About 16 months ago, a Florida-based biofuel company called Algenol noticed that its Internet service was slowing down. In checking that out, Jack Voth, Algenol’s information technology chief, stumbled on something odd: a telnet connection to its videoconference camera from an Internet Protocol address in China, a country where Algenol has never sought to do business.
That was only the beginning. Ever since, Algenol has been on high alert for what Voth describes as “nefarious activity;” the company estimates that hackers have attempted to break into its computers 39 million times in four months this year, triple the level of a year earlier.
The most serious of these were more than 63,000 attempts that came directly from China, including 6,653 attempts over 15 months from IP addresses and servers that Algenol says are the same as the Peoples’ Liberation Army addresses identified in a public report by Mandiant, a leading computer security firm.
Another Internet trail led Algenol to Aliyun Computing, the cloud computing subsidiary of Alibaba, one of the most powerful online commerce and retail giants in China. Interest in the company is running high because it is set to launch what may turn out to be the largest initial stock offering in U.S. history. Alibaba says Algenol mischaracterized ordinary Internet traffic as attacks.
What makes a small company in Florida so interesting to cyberspies? Algae.
It’s not usually the stuff of trade secrets, but Algenol, a company with about 125 employees, is developing technology that converts algae biomass into transportation fuels, including biodiesel and gasoline — all while consuming the greenhouse gas carbon dioxide rather than producing it. Algenol’s work would interest anyone who wants to curb climate change. As the Chinese government tries to limit the hazardous pollution that has upset its citizens, it has set out to increase biofuel production tenfold.
That might be enough incentive for Chinese cyberspies.
“This is not at all unusual. China has made the decision to focus on alternative energy as a topic of industrial espionage,” said James Andrew Lewis, a cybersecurity expert at the Center for Strategic and International Studies. He said the Chinese government and state-owned enterprises have targeted trade secrets for soap, house paint and wooden furniture. “It doesn’t have to be about national security,” Lewis said.
Algenol isn’t alone in its battle against Chinese computer attacks. In May, the Justice Department indicted five members of the Chinese military on charges of hacking into computers and stealing trade secrets from leading steel, nuclear-power and solar-power firms. China denied the charges. Foreign Ministry spokesman Qin Gang said in a statement that they were “purely ungrounded and absurd,” adding that the United States had “fabricated facts” in the indictment.
Algenol chief executive Paul Woods says little has changed following the indictments and expressed frustration about the rising tide of attacks. Hacking attacks come from many countries, he says, but most are efforts to steal credit-card information. Chinese hackers, by contrast, tend to target trade secrets and unique technology.
“What are you going to do? Sue them in a Chinese court? You have no recourse,” said Woods, adding that the Justice Department indictments would not touch the alleged culprits or change behavior and were “a joke.”
Algenol, which hasn’t built a large-scale plant, has spent hundreds of thousands of dollars on technology to protect its computers, but the volume of attacks — not only from China, but also from the United States, Germany, Russia and Taiwan — has made it impossible to track all the sources and log complaints with them.
Just sorting out the connection between the attacks and Alibaba quickly turned Byzantine.
Alibaba rejected Algenol’s characterization of the attacks. Even so, the company — after learning about Algenol’s complaint through The Washington Post — took action to shut down traffic from one server that had been hijacked by unknown users to break into other computer systems.
Algenol executives said they weren’t accusing Alibaba itself of trying to pilfer its technology, but both companies said that stopping such behavior was part of Alibaba’s responsibility.
Algenol’s real expertise isn’t its computer technology. It lies in a field in Fort Myers, Fla., where the company is letting thousands of plastic bags of algae bake in the sun. The company pumps carbon dioxide and some brackish water into the bags and produces four transportation fuels — ethanol, gasoline, diesel and jet fuel. Woods says it can do this for about $1.27 a gallon thanks to proprietary techniques.
The process works in two steps, first producing ethanol from the algae and then converting the spent algae biomass into biodiesel, gasoline and jet fuel. It resembles an idea Woods dabbled in as a biology student at the University of Western Ontario.
The Canadian-born Woods, who retired to Florida after making a fortune in the natural gas distribution business, and a Mexican businessman initially invested $70 million in the venture a few years ago after the price of oil surged past $50 a barrel. In 2009, the Energy Department tapped money under the economic stimulus program and gave Algenol a $25 million grant. India’s Reliance Industries later invested more.
The process has also drawn intense interest from both environmentalists and businesses worried about limiting greenhouse gases. Algae absorbs carbon dioxide instead of emitting it, and Algenol says it can convert more than 85 percent of the carbon dioxide it uses in the process into fuel.
China has made the search for commercial biofuels a priority.
“With rapid economic development, energy consumption in China has tripled in the past 20 years,” wrote a group of six Chinese biochemical engineers, four of whom work at the Institute of Process Engineering at the Chinese Academy of Sciences.
“The search for new green energy as substitutes for nonrenewable energy resources has become an urgent task,” they wrote in an overview of existing literature in the October 2011 issue of Applied Energy, a publication of the Dutch giant Elseviers.
Internet security experts say that some Chinese individuals or entities are trying to take a short cut to acquiring biofuel technology, including converting algae to fuel.
In tracing the source of the attacks on Algenol, Voth has looked to a public report by Mandiant, a reputable Alexandria-based Internet security firm. The firm traced “advanced persistent threats” to a cyber-espionage unit of the People’s Liberation Army — the second bureau of the general staff’s third department. Voth said the IP addresses and servers he tracked were the same as the ones in the Mandiant report.
