Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Defense Contractors and Universities Targeted In Cyberattacks

Unknown Lamer posted more than 2 years ago | from the retaliation-for-stuxnet dept.

China 79

Trailrunner7 writes, quoting Threatpost: "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors. The attacks are using highly customized malicious files to entice targeted users into opening them and starting the compromise. The attack campaign is using a series of hacked servers as command-and-control points and researchers say that the tactics and tools used by the attackers indicates that they may be located in China. The first evidence of the campaign was an attack on Digitalbond, a company that provides security services for ICS systems. ... In addition to the attack on Digitalbond, researchers have found that the campaign also has hit users at Carnegie Mellon University, Purdue University and the University of Rhode Island."

cancel ×

79 comments

Sorry! There are no comments related to the filter you selected.

Anonymous (0)

fluffythedestroyer (2586259) | more than 2 years ago | (#40311167)

It's probably anonymous disguising themselves as a Chinese attack. hihi

Re:Anonymous (1)

fluffythedestroyer (2586259) | more than 2 years ago | (#40321453)

That was meant to be funny you idiot

This is news? (4, Insightful)

Anonymous Coward | more than 2 years ago | (#40311369)

This is absolutely nothing new

Re:This is news? (0)

Anonymous Coward | more than 2 years ago | (#40311657)

Worse than that, it's FUD. "Highly customized malicious files! Used as bricks by Chinese hackers treating the web like a Video Game!"
*cut to unrelated image of an exploding outhouse*

Re:This is news? (4, Interesting)

s.petry (762400) | more than 2 years ago | (#40311967)

That is correct. 5 years ago I worked at a Defense contractor and we had a carefully crafted spear phishing attack. The hackers learned that Company "doe" did the support for IT for most of their IT. The group created a "doesupport.com" domain, and stole company logos from "doe.com". A fake site was crafted, and honestly looked pretty legit. They even had someone that knew English do the wording. The problem was, with all that work they had a username and password dialogue box on the site, and our users were warned about this type of attack every day. We had 1 user out of about 6800 log in to the site, and more than 2800 tickets from users reporting the suspected site.

The site was in the US, but traced it's roots to China. Interesting how fast this gets found out when Government is involved.

Obviously "doe" is a fictional name to protect both the contractor and support people.

Defense contractor and phishing attack .. (2)

dgharmon (2564621) | more than 2 years ago | (#40315051)

"5 years ago I worked at a Defense contractor and we had a carefully crafted spear phishing attack .. A fake site was crafted"

A Defense contractor that can be compromised by a click-and-download-this-executable hack shouldn't be in the defense industry.

RSA / Lockmart (0)

Anonymous Coward | more than 2 years ago | (#40321103)

I think somone (from asia ?) recently did exactly this to RSA Security, whose key generators were used by Lockheed-Martin to secure their F22 R&D information. The supposed asians thereby got a shortcut on their own stealth R&D efforts.

Re:Defense contractor and phishing attack .. (1)

s.petry (762400) | more than 2 years ago | (#40323845)

I'm not sure you understand the complex nature of these attacks. These are not simply fire and forget executable files, like you see in your email constantly from script kiddies. There are few, if any, executable files involved initially. They are more after usernames, passwords, and network information. From their, they can launch more sophisticated attacks trying to gain access to network components, etc... and do more targeted phishing and attempt to send files.

When files are sent, these again are not the same as what you see in your email "Watch 2 hawt babes in action here". Names come specific to projects and programs, and are not simply asp hacks or pr0n.pdf.exe files.

As mentioned above, good security can mitigate those types of attacks. It takes much more than a few programs on the Windows PC's to accomplish.

Re:This is news? (1)

FhnuZoag (875558) | more than 2 years ago | (#40320827)

My suspicion is that this is basically observation bias in action. Every public system on the internet in every country is subject to a constant barrage of low level email driven malware, these days. We only hear the reports of the universities, IT security companies, and government services, because these are the only folks with enough security consciousness and enough to lose to notice it, and who are worth writing news articles about. This doesn't mean a particular attack is targetted, or trying to accomplish a particular goal.

