Five months after Malaysia Airlines flight 370 went missing, a report emerged on Wednesday saying that Chinese hackers have targeted Malaysian government departments involved in the search for the jet.
According to the Malaysian newspaper the Star, on March 9, Malaysian officials received a malware disguised as a news report claiming the MH370 had been found — a day after the flight disappeared from radar while en route from Kuala Lumpur to Beijing with 239 people on board. The newspaper cited Amirudin Abdul Wahab, chief executive of CyberSecurity Malaysia, a government agency under the Science, Technology and Innovation Ministry.
The newspaper said that a user clicked on a PDF document attached to the e-mail and released the malware unknowingly to about 30 computers belonging to high-ranking officials at agencies involved with the MH370 investigation. CyberSecurity Malaysia received reports from the administrators saying their network was congested with e-mails going out of their servers. Targeted agencies included Malaysia’s Civil Aviation Department, the National Security Council and Malaysia Airlines, most of them owned by the government, according to the Star.
“Those e-mail contained confidential data from the officials’ computers, including the minutes of meetings and classified documents. Some of these were related to the MH370 investigation,” Wahab said, according to the Star. “This was well-crafted malware that antivirus programs couldn’t detect. It was a very sophisticated attack.”
Wahab added that CyberSecurity Malaysia was able to block the transmissions of the data but that some information had already been sent from those hacked computers to an IP address that was tracked to China. Wahab said he suspects the motivation for the hacking was the MH370 investigation.
“At that time, there were some people accusing the Government of not releasing crucial information,” Wahab said, according to the Star. “But everything on the investigation had been disclosed.”
Flight MH370 went missing an hour after it took off from the Malaysian capital Kuala Lumpur in the early hours of March 8. Among the 227 passengers on board, 152 were Chinese citizens. The plane is believed to have crashed into the southern Indian Ocean after it left its route to Beijing and turned southwest, but massive searches have failed to find any wreckage or unearth clues about the plane’s whereabouts.
The news about the hacking came as Australian media reported Wednesday that Prime Minister Tony Abbott said the underwater hunt for MH370 has a “reasonable chance” of finding the missing jetliner. The search for MH370 has entered a new phase, with the Australian government selecting a Dutch consulting firm to conduct a deep-water operation that could take up to a year to complete, costing an estimated $48 million. Australian Deputy Prime Minister Warren Truss said at a news conference earlier this month that he “remain cautiously optimistic that we will locate the missing aircraft within the priority search area.”
Such a hacking attack isn’t technically difficult but requires preparation, said Dhillon Andrew Kannabhiran, chief executive of Kuala Lumpur-based “Hack In The Box,” which organizes IT security conferences, according to the South China Morning Post.
Kannabhiran said the timing of the attack, one day after the flight went missing, meant the attackers had the malware ready to use to infect the Malaysian government computers. Investigators could only trace the stolen documents to where they had been sent, but that might not provide definitive clues to who hacked into the computers since stolen data are often sent to “some other compromised machine belonging to an innocent victim not connected with the attacker,” Kannabhiran said.
Earlier this week, Community Health Systems, a major U.S. health-care provider that runs 206 hospitals in 29 states, reported that the records of 4.5 million patients who have seen doctors affiliated with the company in the past five years had been stolen and that the cyber attack originated in China. The FBI is investigating the data breach.