Authorities accused of tolerating crime as state firm's name used by 'phishers' Chinese authorities have been accused of tolerating electronic criminals who target German bank customers by sending them fake e-mails requesting their user names and passwords in impeccable German. State-owned mainland oil firm Sinopec is investigating the claims by a German IT expert, who said that some of the e-mails had Sinopec links, although they probably originated with a third party. The so-called 'phishing' attacks have been directed at customers of Dresdner Bank and Sparkasse Bank. Some clients have fallen for the scam and have had their entire accounts emptied in seconds after revealing confidential details. Rene Holzer, the manager of the Nutzwerk company that unearthed the phishing scam, accused Chinese authorities of tolerating electronic crime. 'Attacks on internet users in Germany and probably in the whole of western Europe are being conducted through state-controlled internet service providers and telecommunication companies in the People's Republic of China,' he said. 'State-controlled internet authorities are allowing criminal gangs to register anonymously thus adding to the wave of phishing attacks.' Mr Holzer said the Chinese phishing e-mails were perfect forgeries and a threat for less informed German online banking users. 'No bank would ever send such a request, but not many German users know that. That is why 'phishers' are having more and more success. It is becoming increasingly difficult to recognise and fight the senders of this so-called phishing as they are getting more and more professional. I do, however, have solid evidence that the mails are coming from China.' According to Mr Holzer, the traces lead back to Asia's largest oil refinery Sinopec, to Jinan Guangdian Broad Band Network Co and China Internet Network Information Centre of the Chinese Academy of Science. However, he stressed that the three institutions were probably being used as cover by other parties. He said the mails sent to Dresdner Bank clients had a fake login site, www.dresdner-bank.de , that actually led to another IP address for which the Asia Pacific Network Information Centre was responsible. Further research led to the maintainer, a handle called maint-chinanet-shaanxi, owned by a senior executive of Sinopec. The mails sent to Sparkasse clients had a link to an IP address owned by Jinan Guangdian Broad Band Network Co. 'The domain is maintained by something called China Internet Network Information Centre of the Chinese Academy of Science.' Sinopec denied it was a maintainer or owner of the former IP address. Its board security team deputy director Huang Wensheng said: 'It doesn't belong to Sinopec, nor is it owned by [the senior executive].' He said the company's IT department would conduct further investigations to find out which party created the false impression. The senior executive named by Mr Holzer works in IT with Sinopec. An engineer with Jinan Guangdian Broad Band Network said the IP address was previously owned by a client whose name she would only reveal to police. 'But currently the address is not used,' she said. She admitted that an e-mail account cited by Mr Holzer in the Sparkasse case was owned by the company. 'We assign internet resources to our clients after we receive monthly rent fees. We don't know what they do by using their e-mail system,' she said. Mr Holzer said Chinese authorities were making the criminal activities possible by tolerating spamming and phishing. 'Authorities are obviously not doing enough to end the criminal activities, which they only stimulate by tolerating them.' Additional reporting by Jane Cai