The allegation that the particular attack is 'highly customised' doesn't really stack up. The attack vector here on a company called Digitalbond is a file called

Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe

Googling reveals

http://ciip.wordpress.com/2009/07/27/leveraging-ethernet-card-vulnerabilities-in-field-devices-white-paper/ [wordpress.com]

In short, the attack file takes the same name as one of the company's own publications.

So really, the use of this filename does not indicate any particular understanding of what Digitalbond does, much less any real interest in it. It's absolutely trivial to construct such attack files algorithmically by crawling target domain name webpages, and is a common and class spam/malware method. There's nothing interesting here.

China (1)

benjfowler (239527) | more than 2 years ago | (#40311449)

"Peaceful rise", my foot.

Re:China (0, Flamebait)

C_amiga_fan (1960858) | more than 2 years ago | (#40311615)

How many Americans have been killed by Chinese?
How many Iranians have been killed by Americans?
Which is more peaceful?

Re:China (0)

Anonymous Coward | more than 2 years ago | (#40311655)

How many Americans have been killed by Chinese?

See Korean War history.

Hint: it wasn't just the US against the North Koreans.

Re:China (2)

s.petry (762400) | more than 2 years ago | (#40311711)

You forgot to mention Vietnam in that. Estimates put the Chinese casualties at far greater numbers than North Vietnamese troops.

Re:China (4, Informative)

C_amiga_fan (1960858) | more than 2 years ago | (#40311963)

Not really the same government.

The China of the 50s and 60s was hardline communist (and killed ~60 million of their own people). Since that time China has experienced the Tienamen Square uprising & moved towards European-style socialism (free market capitalism + government safety nets). No longer following the same policies as the 50s/60s-era government.

Besides: It is not to their advantage to start killing their customers.

Re:China (4, Interesting)

s.petry (762400) | more than 2 years ago | (#40312143)

You are making a massive leap in logic. If we opened a war with North Korea for example, I think you would find that even if it did not do so openly, China would be sending in lots of troops. The regime is not the only difference between now and the Vietnam/NK war times. There is also no open war in the area, which makes probably more difference than who is currently in power.

Re:China (0)

Anonymous Coward | more than 2 years ago | (#40312395)

I think you would find

I'm sure you think so, yes, but that has very little to do with actual reality.

Re:China (4, Interesting)

s.petry (762400) | more than 2 years ago | (#40312663)

Since we have such a closed government now, and many other countries are following the same exact tight lipped policies let me ask a few questions.

Syria, how many foreigners are involved? We simply don't know, and obviously we won't know. I think we both know that the US, China, and Russia are all involved right? Just how much and who becomes the question. Is Russia simply supplying arms? Or are they also manning gunships in "Police" action? (Just like the US does mind you)

How many Iranians are involved in the constant fights still going on in Iraq and Afghanistan? Pakistanis? Again, we don't know.

These are small conflicts at this point, the US made sure that the actual war was over very quickly. If this was a longer war, would more troops from more countries be involved? Historically the answer is a resounding "FUCK YEAH!"

The more open the conflict, the more apt there will be for people to send in soldiers. It's a simple game in politics that is universally played. Everyone want's their interests interjected on the other side. If that was not true, why would we have wars in the first place?

Re:China (0)

Anonymous Coward | more than 2 years ago | (#40321921)

Not really the same government.

You're referring to the US, right? About how we're not really the same government as of 50, 40, even 5 years ago, right? You know, since we vote in and out politicians...

No? You actually meant China? How strange. It's almost as if you have a blind spot when it comes to comparing different countries, a sort of.. dissonant consciousness as it were...

Re:China (1)

benjfowler (239527) | more than 2 years ago | (#40311799)

By all means try and justify Chinese exceptionalism. Just don't expect people to like you (personally or collectively) very much.

America has lots of friends. On the other hand, China has North Korea, Pakistan and a bunch of shitty African dictatorships only. If people are judged by the company they keep, then China is utterly, royally fucked.

Re:China (2)

C_amiga_fan (1960858) | more than 2 years ago | (#40312031)

Are you saying Pakistan is a "bad friend" and proof of China's shittiness? Well WE are friends with Pakistan. What's that say about us?

Americans have killed more people in the last decade than any other country. 300,000 dead and about 2 million casualties with permanent disabilities (blown off arms, jaws, legs). What does THAT say about us? Speaking strictly as an observer I'd say China, the EU, even Russia look better.

