Washington DC, Jul 29, 2008 / 04:47 pm (CNA).- Although the Olympics are meant to be a time of celebration and friendly competition, Sen. Sam Brownback (R-KS) produced evidence today that Chinese authorities are planning to spy on visitors? internet usage.http://feeds.feedburner.com/~r/catholicnewsagency/dailynews/~4/349850988
I can confirm parts of this story. I work in the IS group in my company. My company has a few offices in China. the Chinese government required that we install a special internet monitoring device in our offices in China. Furthermore, they required that government technicians, not our own in-house technicians, install it. These devices were reuired to be installed at least two weeks before the start of the Olympic games. My company, of course, complied.
These devices, one in each office, were installed in such a manner so that not only did they monitor internet traffic in the Chinese offices, but they also had, unknown to us, access to our corporate network. This came to our attention within just a couple of hours when the Chinese government site that administers these devices from the outside began poking around then downloading my companies confidential operational, engineering and financial data via these “monitoring” devices.
A Chinese official “apologized” for the “mistake” made during installation. However, nearly 500 GB of data, including current product designs and our detailed order data databases and financial data for the last 8 years went out through that hole. Of course we do not know what happened to it or how it is being used.
I know this because I was one of the people who discovered this and helped get these devices deactivated and then disconnected from our corporate network. Once properly setup to monitor but not access, we let the PRC officials reactivate them. No one will be able to convince me that the PRC tech are that inept.
I doubt very much it was a mistake.
I bet the Chinese Government purposely downloaded that information. That was their intention.
No one seems to believe me when I say “China” is ran by Communist Government.
Thank God you noticed they were downloading it.
I bet they “Chinese government” knows what happened to the 500 GB of data.
I am totally with you. I should add that they timed the “activation” in such a way that it was about 7:00 PM here at our headquarters. If it were not for a few workaholics and people without lives, they would have gotten it all by the start of business the next day.
The way it happened was that our after-hours operations crew noticed elevated network activity and they gave the main contact a call. He knew my team had a special process running and the primary contact a call. But he was not home so I got the call. I logged in and started poking around and saw huge read activity on several databases which should have been idle. The network guy then traced these SQL queries to sessions established by the monitoring devices.
We could not shut down the monitoring devices without risking jail time for certain staffers in our Chinese offices. The fastest way we could stop it was to down our servers which were being read. Meanwhile, we had to get permission to shut down the monitors. Since we did not get it right away, a decision was made to kill the network connection to our offices in the PRC. Then we were able to bring the servers back up.
After the devices were properly configured, we then reconnected the offices in the PRC.
After looking at the logs, we determined that a long series of operations were made against several different databases and servers, first identifying what stuff was, then cherry-picking the data with SQL queries that returned massive “dump-style” result sets.
All in all, they were pulling data for nearly four hours before we shut them down.
We still do not know how they bypassed the security settings or obtained passwords. They accounts that they used to read data were administrator accounts that had not previously existed. :shrug: They were somehow created shortly after these devices were activated. In addition, the speed at which our database schema was analyzed and data selected for download was blindingly fast, I would have to go check the logs, but if my memory serves, it was less than ten minutes between the time the first connections to the databases were made and the shcema queries were submitted to the time the targeted data downloads began. Those of use privy to this are convinced that this was a completely automated system of frankly astonishng complexity. (We do not use a commercial product thus our schema is unique and proprietary.)
No, this was no hacker and this was not accident.
Oh, and according the the PRC officials, it did not happen either.
Sorry for the long post, but I am still steamed about this.
It’s actually scary thinking about what happened.
We(U.S.) have to be very careful in allowing other countries to
have acces to our IT systems.
I tell you we (U.S.) politicians are selling our country out.
Everything in my home is made in China. Me and my
seven year old son did a survey of all the items in our home.
I was shocked to see that not one item was made in the U.S.
Most of our IT jobs are being outsourced to other countries.
The only kind of jobs we are going to have left here in America are “service” jobs.
I’m off topic a little, but i’m just venting.
It’s the truth though.
-Send your story to a news agency such as CNN or Fox, I’m sure they would love to air this!
-Have you contacted (Assuming you work for an American company, of course) the U.S. State Department? They might be interested to at least hear your account of corporate espionage. The best case scenario is they lodge a formal complaint, which, on the very eve of the Olympics, would further damage the PRC’s image.
-What are your tech/ security people saying can be done about this? I’d love to hear, I’m in China for only a little while longer but I have friends who are staying for another semester or a year. I think a couple of them actually are going on to do an internship or two here in China for foreign companies…
Socialism at its finest:
That is not my decision to make. This was an embarrassing episode for my company and I suspect that we would want to keep it quiet. In addition, complaining like in the past has resulted in “unrelated” suspensions or intrusive “inspections” and would hamper our ability to do business in China.
The PRC has us over a barrel.
But you just told the whole forums what happened…I can see the trouble the embarrassed officials would make for you though.
But you do not know who I am or what my company is. Or even what industry we are in. So our secret is safe.
But yes, my company does fear retaliation. We fear retaliation in two forms, one that affects our ability to do business in the PRC and the other that may result in the arrest of staff members at our offices in the PRC.