Jen Weedon, manager of threat intelligence at FireEye, which acquired Mandiant in December, said FireEye had identified 25 Chinese groups engaged in cyber-espionage.
“We’ve seen six of those 25 pursue companies involved in biofuels,” she said, all of them tied to intelligence agencies, the military, other parts of the government or government contractors. “The biofuels industry fits squarely in what they call strategic emerging industries.”
Algenol’s battle shows the difficulty that ordinary companies have keeping information safe or even identifying their attackers.
Algenol executives did not know that Aliyun was the cloud computing part of Alibaba, and they never tried to make contact. (Yun is the Chinese character for cloud.) Instead, Algenol focused its efforts on fending off rather than reaching out. Voth said people at one Aliyun IP address had “tried systematically over the last 10 months to get in,” attempting about 135 times in a “very clever” way to avoid setting off Algenol’s security system.
That doesn’t necessarily mean that Aliyun or its parent Alibaba was launching the attacks. Part of Aliyun’s business is to rent server space to customers and help them store information in the cloud. On the eve of their historic stock offering, executives at Alibaba attempted to get to the root of Algenol’s complaints.
After inquiries from The Post, Algenol shared information about the hacking attacks with Alibaba. Woods said Algenol gave Alibaba 232 IP addresses that accounted for 16,670 hacking attempts.
That set off three weeks of talks. Some phone calls included Alibaba’s general counsel in Hong Kong, a senior U.S. public relations manager and technology experts in China, according to James R. Wilkinson, head of international corporate affairs for Alibaba.
Alibaba initially told Algenol that it had blocked access from its server to Algenol and that the company would “continue to investigate who hijacked their computers, and inform local police with any evidence,” Woods said in an e-mail. “That’s the part that worries me, because I think local Chinese police are going to do NOTHING to protect Algenol.”
Alibaba then sent an e-mail asking for more information — but its note was trapped in Algenol’s spam filters, Wilkinson said after talking to Voth. After the phone call, Voth said he provided a list of 2,000 alleged attacks over the previous 30 days, which is as long as Algenol archives the log of information from its server.
Woods said in his e-mail that he did not want to get into “a game of whack-a-mole here, with us constantly being attacked by new servers of theirs.”
In the end, Alibaba said in a statement that it had conducted “a record-by-record analysis of every log and piece of data Algenol provided. We have provided Algenol numerous specific instances where the data they provided us was mischaracterized by their systems, and Algenol provided us no direct evidence of hacking against their systems.”
Alibaba said that two former Algenol employees had signed up for an Alibaba marketing e-mail. Once they left Algenol and the marketing e-mails bounced back, Alibaba said that its own security system checked on the accounts and that Algenol mistook those inquiries as attacks.
The company said, however, that it “did discover that a single customer’s virtualized server had been compromised and that there was evidence that the server had been used as a botnet host to scan for other vulnerable hosts on the Internet.” A botnet is a network of malicious software planted on the computers of unwitting hosts and used to send out spam e-mail messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud.
Alibaba said it “immediately moved to shut down this virtualized server per our service agreement with the user.”
“Security of our cloud services is the number one priority of Aliyun, and we strongly condemn the use of the Internet to attack or otherwise access without permission personal or corporate computers anywhere in the world,” Alibaba said in its statement.
Voth, however, is not convinced. He disputed Alibaba’s explanation about the marketing e-mails to employees who left Algenol four years ago, and said that to mistake an Alibaba security response for an attack would mean that there was a flaw with the widely used firewall language called Snort, which is updated constantly.
“If you got 10 security guys in a room and asked them to give their opinion on an attack, you’d get 10 different opinions,” Voth said. “We have our opinions, they have theirs.”
Alibaba lamented that Algenol didn’t report suspicious incidents to Alibaba earlier. But Voth said that just wasn’t practical. He said that since Jan. 1, each of 539 IP addresses has attacked Algenol computers 5,000 times or more.
Indeed, Algenol faces an endless wave of other attacks. In two months, it fended off 33 attempts from five IP addresses in North Korea, Voth said.
The largest numbers of hacking probes came from the United States, China, Taiwan and Russia, he added. The single IP address that has attacked Algenol the most is a German address; the top Chinese IP address attacking Algenol ranked 10th.
It’s common that these attacks come through cloud computing services. A quarterly threat assessment by the private Internet security firm Solutionary said that the United States hosts 44 percent of all malware. It said that “the cloud has become a preferred mode for attackers” and that “use of major hosting provides, such as Amazon or Google, allows malware distributors to originate traffic from trusted address spaces that . . . would not likely draw suspicion based on IP address alone.”
Algenol once hosted a visit by a group of Chinese researchers from leading universities in China. Algenol insisted that they couldn’t bring phones, recording devices or cameras. But it is harder to set such limits over the Internet.
Voth said the fight to protect Algenol’s computer system would be a long one. “A rule of thumb is that you have security by obscurity,” Voth said. “We’d rather have a low profile. But clearly the bad guys have our addresses.”
Woods said that Alibaba was “taking immediate steps to stop this, and this is a great benefit if it lasts. Unfortunately for us, many other Chinese and other computers are attempting to hack us, so Aliyun is not our only issue, not by a long shot.”