Re:China (2)

sheph (955019) | more than 2 years ago | (#40312213)

They are supposedly an ally in the war on terror. But if you pay attention you'll find that they are not exactly our friends. They have been very difficult in allowing us to pursue terrorists that like to hop between their border and Afghanistan. They say they are our friends, but everytime we need something from them they throw obsticles in our way. Did you happen to see what happened to the doctor from there that helped us track down BinLaden? They expediciously put him in jail on charges of treason. Not exactly an indication of friendship. Additionally, they have blocked our supply routes and are charging us $5k per truck to let supplies through, or forcing us to circumnavigate their country. No Pakistan is not our friend.

Re:China (1)

FhnuZoag (875558) | more than 2 years ago | (#40320845)

If you paid attention to the news, the doctor was charged with treason for providing medical assistance to radical islamists.

Re:China (1)

benjfowler (239527) | more than 2 years ago | (#40315253)

We have a saying here: if you lie down with dogs, you get up with fleas.

Maybe the Pakistanis will start shit on China's western flank, and they'll start sending in waves upon waves of the world's most vicious and bloodthirsty terrorists to start shit, like they've done in Kashmir. Maybe China needs a few thousand more involuntary organ donors.

Totally happy for China to learn that lesson the hard way. Let's see how that 'all weather friendship works out', once the super-Muslims of Pakistan work out that the Chinese are even bigger godless kuffars than the hated white man.

So much for that vaunted ancient Chinese wisdom, huh?

Re:China (1)

shentino (1139071) | more than 2 years ago | (#40312381)

How many people were killed per capita by the chinese?
By the chinese government?

ditto for america and iran.

Re:China (1)

Weatherlawyer (2596357) | more than 2 years ago | (#40314495)

How many people were killed per capita by the Chinese? By the Chinese government?

ditto for America and Iran.

You are wrong.

When the USA wiped out places like Mai Lai and poisoned the whole of central Vietnam and all the Cambodian border it was for their own good.

Everyone knows that.

When the Chinese commit the sort of thing the Israel USA pact does in Palestine and everywhere, it is just the work of gangsters.

Re:China (0)

Anonymous Coward | more than 2 years ago | (#40317727)

Wow, you'll genuinely believe anything you read, huh?

Re:China (1)

DigiShaman (671371) | more than 2 years ago | (#40312551)

How many Chinese have been killed by the Chinese? Who is their own worst enemy?

Re:China (1)

BlackSnake112 (912158) | more than 2 years ago | (#40313995)

How many Chinese people come to the US as students and do not want to go back?

Odd thing is out of the Chinese students that I know about 99% of the women want to stay. It is a little over 50% for the men. Small sample about 140 (90 men 50 women) people but still odd to me.

Re:China (1)

Anonymous Coward | more than 2 years ago | (#40313331)

The unofficial estimate for Tibet is about half a million deaths. But since no visitors are allowed in, I guess you can easily claim that's a lie. The difference I see is that the US publicly faces the suffering it has caused, and its people are forced to consider their country's actions. While China, with its government restricting the movement of even its own citizens, and disallowing any reporting contrary to their narrative, has perpetuated a society without a sense of introspection. What this tells me is that there is still hope for the US, because there are still people there with eyes open, with courage and morality inside them, while China, with its eyes held shut, will drift ever deeper into self-delusion.

Re:China (3, Insightful)

MrLizard (95131) | more than 2 years ago | (#40313515)

How many Chinese have been killed by other Chinese? (Google "Great Leap Forward" and "Cultural Revolution")

(Of course, you can point out that Americans kill Americans in mass numbers -- the Civil War,and, of course, the entire process of claiming the continent from the natives.. but then you can also compare Chinese civil wars and various ethnic clashes at those points in history, as well. Pick a century, and line 'em up, and see who is more brutal. (Answer: Probably no one to any meaningful degree, because we're all human, and thus, we all pretty much behave the same way over a span of time. You can always cherry-pick a decade or two where one culture was unusually peaceful, or pick a small or isolated subculture, but the longer you stretch the timescale or widen the definition of 'culture', the more it becomes obvious that we're not a peaceful species.))

Re:China (1)

readin (838620) | more than 2 years ago | (#40314999)

How many Americans have been killed by Chinese?

