Sophisticated, Targeted Breakins Uncovered 204
Ichabod writes "Sophisticated computer criminals stole data from Unisys, Booz Allen, L-3 Communications, Hewlett Packard, and Hughes Network Systems. It sounds like they used a combination of social hacking and undetected low-profile malware (reportedly NTOS.exe) to steal and encrypt sensitive data, and compromised Yahoo accounts to store and retrieve it. An international investigation appears imminent. And yes, unfortunately Reuters calls the criminals 'hackers,' further besmirching the once-revered title."
Another day another break-in (Score:3, Insightful)
Re:Another day another break-in (Score:4, Insightful)
I agree, we should somehow pool our collective knowledge and accumulate it somewhere. There's an idea for
Re: (Score:3, Insightful)
Ei
Re: (Score:2)
quality of the copy on submissions. It is like being inside a teenaged male's brain,
not a good place to be.
Already known. Just not implemented. (Score:2)
Then any deviation from that pattern is flagged and investigated.
Why is Alice in Accounts Receivable searching the HR server?
Why is Alice logged into Bob's machine in HR?
Why is Alice logging in at 1am?
Re:Already known. Just not implemented. (Score:4, Insightful)
Companies won't implement more security than is cost-effective. Their decision making process is going to be driven directly by the perceived odds of being broken-into, times the cost of a possible breakin. They're not going to spend more money than that.
I doubt there are really going to be any serious (multi-million or -billion dollar) consequences for any of the companies involved. Maybe a few people will get fired and some new procedures will get written into some document that nobody reads, but there's not going to be a major bloodletting. (These companies run the government, in the most literal sense.)
When you see a F500 company absolutely taken to the cleaners -- totally bankrupted -- due to an IT-security mishap, then you'll see real security implemented. But until then it's just going to be a lot of after-the-fact patching-up and good 'ol "security theater." And a lot of blaming the messenger. That's always cheap.
Not that expensive. Just requires planning. (Score:2)
But the only problem with my proposal is that it takes THOUGHT and PLANNING. It cannot be retrofitted to an existing network. (unless you're really lucky)
The networks have to be constructed so that each point can be monitored. Instead, most networks grow "organically". As connections are needed, they're added. Without any plan. Just get the connections in now.
The same with servers. The last place I worked had a server in the DMZ cab
on par with digg? (Score:3, Insightful)
The only thing I find strange.. (Score:5, Funny)
Re:The only thing I find strange.. (Score:5, Insightful)
In all seriousness, I'd be willing to bet that they used compromised Yahoo! accounts for a few reasons: yahoo users are generally less computer-savvy (read: easier to compromise), they probably use gmail accounts themselves so they didn't want to draw attention there, and google has been rumored before to keep e-mails even after being deleted from the account.
Interesting new avenue for social engineering... (Score:2, Interesting)
Not strange at all (Score:2)
Re: (Score:2)
Re: (Score:2)
frequency (Score:4, Insightful)
My second thought is to wonder if it's even true or if this is just spin-hype for Trend.
My third thought is to objectively note that this is probably not an isolated incident. If this particular incident is this big then, in all likelihood, there are hundreds or even thousands of other compromised systems which haven't been diagnosed.
My fourth thought is "Haha!"
Re:frequency (Score:5, Informative)
They told you all you need to know. M$ Again. (Score:2)
FTFA:
In this case, we are safe assuming "personal computers" == Windoze. Big dumb companies put that crap on people's deskstop.
The lesson learned again is that corporate security is only as strong as it's weakest link. If you let Windoze retrieve your data you have no secrets.
Proven theory (Score:2)
Give it up (Score:4, Insightful)
Re: (Score:2, Funny)
Re: (Score:2)
Re: (Score:3, Funny)
Re:Give it up (Score:4, Funny)
Get it?
Band-Aid!!
(OK, It was a term that used to be used exclusively to mean a specific brand, but has now changed its meaning over time to mean something broader. I don't know why I even try with you people...)
Re: (Score:2)
Re: (Score:2)
DoT is on the list.. (Score:4, Funny)
Booz Allen = privatized US government services (Score:2)
But from reading TFA, you might think "*yawn*, some big companies got hacked, who cares."
