The number of computer attacks from China - some of which use Chinese government websites to download malicious
code - has risen sharply in recent months, say private cybersecurity specialists.
They say a rise in Chinese activity led Jonathan Evans, director-general of MI5, Britain's security service, to write to the heads of British companies and banks, warning that sensitive
commercial data could be at risk from hacking by Chinese state agencies.
Private security specialists have noted a sharp rise in attacks from China that infect computers with so-called trojans to collect data from users. This information is fed back into sites, also based in China, which then refine
Yuval Ben-Itzhak, chief technology officer for Finjan, a web security group with headquarters in San Jose, California, says his company is in the middle of a study into new hacking techniques that has found "a centralised group of activity based from China". "In the last three months, the attacks [from China] have almost tripled," he said.
The attacks use infected websites that download Trojans
and then install them on users' computers. These then feed data to other websites, which monitor the attack and can refine it to secure desired information. Some use new and sophisticated techniques, including malware for which there is no security patch.
Yang Jiechi, China's foreign minister, denied
his government supported computer hackers targeting UK companies. He said hacking was prohibited by Chinese law and that government websites also suffered attacks from hackers.
Private experts say they cannot tell whether hackers are government-sponsored or not, though they assume
UK intelligence services have access to other sources that allowed Mr Evans to be explicit in his reference to espionage by Chinese state agencies.
Security specialists say Chinese intelligence-gathering officially is carried out either by the third department of the general staff of the People's Liberation Army or by the Ministry of State Security.
Private security experts said Mr Evans's letters were prompted in part by a surge
in more targeted attacks at UK enterprises. The letters followed briefings earlier this month to cyber-security experts at Britain's Centre of the Protection of National Infrastructure, which Mr Evans oversees. The letters have also been sent to law and accountancy firms linked to banks.
Martin Jordan, principal IT adviser at KPMG, said hackers seeking commercial information often targeted
third parties with more lax security. So while a bank working on an acquisition, for example, could have sophisticated
cyber-defences, the computers of a law firm with which it shared this sensitive information might well be easier to infiltrate.
He said many business people used websites such as Facebook, where they disclosed home e-mail accounts and other potentially useful data to hackers seeking commercial information.