About the same as the number of Americans killed by the Japanese in 1940.
Or the number of Jews killed by the Germans in 1935.
Or the number of Chinese killed by the Japanese in 1930.

A belief in racial superiority.
A belief that their finally taking their rightful place as a world power.
A resentful belief that the race had been held down due to malevolent forces (Jews, Colonialism).
A stated aim to "unify" with others of the same race (whether those others want to unify or not).

All they need now is a belief that their potential enemies have grown "soft" and weak.


oh wait...

Re:China (1)

FhnuZoag (875558) | more than 2 years ago | (#40320855)

The western right wing has the exact same beliefs.

Re:China (1)

readin (838620) | more than 2 years ago | (#40321129)

There are a few fringe groups in the west with the belief in racial superiorty. However they don't have the other beliefs.
What is the western equivalent of Wang Leehom's "Descendants of the Dragon"? - a hit song by a famous singer celebrating a particular race? What is the western equivalent of China's desire to annex Taiwan - by blood and death if necessary?

Re:China (0)

Anonymous Coward | more than 2 years ago | (#40322593)

"What is the western equivalent of Wang Leehom's "Descendants of the Dragon"? - a hit song by a famous singer celebrating a particular race?"

Homefront? Red Dawn? Call of Duty: Modern Warfare? All of Fox News?

"What is the western equivalent of China's desire to annex Taiwan - by blood and death if necessary?"

Iraq? Afghanistan?

And no, China has no desire to annex Taiwan. China has a desire to preserve the status quo and prevent Taiwan's independence. There's a subtle distinction here.

Re:China (1)

FhnuZoag (875558) | more than 2 years ago | (#40323253)

1. A belief in racial superiority.

Numerous studies have shown a sizeable minority to potentially a majority of the US Right is categorically racist. It's completely mainstream to hold that the US is superior to the arab, and to the african. Notice the prevalence of the 'they are outbreeding us' argument, which outlines clearly the racial eugenics tinge to that whole belief.

Moreover, race isn't the only thing that creates aggressive jingoistic nationalism. Religion is pretty good too.

2. A belief that their finally taking their rightful place as a world power.

Okay, the US does not have this problem, because they *already are the pre-eminent world power*. But move forward and if this becomes at threat, what's going to be case?

3. A resentful belief that the race had been held down due to malevolent forces (Jews, Colonialism).

Insert socialism/Chinese/Islam/Russia/secularism here.

4. A stated aim to "unify" with others of the same race (whether those others want to unify or not).

That's the Eurabia belief in a nutshell. The US has this obssessive self image of itself as the 'leader of the west', and more broadly the leader of democracy as a whole, and the consistent tone in US foreign policy is the appeal to the western world to unite - by which is meant, submit to US leadership against often their own better judgement. Look at things like the Polish missile defense system, which the US sells as 'for Polish defense' despite the fact that the Polish population doesn't want it, and the continual arm twisting behind making European countries 'cooperate' with their counter-terror intel gathering.

Countries across Europe, and generally across the world consistently consider the US to be the greatest threat to world peace, and see the US presumption to represent them and act in their supposed interest as both patronising and dishonest.

In contrast to the Chinese, the US possesses a bloated, and battle tested military that has a history of overthrowing foreign governments with little provocation. Imagine if China employed the rationale behind the Iraq invasion to Taiwan? Would it be truly acceptable to anyone? Compare the soft power moves China has employed with Taiwan, with the push to war with Iran. In the mind of the world, it's fairly likely that the US will invade at least one country (Iran? Syria? North Korea?) in next ten years, and that there's a substantial likelihood that a more militarist president might take power and favour a more aggressive application of US military superiority to acquire resource security. China, by most assessments, has at least stabilised its relationship with Taiwan for the time being (Taiwanese internal assessments generally hold there is little likelihood of an invasion), and any future conflict is probably likely limited, unless the US escalates.

why not Iran? (0)

Anonymous Coward | more than 2 years ago | (#40311487)

Why is every "cyber attack" from supposedly from China? Maybe some country we've been "cyber attacking" like Iran is just trying to fight back?

it's time to start subsidizing chip makers (1)

Anonymous Coward | more than 2 years ago | (#40311603)

... if we aren't making our chips here, how can we ever expect to be able to secure our milatary secerets? I hate how goverment subsidies to an industry are pretty much impossible to repeal after they are created, but national security should genereally take front stage.

