Britain's MI5: Chinese Cyberattacks Target Top Companies

The British government has openly accused China of carrying out state-sponsored espionage against vital parts of Britain's economy, including the computer systems of big banks and financial-services firms.

In an unprecedented alert, Jonathan Evans, the director-general of Britain's vaunted MI5 domestic intelligence agency, last week sent a confidential letter to 300 chief executives and security chiefs at banks, accountants and legal firms warning them that they were under attack by "Chinese state organizations."

It is believed to be the first time that the British government has directly accused China of involvement in Web-based espionage.

• Click here to visit's Cybersecurity Center.

Such a blunt and explicit warning from Evans could have serious diplomatic consequences and cast a shadow over Prime Minister Gordon Brown's first official visit to China in his new position early next year.

A summary of the MI5 warning, a copy of which has been seen by The Times, was posted on a secure government Web site. It says that Evans wrote to business leaders "warning them of the electronic espionage attack."

The summary, on the Web site of the Center for the Protection of the National Infrastructure, says: "The contents of the letter highlight the following: the Director-General's concerns about the possible damage to UK business resulting from electronic attack sponsored by Chinese state organizations, and the fact that the attacks are designed to defeat best-practice IT security systems."

It adds: "The letter acknowledges the strong economic and commercial reasons to do business with China, but the need to ensure management of the risks involved."

Access to the site is limited to groups that form part of the country's critical infrastructure, which include telecoms firms, banks and water and electricity companies.

The document gives warning that British companies doing business in China are being targeted by the Chinese People's Liberation Army, which is using the Internet to steal confidential commercial information.

The Home Office, which supervises MI5, refused to comment Friday night on what it called leaked private correspondence. A spokesman for the Chinese Embassy in London said he was unaware of the allegations and that the embassy had not received any complaints from the British authorities.

Martin Jordan, a principal adviser at the Big Four accounting firm KPMG, who has seen the contents of the letter, said: "If the Chinese know that a British firm is trying to buy a company or other assets such as land in China, then they are using every means at their disposal to discover details such as exactly how much money the British company is prepared to spend for that asset."

Firms known to have been compromised recently by Chinese attacks include one of Europe's largest engineering companies and a large oil company, The Times has learned.

Another source familiar with the MI5 warning said, however, that known attacks had not been limited to large firms based in the City of London.

Law firms and other businesses in the regions that deal even with only small parts of Chinese-linked deals are being probed as potential weak spots, he said.

A security expert who has also seen the letter said that among the techniques used by Chinese groups were "custom Trojans," software designed to hack into the network of a particular firm and feed back confidential data.

The MI5 letter includes a list of known "signatures" that can be used to identify Chinese Trojans and a list of Internet addresses known to have been used to launch attacks.

A big study released last week by the computer-security firm McAfee warned that government and military computer systems in Britain were coming under sustained attack from China and other countries.

• Click here to download the 40-page McAfee report (pdf, free registration required).

It followed a report presented to the U.S. Congress last month describing Chinese espionage in the U.S. as so extensive that it represented "the single greatest risk to the security of American technologies."

Ian Brown of Oxford University, one of the report's authors, said that attacks traced back to China have been found attempting to crack British government passwords.

The report identified China as the country most active in Internet-enabled spying operations and attacks, but says that 120 other countries are using the same techniques.

The Center for the Protection of National Infrastructure, one of several British bodies charged with protecting the country's computer systems, has described the threat posed by cyberattacks as enormous.

Defense departments across the globe are already rewriting manuals in anticipation of future digital warfare.

The U.S. has recorded 37,000 attempted breaches of government and private systems this year, and a new unit at the U.S. Air Force, staffed by 40,000 people, has been set up to prepare for cyber-war.

McAfee's Virtual Criminology Report found that attacks had progressed from initial curiosity probes to well-funded and well-organized operations to conduct political, military, economic and technical espionage.