I don't know about DoT, but a lot of government services are being run by Booz Allen and other contractors. I called up some Federal agency hotline a while back and got a greeting like "Welcome to the US Dept. of XYZ hotline, run by Booz Allen. Please call back [during a time of day that is impossibly inconvenient in your time zone]." Think of them like Halliburton, only in Washington D.C. instead of Iraq.
If
Re: (Score:2)
By the time the general public catches on to how terribly and horribly bad this is, it'll be too late to do anything about it.
There's been talk of selling or leasing our interstate highways to overseas investors as a source of tax money. I believe it's already been done in Illinois, and there are talks of doing the same for the NJ Turnpike.
The incident a year or so ago about port security being run by an overseas corporation also didn't sit well with me at all. I'm all for international
"to steal and encrypt sensitive data" (Score:5, Funny)
No, it was never that way (Score:3, Informative)
Re:No, it was never that way (Score:5, Informative)
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:2)
meanings (Score:2)
Yes, but therein lies the problem I've always seen with the term that the tech community would prefer people use, i.e. that "cracker" already has a slang definition, and most people in the world will have reactions ranging from confusion to effrontery at the notion that their computer system was compromised by a bunch of rednecks.
I don't think there's much of a chance people confuse someone who's proficient with something like a computer and a white Southerner or redneck. Hack also has another meaning,
Re: (Score:2, Insightful)
It's like complaining about the word "gay" being used by teenagers and not referring to a homosexual or when people say "Mac O.S.X" instead of Mac OS Ten
Re: (Score:2, Funny)
Re: (Score:3, Funny)
Now there is a title. Hackers gone, White Hat never made it. Enter Asshat.
Today I asshatted a Big Corp's main server, so I emailed their admin to fix the hole. I am such an Asshat.
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
"further besmirching the once-revered title" (Score:2)
Revisionist history a little?
There is no revision of history when someone points out hackers ARE NOT criminals nor that they intentionally damage systems. The first tyme "hacker" was used derogatorily was in the 1980s, before then Hacker [fiu.edu] meant "simply referred to a person who was capable of creating hacks, or elegant, unusual, and unexpected uses of technology."
The concept of hacking [berkeley.edu] entered the computer culture at the Massachusetts Institute of Technology in the 1960s...
But there are standards fo
If you have a problem with the term hacker (Score:4, Informative)
From Webster (Score:5, Insightful)
Pronunciation: 'ha-k&r
Function: noun
1 : one that hacks
2 : a person who is inexperienced or unskilled at a particular activity
3 : an expert at programming and solving problems with a computer
4 : a person who illegally gains access to and sometimes tampers with information in a computer system
I am pretty damn sure that the thieves in question meet both #3 and #4, hence they are 'hackers'. I probably would not waste time bothering Reuters to complaining that not all hackers are evil. They used the word correctly.
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
That's exactly what I was pointing out.
Re: (Score:2)
Re: (Score:2)
Social engineering (Score:4, Informative)
Better writeup at WaPo (Score:5, Informative)
Re: (Score:3, Interesting)
You'd think so, yeah, and I was going to mod you up for it, but some one here has their wires crossed...
Reuters story: Hackers steal data, moving it in encrypted form to their own servers.
A Department of Transportation spokeswoman said the agency couldn't find any indication of a security breach
WaPo/Kaspersky story: Hackers sew up customer data in encryption, leaving behind a ransom note asking $300 for the key.
Those are similar, down even to the list of companies. But I wonder, if all the DoT's data is encrypted, and there's a ransom note, how they failed to detect that?
In seriousness, I wonder what the truth
Don't use windows on Secure networks. (Score:4, Informative)
1. Windows is the most popular OS on the planet. Just for shear number of systems it is most hacked.
2. Windows is harder to lock down than most other OSs. That is often because software expects to be running with admin rights.
I am trying to figure out how no one noticed these programs trying to make connections to the outside world. My guess is that they where not expecting a Trojan. Heck we got hit by a worm at my office. It didn't get through our firewall at all. Somebody brought a notebook in and connected it to our network.