Re:it's time to start subsidizing chip makers (1)

BlackSnake112 (912158) | more than 2 years ago | (#40314045)

IBM.

If IBM had been allowed to make CPUs for desktops/laptops there would never had been Intel. Well Intel would have been a lot smaller due to IBM ruling the market.

I am guessing that if the shit does hit the fan, IBM may be allowed to do something. At least for government systems.

Re:it's time to start subsidizing chip makers (0)

Anonymous Coward | more than 2 years ago | (#40316665)

IBM has sold off all of its pc/laptop divisions to Singapore Lenovo. Not sure where they manufacture their mainframe hardware, but its most likely not in the us. Most of IBM's business nowdays is offshoring jobs.

Intel still produces a large portion of their chips in the us. But I dont think they manufacture motherboards here anymore.

But the motherboard and all support chips would have to be made in the us, video cards, storage, etc would have to be made here too to prevent possible backdoors being built into subassemblies.

Simply dont think we have the infrastructure anymore

Re:it's time to start subsidizing chip makers (0)

Anonymous Coward | more than 2 years ago | (#40318237)

IBM Semiconductor. Think ASICs, not COTS cpus. Most of your ASIC CPUs are ARM cores.

Lenovo is Chinese (0)

Anonymous Coward | more than 2 years ago | (#40323547)

just saying

Triple Yawn (0)

Anonymous Coward | more than 2 years ago | (#40311605)

The weakest link in security is trust.
Get rid of any external consultant and hire the proper people to do the job.

PS: CAs suck ass

Cyberweapon Proliferation (4, Insightful)

Anonymous Coward | more than 2 years ago | (#40311641)

When we start using cyberweapons against people without constraint and then post a whole bunch of articles about how cost effective it is, other nations see that as a reason enough to use them against us. Most states cant afford enough money to build $35 million dollar fighter jets or spy satilites, but can slip some script kiddies a few bucks to send out some spam with exploits in it.

Biggest Change (5, Interesting)

Papa Legba (192550) | more than 2 years ago | (#40311693)

This is low level Cyber warfare and its starting to ramp up. this is like the introduction of planes in WWI. At first they waived at each other on their scouting mission. then someone brought a pistol, then a rifle. Then it was gunners and machineguns until we get the Red Baron and Fighter Aces. Next thing we know its jet Propulsions and heat Seakers, Stealth fighters launching! Make no mistake, Stuxnet was the First pistol at 1000 feet, what comes next no one can guess.

what is obvious is that Information Assutrance is no longer a support service, somewhere behind tech support and first to be cut, IA is now a front line warfighter task. Lets just hope the bean countes realize in time!

Re:Biggest Change (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40311749)

Sure we can guess, because it's just the same goddamn hacking methods. The only new thing that'll obviously change is the quality and complexity of the malicious software - like more intelligent worms/trojans/botnets/whatever. Stuxnet wasn't the first pistol, it was the first heat-seeker.

Re:Biggest Change (2, Interesting)

Anonymous Coward | more than 2 years ago | (#40312287)

For some time, Chinese hacking has been the "landwar in Asia" tactic. Lots and lots of units in the field. When you have 30,000 longbowmen, it really doesn't matter how good their aim is, as long as they can fire quickly and in roughly the right direction a lot of people are going to be hit by arrows. Much of their hacking has been the same, sacrifice accuracy for quantity and get results.

The USA has (for quite some time now) preferred the "sniper" model. Small groups, low profile, and then someone falls over dead in the middle of inspecting the troops. The irony of that with Flame and Stuxnet is how big of an infection vector was still small enough to avoid notice. For those of us who used CPUs without a trademark as part of the name, it looks a lot like being able to drive an Abrams through hostile territory just by pulling up behind a caravan and not shooting anyone for a while. (I wonder if that would work, how many supply lines would assume "if it was hostile, it would've stopped us by now. Must be a capture.")

Re:Biggest Change (2)

plover (150551) | more than 2 years ago | (#40315837)

Stuxnet wasn't a virus designed to spread until it found Natanz and then attack it. That would have been noticed much earlier. Stuxnet was deployed inside the air-gapped systems of Natanz, and was only detected after it escaped containment and began to spread.

