Johnathan Quest, spokesman for the Federal Bureau of
Inquiry, told a news conference today that a team of investigators from the
FBI, ECS-CERT and Dragonfire, a commercial cybersecurity firm, executed a
search warrant at the headquarters of China Water Treatment, a US subsidiary of
Tianjin Chemical here in New Orleans. Quest told reporters that three Chinese
nationals were detained, and a large number of records and computer hardware
were removed from the building.
While Quest was unwilling to discuss the case to which this raid
was related, an investigator from ECS-CERT who spoke on condition of anonymity reported
that seizures were related to the attack on Blew Bayou Chemical Christmas Week
that sent three firefighters to the hospital and caused major damage to the monomer
production area of the facility.
An email sent last week from Dragonfire to ECS-CERT reported
that company investigations turned up evidence of Chinese involvement in the
cyberattack on the facility. Unconfirmed reports this weekend seemed to
indicate that Dragonfire had found evidence that the command-and-control server
for the attack was located in Louisiana not in China.
Immanuel C. Securitage, spokesman for ECS-CERT, confirmed at
today’s press conference that there had been some indications in the attack
software that it had been generated by a known Chinese APT group, HuaxueGang.
There were not, Securitage reported, any indications that that group was
actually involved in the use of that malware in this case. All communications
indicators pointed to IP and physical addresses here in the United States.
Eaton Kaghun, a plant manager for Blew Bayou Chemical told
reporters outside of today’s news conference that Tianjin Chemical was the
competitor of Blew Bayou in Asia and was trying to break into the tight US
monomer market via their China Water Treatment subsidiary.
An unidentified spokesperson from the Chinese Consulate in
New Orleans reported that the Chinese government was cooperating fully with
investigators from ECS-CERT. “We do not in anyway condone attacks on industrial
control systems that could have physical impacts on the health and safety of
anyone in the US chemical industry.”
A well-known Chinese dissident in Hong Kong, Zhēnzhū Jiàng Yā, reportedly told Dragonfire that in
the current international situation, China did not want anyone in the current
administration to blame them for a cyber-physical attack on a US company
facility. That dissident also reported that it appeared that the President of Tianjin
Chemical was being questioned by police in Beijing.
CAUTIONARY NOTE: This is a future news story –
No comments:
Post a Comment