As they packed their briefcases for the Christmas break, Members of Parliament (MPs) in London were unaware they had been the targets of one of the most audacious hacking attempts ever mounted, as the world's oldest modern democracy came under a sustained attack aimed at stealing sensitive information. It was launched by cyber criminals almost certainly operating in China.
The hi-tech industrial espionage involved a series of innocuous-looking e-mails targeted at secretaries, researchers, parliamentary staff and even MPs themselves. Each one was specifically tailored to the individual who would receive it.
Once opened, these e-mails tried to download sophisticated spyware that hunts through the recipient's computer and network for potentially valuable documents, which would be automatically sent back to the hackers without the user's knowledge.
The attack, which took place earlier in 2005, was thwarted by the parliament's sophisticated internet security system; no sensitive data is thought to have been lost.
Instead, the House of Commons' IT security staff immediately alerted the UK's National Infrastructure Security Co-ordination Centre (NISCC), a powerful organization linked to UK counter- intelligence (MI5) that is responsible for protecting the UK's critical information systems. Security experts set up an exercise to monitor the attacks, and immediately realized the hackers were well resourced.
"These were not normal hackers," said a source close to the NISCC. "The degree of sophistication was extremely high. They were very clever programmers."
According to research by US investigators, the hackers are thought to have been based in Guangdong Province in southern China. UK and US security experts believe the hackers are working with the tacit approval -- or possibly even direct support -- of authorities in China and are attempting to acquire Western technology in a massive hit and run raid on the world's intellectual property to aid their booming economic growth.
The attack on the House of Commons may be the most eye-catching attack from Chinese-based hackers, but is certainly not unique.
According to a spokesman for MessageLabs, the company responsible for filtering malicious e-mail from government networks, similar spy emails -- called `targeted Trojans' -- were noticed about 18 months ago.
"There were not very many, maybe one every two months, but now they are coming in at the rate of one to two a week," said Maksym Schipka, MessageLab's senior anti-virus researcher.
Last June, the UK government sent out a warning in which Roger Cummings, the head of NISCC, spoke about the threat of attacks from far eastern gangs on the UK critical national infrastructure (CNI) -- the key network of transport, energy, financial, telecommunication and government organizations. At the end of November, Cummings warned that targeted Trojans from foreign powers were a significant threat.
In mid-December, the British Cabinet Office -- which has overall responsibility for UK ministries -- joined in the chorus at a conference at Glamorgan University. Senior civil servant Harvey Mattison, the head of accreditation for the Cabinet Office's Central Sponsor of Information Assurance, the unit responsible for protecting communications between government departments, gave a keynote address on the threat from the far east. "We were given the impression it was coming from one ISP in Guangdong," said a delegate.