That's the sniper using a ghillie suit and flash suppression, hiding in a marsh. Sounds like the USA's m.o.

Re:Biggest Change (1)

Weatherlawyer (2596357) | more than 2 years ago | (#40314687)

Ours are better than theirs. We know this because we have been using them on us far longer.

Re:Biggest Change (1)

Beardo the Bearded (321478) | more than 2 years ago | (#40311821)

Make no mistake, Stuxnet was the First pistol at 1000 feet, what comes next no one can guess.

Year 3021: Buffer over-run exploit used to gain access to global defence grid

Re:Biggest Change (0)

Anonymous Coward | more than 2 years ago | (#40312159)

Nope. Buffer overruns will probably be castrated (but not eliminated) by systemic usage of protection technologies by then.

Re:Biggest Change (1)

couchslug (175151) | more than 2 years ago | (#40312403)

People don't care about Security until they get hurt.

I see these attacks as useful to coerce a defensive response. Evolutionary pressure FTW!

Re:Biggest Change (0)

Anonymous Coward | more than 2 years ago | (#40313723)

Except unlike planes the solution for cyber-attacks is simple.

UNPLUG THE DAMN INTERNET CABLE!

Re:Biggest Change (1)

jxander (2605655) | more than 2 years ago | (#40314935)

But then how will I play Diablo??

Re:Biggest Change (1)

lgw (121541) | more than 2 years ago | (#40317789)

UNPLUG THE DAMN INTERNET CABLE!

You can rest assured that Three Letter Agencies have that aspect covered (and of course the important shit has its own internets). A power cutoff device to drop all outside connectivity for-damn-sure is pretty normal in such datacenters.

Local governments, however, are a different story. If these attacks go from information collecting to causing mayhem, the first attack will get quite ugly. The somone will sell a buttload of remove power cutoff boxes, and that threat will end (well, except for the inevitable morons who put those boxes on the internet).

Re:Biggest Change (1)

plover (150551) | more than 2 years ago | (#40331519)

The most recent theory is the Natanz system was most likely infected on the non-Internet side of the facility by software planted an agent. The Internet cable was not plugged in until long after the damage was done.

There was no simple defense, no easy prevention when the attackers are the IDF and you've both announced "death to Israel" and are enriching uranium.

I am outraged! (2)

busyqth (2566075) | more than 2 years ago | (#40311761)

How dare China try to hack another country's computers, infect them with malware, and otherwise snoop on us!
Only a ROGUE STATE would do such a thing!!!

Re:I am outraged! (2)

k6mfw (1182893) | more than 2 years ago | (#40314655)

Yeah, like when we want to learn activities of foreign countries, we employ intelligence agents. When they do the same to us, we accuse them of using spies.

SCADA Security? (0)

Anonymous Coward | more than 2 years ago | (#40311861)

Oxymoron?

So what? ? ? (1)

sgt_doom (655561) | more than 2 years ago | (#40311995)

They offshore all the jobs, all the technology, all the R&D work and the investments there, so who gives a rat's ass?????

No offense, but posts like these are nonsensical --- or maybe propaganda for the next war by design?????

So maybe the blog poster should contact Boeing (Narus), Packet Forensics, and all the other sleazoid American corporate whores about selling them all that surveillance tech, huh???

And please let us never forget about Jerry Yang and his Yahoo crimes (we've heard of one, but that doesn't mean there's many, many more unheard of....)

http://www.amnestyusa.org/our-work/cases/china-shi-tao [amnestyusa.org]

Sounds like... (1)

eternaldoctorwho (2563923) | more than 2 years ago | (#40312199)

...they need to stock up on copious amounts of gold to stave off the cyberarmy, or else be "deleted".

Things Willie Sutton Never Said. (2)

bmo (77928) | more than 2 years ago | (#40312285)

FTFS: "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors."

While Willie Sutton never actually said "that's where the money is" when it came to robbing banks, the truth in general about that statement couldn't be more apropos regarding this situation.

Data=Wealth.

--
BMO

Stuxnet and the rest (-1)

Anonymous Coward | more than 2 years ago | (#40312443)

It's OK if the US does it. Same old, same old. Hyporacy 'R US

Re:Stuxnet and the rest (0)

Anonymous Coward | more than 2 years ago | (#40315341)

And clearly, spelling 'R not U, Mr. Hyporacy.

