been reluctant to call China out on these attacks. The US recently created an “anti-piracy” post in the wake of Commerce Secretary Guiterrez’s visit to China, where he was offered Star Wars Episode 3 by a street vendor. But cybercrime has fallen under the purview of the Department of Homeland Security.
Perhaps there should be a higher-level focus on cybercrime. Though the government’s hesitance at publicly comes from the contention that a true origin for an attack is not easily identified, another researcher disagrees.
“I believe firmly that the Chinese are using tools like Myfip to conduct industrial espionage on the US and other industrial countries that have mature data networks,” said Marcus Sachs of SRI International, who thinks there’s solid evidence against China.
David Utter is a staff writer for Murdok covering technology and business. Email him here.