Tue, Dec 04, 2012 - Page 9 News List

US firm pushed to brink by China hack attack

A family-owned firm came under relentless assault after accusing China of pirating its software to build the Green Dam cybercensor

By Michael Riley  /  Bloomberg

No one from Zhengzhou Jinhui was available to address the CYBERsitter allegations, according to a person who answered the telephone at the company.

A spokesman for China’s Ministry of Foreign Affairs said he had no information on the cyberassault against Solid Oak and declined to comment further.

When Milburn’s suit was filed, Chinese officials said the government “highly values and fully respects the intellectual property rights of software.”

Six days after the suit was filed on Jan. 5, 2010, Milburn’s Los Angeles-based law firm at the time, Gipson Hoffman & Pancione, was hit with a cyberintrusion using e-mails similar to those aimed at Solid Oak but with different malware, according to the law firm. Forensics analysis shows that attack probably emanated from China as well, says Stewart, the Dell SecureWorks threat expert.

It had been clear to everyone that one motive for the attacks might be espionage related to possible legal action, Milburn says. If the hackers were able to steal documents or record conversations, they could preview strategies and negotiating positions, even identify legal weaknesses in the case.

Milburn decided not to take chances with the lawsuit. Using techniques gleaned from talking to security experts, his small team developed their own ad hoc counter-espionage measures. Solid Oak and its lawyers exchanged legal documents using rotating Web mail accounts or document-sharing sites like San Francisco-based Dropbox, deleting the accounts after a single use.

Occasionally, Milburn drove to an empty house he and his wife owned in the hills around Santa Barbara. Sitting at the kitchen table, he would make phone calls or exchange e-mails with his attorneys, alternating between four different cell phones from three different carriers.

The lawsuit seemed to trigger a more serious phase of the attack, Milburn says.

Computer failures that had occurred a couple times a week now sometimes happened two or three times a day.

Milburn constantly had to reboot servers, occasionally in the middle of the night. During work hours, it became hard for DiPasquale to get Milburn on the phone because he always seemed preoccupied fixing something. Tempers at work flared more often.

“Everybody started to wonder what they were doing wrong on a personal level,” DiPasquale says, adding that because Milburn could not trace the source of the network problems, it became hard to sort out who was to blame or why.

“Things got very tense,” DiPasquale says.

One thing was clear: the technology that ran Milburn’s company was no longer solely under his control.

In March 2010, a staccato of text message alarms woke him in the middle of the night, signaling that his servers were all shutting down. He hurriedly drove the winding road to the office to find that his commercial-grade SonicWALL firewall had failed, taking his entire network off line. He spent a good part of the next day on the phone with the manufacturer, who was stumped.

“Those things are like old carburetor engines, they never quit,” Milburn says.

After his e-mail servers crashed during an exchange with his attorneys, he crawled under the large house that serves as the company’s headquarters in search of a device that someone might have physically planted. Pawing through cobwebs with a flashlight, he spent an hour opening utility boxes and eyeing the fiber-optic cable. He found nothing.

This story has been viewed 2662 times.
TOP top