Hackers hit top internet provider, steal passwords
The mainland's biggest internet services provider, China Telecom, confirmed yesterday that one of its computer systems had been attacked by a group of hackers and some users' passwords stolen.
But the state-owned company denied that the attack had caused any serious damage.
On Sunday, hacker group SwaggSec released a statement claiming that it had obtained millions of user names with passwords for unspecified systems. The passwords were housed in a loosely guarded China Telecom database server.
To prove the claim, the group released a document that it said contained 900 administrator-level access codes to China Telecom's internal network.
A company spokesman said yesterday that it assessed the damage after the attack, and the hackers' claims were hugely exaggerated.
'The server they attacked was not part of our core system and the data they stole had little value,' he said. 'Hacking attempts similar to this one happen almost daily and China Telecom is prepared for such an incident.
'Our clients have no need to worry. Their interests have not been compromised.'
SwaggSec, which first gained notoriety by hacking electronics manufacturer Foxconn earlier this year, said it breached the server by using several rounds of distributed denial of service attacks - a common hacking technique that involves employing a large number of zombie computers to cripple a server.
The ease with which they gained access gave credence to the general impression overseas that China was one of the countries most vulnerable to a cyber attack, the group said.
'At any moment, we could have and still could destroy their communications infrastructure, leaving millions without communication,' it said.
But the file containing the user names and passwords provided by the group seemed to be corrupt and could not be opened. No China Telecom website said to be accessible with the leaked passwords could be opened yesterday.
Tang Wei, a senior network-safety expert with Rising, one of the biggest firewall-software makers on the mainland, said it was unlikely that a core internet-services provider such as China Telecom could be breached deeply or even controlled by a group of hackers.
'The method they used seems quite common and I don't think they had a chance to achieve as much as they claimed,' Tang said. 'They might have controlled the specific server that they had breached, but I doubt they could ever lay a finger on China's core network.'
But he agreed with the hackers that the mainland's internet was very vulnerable, because many business owners and government officials had little awareness of the need to defend themselves against cyber attacks and also lacked the skills to do so.
'Some very popular dating websites transfer their users' personal information without any encryption,' Tang said. 'You don't even need to be a good hacker to get their accounts.'