Entries Tagged "China"

Page 14 of 15

Cyber Espionage

Interesting investigative article from Business Week on Chinese cyber espionage against the U.S. government, and the government’s reaction.

When the deluge began in 2006, officials scurried to come up with software “patches,” “wraps,” and other bits of triage. The effort got serious last summer when top military brass discreetly summoned the chief executives or their representatives from the 20 largest U.S. defense contractors to the Pentagon for a “threat briefing.” BusinessWeek has learned the U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government’s most critical networks. And President George W. Bush on Jan. 8 quietly signed an order known as the Cyber Initiative to overhaul U.S. cyber defenses, at an eventual cost in the tens of billions of dollars, and establishing 12 distinct goals, according to people briefed on its contents. One goal in particular illustrates the urgency and scope of the problem: By June all government agencies must cut the number of communication channels, or ports, through which their networks connect to the Internet from more than 4,000 to fewer than 100. On Apr. 8, Homeland Security Dept. Secretary Michael Chertoff called the President’s order a cyber security “Manhattan Project.”

It can only help for the U.S. government to get its own cybersecurity house in order.

Posted on April 28, 2008 at 6:45 AMView Comments

Designing Processors to Support Hacking

This won best-paper award at the First USENIX Workshop on Large-Scale Exploits and Emergent Threats: “Designing and implementing malicious hardware,” by Samuel T. King, Joseph Tucek, Anthony Cozzie, Chris Grier, Weihang Jiang, and Yuanyuan Zhou.

Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses.

We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker, rather than designing one speci?c attack, can instead design hardware to support attacks. Such ?exible hardware allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware. We show two such hardware designs, and implement them in a real system. Further, we show three powerful attacks using this hardware, including a login backdoor that gives an attacker complete and highlevel access to the machine. This login attack requires only 1341 additional gates: gates that can be used for other attacks as well. Malicious processors are more practical, more flexible, and harder to detect than an initial analysis would suggest.

Theoretical? Sure. But combine this with stories of counterfeit computer hardware from China, and you’ve got yourself a potentially serious problem.

Posted on April 24, 2008 at 1:52 PMView Comments

Research on Malware Distribution

Interesting:

Among their conclusions are that the majority of malware distribution sites are hosted in China, and that 1.3% of Google searches return at least one link to a malicious site. The lead author, Niels Provos, wrote, ‘It has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running malware automatically. During that time we have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware. During the course of our research, we have investigated not only the prevalence of drive-by downloads but also how users are being exposed to malware and how it is being distributed.'”

Draft paper, and some data.

Posted on February 26, 2008 at 6:23 AMView Comments

Foreign Hackers Stealing American Health Care Records

What in the world is going on here?

Foreign hackers, primarily from Russia and China, are increasingly seeking to steal Americans’ health care records, according to a Department of Homeland Security analyst.

Mark Walker, who works in DHS’ Critical Infrastructure Protection Division, told a workshop audience at the National Institute of Standards and Technology that the hackers’ primary motive seems to be espionage.

Espionage? Um, how?

Walker said the hackers are seeking to exfiltrate health care data. “We don’t know why,” he added. “We want to know why.” At the same time, he said, it’s clear that “medical information can be used against us from a national security standpoint.”

How? It’s not at all clear to me.

Any health problems among the nation’s leaders would be of interest to potential enemies, he said.

This just has to be another joke.

EDITED TO ADD (3/13): More Posted on February 20, 2008 at 12:30 PMView Comments

Privacy International's 2007 Report

The 2007 International Privacy Ranking.

Canada comes in first.

Individual privacy is best protected in Canada but under threat in the United States and the European Union as governments introduce sweeping surveillance and information-gathering measures in the name of security and border control, an international rights group said in a report released Saturday.

Canada, Greece and Romania had the best privacy records of 47 countries surveyed by London-based watchdog Privacy International. Malaysia, Russia and China were ranked worst.