I would just like to point out... (3, Insightful)

Brewster Jennings (2642639) | more than 2 years ago | (#40313497)

If you are a defense contractor doing IT and you're clicking on random .exe files in your email, you may want to consider another line of work. I mean, to be honest, your users shouldn't even be able to run them, or send them over the company e-mail network.

That's why we have administrator-level access and ultra-restrictive GPOs in the first place, right? In the hopes that the few people who can actually do damage to computers and servers aren't monkeys banging away in the hopes of producing Shakespeare?

As a final note, I would like to point out that ending my post with a question mark makes it seem more poingant and totally deserving a five. Except I spoiled it. Crap.

Re:I would just like to point out... (1)

jxander (2605655) | more than 2 years ago | (#40314957)

Crap.

Or is it?

Except (1)

frankgerlach11 (2657679) | more than 2 years ago | (#40319463)

...that it is NOT *.exe attachments. These days are long over. Attackers use PDF or MS Office documents attached to emails. So you are Wally Blacksmith of Killcorp Inc. Your job entails developing novel radar systems. One nice, sunny morning you get a nicely worded email about "Innovations in low-observable Radar" and it writes about a conference in Napes, Italy. The sender appears to be james.smith@britishradar.com. So you can't wait to see that the brits are up to an you click on that PDF. Acrobat Reader opens, displays some more bogus Radar stuff (culled from public sources) and then it also starts a process which will nicely index all the files on your harddrive and all mounted SMB shares. Then it does the same thing for all ODBC connections it can open. As an added bonus, it will look into Wally's internet history for local websites and index them also.

The index will be sent via Gmail to an account controlled by the attacker. Based on the index, the juicy files of Mr Blacksmith (and Killcorp) will be identified and uploaded to Gmail. All nicely SSL encrypted, so that the admins of the Killcorp firewall can't look into it. (don't tell me Killcorp does not allow for that).

Attackers could possibly also use exploits in web browsers and send HTML emails, so that Wally doesn't even have to click an attachment.

Re:Except (1)

FhnuZoag (875558) | more than 2 years ago | (#40320759)

Except that if you RTFA, it is.

"The attack begins with a spear phishing email sent to employees of the targeted company and containing a PDF attachment. In Digitlbond's case, the file is called "Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe" and when it's opened, the file installs a Trojan downloader called spoolsvr.exe."

If you are running an unsolicited attachment called blah.pdf.exe and ignoring the windows authorisation message that pops up, then why the hell are you providing IT security advice?

Re:Except (0)

Anonymous Coward | more than 2 years ago | (#40321113)

Ok, so I stand corrected in this special case. Nevertheless, there have been reports about malware-infested PDF attachments for years now. Which sounds entirely reasonable, considering the crap Adobe delivers as products.

big bad China (0)

Anonymous Coward | more than 2 years ago | (#40314731)

First of all, let he who is without sin cast the first stone.
It's only bad if the shit is flying in the wrong direction.

Second of all, we got no end of idiots claiming that Martians are sending pictures back from Mars, because the Opportunity Rover is located on Mars.

"Cyberwar" is bullshit (1)

David Gerard (12369) | more than 2 years ago | (#40314755)

If "cyberwar" was actually a real threat they cared about, they would shift to Linux and thin-client desktops forthwith. Hell, they could get more government money for doing so. "It's for security!" That they are not doing so shows that this is not a real threat, but trumped-up nonsense to try to look like there's a problem. Which they need more money to deal with.

Re:"Cyberwar" is bullshit (0)

Anonymous Coward | more than 2 years ago | (#40316547)

Right, because there are [threatpost.com] no [slashdot.org] exploits [torrentfreak.com] in open source software or thin clients [theregister.co.uk] , right? Seriously, if a nation state has the capability of finding 0days in Windows (which is actually seriously difficult to exploit with modern mitigation techniques), what makes you think Linux will stop them?

What's the name of the Targeted Operating System? (4, Interesting)

dgharmon (2564621) | more than 2 years ago | (#40315003)

"Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies

Just who in their right minds connects a SCADA unit directly to the Internet. Lets have a contest too see how long someone can write about Internet security without once mentioning Microsoft Windows.