It only infected three machines but it was a good cheap lesson for us.
Re: (Score:2)
Don't rule out the social engineering aspect here. They sought out security employees that wanted to leave the company.
Genius, really.
wow (Score:2, Funny)
Uh....the huge pro windows crowd on slashdot?
Re: (Score:2)
Expect a huge amount of Windows vict^H^H^H^Husers here.
Re:wow (Score:4, Insightful)
Let me put it right out in the open here - I like and use Windows. In fact, I'd wager that a large number of
Look, I'm not trying to defend every aspect of the OS - clearly there are some issues. But as I get older and more impatient, I'm starting to see windows as the more attractive option simply because there are some things that they got very, very right. Namely the fact that they put so much emphasis on usability.
Anyway, my long winded point is that not all windows users are stupid or just stumbled upon windows by accident. I know it's fun to bash things senselessly, but let's grab a little perspective here. Windows is not the devil, it's just not perfect. Nothing is.
OSes (Score:2)
I want my personal box to be as easy and hassle free as possible so I run windows and only windows.
Sounds like you want a Mac.
Say what you want about bloatware, but it's nice to buy a piece of hardware and have it just work.
I've bought 4 new PCs for myself running some version of Windows, two were from Gateway, one from HP, and the other one is from Microway [microway.com]. The one from Microway is the only one of the four that I did not have trouble with either the hardware or the OS, which is NT4.0. One of the
Re: (Score:2)
The "problem" is that the vast majority of Windows users are stupid and they are using Windows simply because it came with their box.
Of the hundreds of millions of Windows users, maybe 0.5% are actually computer savvy and chose to use Windows. Of
Re: (Score:3, Informative)
OS security (Score:2)
1. Windows is the most popular OS on the planet. Just for shear number of systems it is most hacked.
Yea, I went into a Mac store, not an Apple store, and asked about antivirus and firewall programs and the worker I talked to said Macs don't get infected and don't get broken into. I tried to tell him the only reason is because the people who do such things target OSes with big market shares and that when Macs get big enough a share they will be targetted. He just kept saying OSX is immune.
While I like
Evil FBI at it again. (Score:3, Funny)
more data please (Score:2, Interesting)
Sammy at IT/Personafile [personafile.com]
Not Sophisticated At All (Score:4, Insightful)
This is not sophistication.
1. Take any virus/trojan that is recognized by antivirus software.
2. Put it through an executable compression package [wikipedia.org] to make its code vary from what it used to be on the hard drive or in memory.
3. Viola! Your malware is now stealthed from any antivirus program.
Either that was rather simple or I am a seriously dangerous hacker.
Re: (Score:2)
No Hope Allowed (Score:2)
Even if the virus scanner scans for pklite'd executables, you can always write your own unique executable compressor or modify an existing one until your executable is non-detectable.
Virus scanners are like front door locks. Any serious cat burglar is just going to grappling hook to the roof and cut a hole through str
Re: (Score:2)
That has to be the worst analogy I've ever heard. Cutting a hole in the roof is akin to having a virus that displays a giant message on the screen saying "I'm a virus, delete me". Do you think nobody is going to notice you throwing a grappling hook and climbing onto someone's roof? Or are the people in the house not g
Re: (Score:2)
I believe the sophistication is question is the combination of the targets, the undetectible malware, and the delivery method. Not the malware itself.
This was a concentrated attack "seducing employees with fake job-listings on ads and e-mail" and was only directed at specific targets, rather that the entire world at once.
Likewise they used a website that was unlikely to be blocked to warehouse the data, instead of somewhere in Russia, etc.
No, this seems a bit above the bar to me.
I See (Score:2)
So the sophistication was the delivery method -- email! Now my Grandma is a hacker too!
This isn't true (Score:2)
It's arguable that the AV products are always able to open up every variation of these things, but it's incorrect to say that simply enclosing your malware inside one automatically makes it undetectable.
