During his civil lawsuit against the People’s Republic of China, Brian Milburn says he never once saw one of the country’s lawyers. He read no court documents from China’s attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed.
That doesn’t mean Milburn’s adversary had no contact with him.
The cyber attack against Solid Oak provides a rare look at the clandestine methods in play as high-tech spies and digital combatants seek to gain a brass-knuckle advantage in the global economy, from trade disputes to big-dollar deals to lawsuits. U.S. officials say that China in particular uses its national security apparatus for such intrusions, targeting thousands of U.S. and European corporations and blurring the traditional lines of espionage.
Headquartered in a converted Victorian house, Milburn’s small company seems an unlikely candidate to become entangled in an international feud with China, except for one thing: it was a market leader in the U.S. for software that lets parents and schools block objectionable web content, like pornography and violence.
It looked like a routine message from Milburn, so DiPasquale clicked on the attachment, realizing only later that the e-mail address was a couple of letters off. Solid Oak employees received more bogus e-mails over the next few days, setting off alarm bells.
“This slow realization came that, ’wait a second, they’re coming after us now,’” says DiPasquale, who felt she could no longer trust her own computer. “It was very scary.”
No one from Zhengzhou Jinhui was available to address the CYBERsitter allegations, according to a person who answered the phone at the company.
Milburn constantly had to reboot servers, occasionally in the middle of the night. During work hours, it became hard for DiPasquale to get Milburn on the phone because he always seemed preoccupied fixing something. Tempers at work flared more often.
“He’s not the kind of person who would back down to someone because they threaten him,” Laura Milburn says. Even so, she adds, “I don’t think he had a clue what he was getting into.”
Even at the best of times, Solid Oak’s headquarters is a warren of server rooms and cluttered offices that, Milburn says, could sometimes resemble the inside of a well-maintained garage. In the summer of 2010, it reflected the disarray of a company in crisis, littered with the results of Solid Oak’s two on-going battles, one legal, one digital.
The tools Milburn found in his network were unique to the Comment group, according to Stewart. They included software designed to let the hackers send out stolen files and steal security credentials.