"In Digitlbond's case, the file is called "Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe" and when it's opened, the file installs a Trojan downloader [threatpost.com] called spoolsvr.exe "

Re:What's the name of the Targeted Operating Syste (1)

antifoidulus (807088) | more than 2 years ago | (#40319025)

And the sad thing is that due to incompetence and/or greed, the DoD not only permits Windows on its networks, it actually ENCOURAGES it. Many of the security reqs are written such that only Windows can really do all them(basically they throw in some pointless shit that only windows does but doesnt offer any security and call it a major issue). The PLA really should write Redmond a thank you letter for writing such shitty software then lobbying the hell out of the people in power to get it installed everywhere at the DoD. Redmonds incompetence is allowing the PLA to access 10s of billions of dollars worth of defense research for free.

Open Source Cannot Bribe (0)

Anonymous Coward | more than 2 years ago | (#40321175)

..that is why Windows is the only "viable" alternative. Especially when some exec bathroom renovation is concerned.

Remember this in Wal-Mart (0)

Anonymous Coward | more than 2 years ago | (#40317155)

Remember this when you see "Made in China"

Technology Solutions (1)

frankgerlach11 (2657679) | more than 2 years ago | (#40319417)

Before I am going to elaborate, yes - technology will be only part of the fix. But technology will be a major part of better security ! Here is my list of security technologies:

Sandboxing:Google Chrome's Sandbox is an excellent example of how to limit damage from faulty code. Much more could be done by using this approach in many other file formats and use cases. Other interesting approaches are AppArmor, SE Linux and Linux Security Modules in general.

Formal Proofs:The problem with sandboxes and operating systems is of course their correctness. If the sandbox has exploitable bugs, it is obviously of little use. It would make a lot of sense for governments to pay for formally verified operating systems,VMs, sandboxes and compilers. And of course for research towards cost reductions in formal verification, as it is currently extremely time-consuming, difficult and expensive.

Memory Safe Programming Languages:The best part of all security issues can be directly blamed to the insecure-by-default approach of C/C++. Buffer overruns, uninitialized pointers accessed, freed pointers accessed, pointers doubly freed and similar issues are responsible for the majority of exploits. Just using memory-safe programming languages such as Spark Ada, Perl, C#, Java or Sappeur (created by myself, see http://sourceforge.net/projects/sappeurcompiler/ [sourceforge.net] ) would immediately reduce the number of exploitable bugs by at least 60%.

In many application fields you cannot use sandboxes. Think of indexing engines that index the web - by definition a hostile place. It is quite inefficient to start a new indexing process for each and every document crawled.

Virtualization:If you have a properly (ie. no exploitable bugs) implemented virtual machine, this could act like a Sandbox on the operating system level. Unfortunately, as the HB Gary hacks have exposed, current virtual machine technology is not safe enough. Governments could possibly finance verification efforts here, too. (Private companies don't really have a strong incentive to do that from a money-point-of-view)

Research:Clearly, extensive research into security technologies and their application in real-world-scenarios is required. Security technologies must be nicely enmeshed into user's business processes. Overly restrictive or overly time-consuming technologies/approaches will be circumvented by users. A lot of work in how to make security tech actually ergonomic has yet to be done.

Thats impossible! (1)

Billly Gates (198444) | more than 2 years ago | (#40319747)

The DOJ uses IE 6 and SP2 which stopped receiving security updates only 2 years ago!

How could this possibly happen?

Begun the CyberWar Has (0)

Anonymous Coward | more than 2 years ago | (#40321361)

After the implication that the U.S. created Stuxnet, I got the feeling that it's now "Game On" for cyberwarfare. Am I alone in this? Of course, there have been attacks for decades but it just seems so open? brazen? unapologetic?

just Some Emails destined to random suckers (1)

ipduh (2663769) | more than 2 years ago | (#40345307)

made it to ppl who know one thing about trojans and security. I love how he explains that "Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe" installs spoolsvr.exe ... this email would not even make it to someones mailbox and if the email makes it and that someone is a "programmer" or "security expert" and did not understand that this is most probably a trojan then .... f*c|$ "Attacks Targeting US Defense Contractors and Universities Tied to China" is a really bad title
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>