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:2, Informative)
Because It Is Insightful! (Score:2)
Everybody's happy! (Score:3, Funny)
See, it's a win-win situation - the criminals did everything smoothly without leaving a trace, and at DoT it looks like nothing happened!
Use of "hacker" (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
There's this notion of 're-claiming' the word for geeks instead of the 'bad guys' that's ahistorical and revisionist at best. The word 'hacker' has long been used by people who are interested in doing interesting things with technology. It has also long been used by people who want to cause harm or find gain by their technological skills.
While you've got a really good point, I'd also add that there's another distinction in between the two. Some of the "doing interesting things with technology" often involved bypassing access controls. Part of that is simple understanding of a system to the point of being able to defeat it. Part of it is being able to do something you're not supposed to be able to do - very much part of the hacker ethos and what better way to exercise it than counter something specifically designed to stop you from doing
Re: (Score:2)
Like you say, the ESR "cracker" is really an ex post facto invention - and basically a pejorative term. Well, RMS used "cracker" in 1983 too, iirc - but there too it was a conscious and artificial attempt at
"Sophisticated, Targeted Breakins" (Score:3, Funny)
What's with the whining about the word "hacker," anyway? Talk about beating a dead horse.
Rob
Security Answer (Score:2, Troll)
There are two types of people in the world:
- those who care about computers
- those who don't
Chances are the first group are experts (of varying degrees). The second group are most likely the "vulnerable" ones (in terms of social engineering).
My solution -- never let group #2 touch a computer again. Ever.
Re: (Score:2, Funny)
Congratulations you just put group #1 out of work.
puzzel (Score:2)
Re: (Score:2)
hippie! (Score:2)
Yeap! A relatively long haired one. I even like The WELL [well.com].
FalconFavorite (and most telling) quote: (Score:2)
"Internet security firms began to release patches to fight the malicious software on Monday night."
"Hey, dammit, don't close that barn door now, we're trying to put the horses away!"
hax0rz (Score:2)
You mean after they've been doing this for 20 years, there's still somebody left who cares about it?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
As much as I hate what's become of the title "hacker," I still love it when I'm walking down the street wearing my "hacker." t-shirt from ThinkGeek.
On sidewalks, I'm given a wide berth.
In stores, I'm carefully watched, but all the clerks are extremely friendly and very helpful. (I can usually get retail shopping done quicker and more efficiently.)
Even restaurants and fast food places seem more concerned about my personal satisfaction.
These people are scared of hackers.
Re: (Score:2)
On sidewalks, I'm given a wide berth.
Are you sure it's not just B.O.?
Re: (Score:2)
Whereas if you wore a T-shirt with "Cracker" written on it, all you'd get is derisive laughs from people of a certain ethnic extraction.
Re: (Score:2)
Re: (Score:2)
So what you're saying is that RHEL is Common Criteria certified [atsec.com], so the OS is more secure, and SOMEONE doesn't have to worry about going to prison.
Re: (Score:2)
Re: (Score:2)
This battle was lost ages ago, yes I actually used to care about it, too. Why? I have no idea. It's clear from context what the word means. Context includes who you are talking to, what you're talking about, etc.
True the battle was lost a long time ago, but context is cultural too. I've given up trying to explain the difference to my wife who is not a native English speaker. I do consider it a big deal though and I will make sure my kids know the difference.
Why do you care so much about these things?
Because it was our word first. There was an idiot no-name blogger who had an article posted here a few months ago who was trying to coopt the term "superuser" as a synonym for virus writing criminal who should be shot, IMO.
Why do you care so much about these things? (Score:2)
Because it was our word first
If you mean first for technolgy and computers, yes, but "hack" had been used for a long tyme to mean someone else. In the 1920s, I believe, "hack" [wikipedia.org] meant someone who was a journalist, reporter, or writer. I'm not sure but I think "hack" was used in the 1941 movie "Citizen Kane" [imdb.com] , meaning reporter.
Falcon
Re: (Score:2)
Language abuse is a serious matter. Example: `Rugby' in my wife's culture is the brand of glue of choice for those who would abuse such things, hence `doing rugby' means sniffing glue not playing a team sport with a ball.