Both Britain and the United States fell into the lowest-performing group of “endemic surveillance societies.”

EDITED TO ADD (1/10): Actually, Canada comes in second.

Posted on January 10, 2008 at 6:01 AMView Comments

Chinese Hackers

Time Magazine article on Chinese hackers:

But reports in Chinese newspapers suggest that the establishment of a cybermilitia is well under way. In recent years, for example, the military has engaged in nationwide recruiting campaigns to try to discover the nation’s most talented hackers. The campaigns are conducted through competitions that feature large cash prizes, with the PLA advertising the challenges in local newspapers.

Tan is a successful graduate of this system. He earned $4,000 in prize money from hacker competitions, enough to make him worthy of a glowing profile in Sichuan University’s campus newspaper. Tan told the paper that he was at his happiest “when he succeeds in gaining control of a server” and described a highly organized selection and training process that aspiring cybermilitiamen (no cyberwomen, apparently) undertake. The story details the links between the hackers and the military. “On July 25, 2005,” it said, “Sichuan Military Command Communication Department located [Tan] through personal information published online and instructed him to participate in the network attack/defense training organized by the provincial military command, in preparation for the coming Chengdu Military Command Network Attack/Defense Competition in September.” (The State Council Information Office didn’t respond to questions about Tan, and China’s Foreign Ministry denies knowing about him.)

With the help of experts from Sichuan University, the story continued, Tan’s team won the competition and then had a month of intense training organized by the provincial military command, simulating attacks, designing hacking tools and drafting network-infiltration strategies. Tan was then chosen to represent the Sichuan Military Command in competition with other provinces. His team won again, after which, the iDefense reports say, he founded the NCPH and acquired an unidentified benefactor (“most likely the PLA”) to subsidize the group’s activities to the tune of $271 a month.

Posted on December 14, 2007 at 11:08 AMView Comments

MI5 Sounds Alarm on Internet Spying from China

Someone in MI5 is pissed off at China:

In an unprecedented alert, the Director-General of MI5 sent a confidential letter to 300 chief executives and security chiefs at banks, accountants and legal firms this week warning them that they were under attack from “Chinese state organisations.”

[…]

Firms known to have been compromised recently by Chinese attacks are one of Europe’s largest engineering companies and a large oil company, The Times has learnt. Another source familiar with the MI5 warning said, however, that known attacks had not been limited to large firms based in the City of London. Law firms and other businesses in the regions that deal even with only small parts of Chinese-linked deals are being probed as potential weak spots, he said.

A security expert who has also seen the letter said that among the techniques used by Chinese groups were “custom Trojans”, software designed to hack into the network of a particular firm and feed back confidential data. The MI5 letter includes a list of known “signatures” that can be used to identify Chinese Trojans and a list of internet addresses known to have been used to launch attacks.

A big study gave warning this week that Government and military computer systems in Britain are coming under sustained attack from China and other countries. It followed a report presented to the US Congress last month describing Chinese espionage in the US as so extensive that it represented “the single greatest risk to the security of American technologies.”

EDITED TO ADD (12/13): The Onion comments.

EDITED TO ADD (12/14): At first, I thought that someone in MI5 was pissed off at China. But now I think that someone in MI5 was pissed that he wasn’t getting any budget.

Posted on December 4, 2007 at 12:34 PMView Comments

Hard Drives Sold with Pre-Installed Trojans

I don’t know if this story is true:

Portable hard discs sold locally and produced by US disk-drive manufacturer Seagate Technology have been found to carry Trojan horse viruses that automatically upload to Beijing Web sites anything the computer user saves on the hard disc, the Investigation Bureau said.

Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said.

The tainted portable hard disc uploads any information saved on the computer automatically and without the owner’s knowledge to www.nice8.org and www.we168.org, the bureau said.

Certainly possible.

EDITED TO ADD (12/14): A first-hand account.

Posted on November 20, 2007 at 12:52 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.