Forgot your password?
typodupeerror
China Security IT

US Defense Contractors and Universities Targeted In Cyberattacks 79

Posted by Unknown Lamer
from the retaliation-for-stuxnet dept.
Trailrunner7 writes, quoting Threatpost: "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors. The attacks are using highly customized malicious files to entice targeted users into opening them and starting the compromise. The attack campaign is using a series of hacked servers as command-and-control points and researchers say that the tactics and tools used by the attackers indicates that they may be located in China. The first evidence of the campaign was an attack on Digitalbond, a company that provides security services for ICS systems. ... In addition to the attack on Digitalbond, researchers have found that the campaign also has hit users at Carnegie Mellon University, Purdue University and the University of Rhode Island."
This discussion has been archived. No new comments can be posted.

US Defense Contractors and Universities Targeted In Cyberattacks

Comments Filter:
  • This is news? (Score:4, Insightful)

    by Anonymous Coward on Wednesday June 13, 2012 @12:22PM (#40311369)

    This is absolutely nothing new

    • Re:This is news? (Score:5, Interesting)

      by s.petry (762400) on Wednesday June 13, 2012 @01:00PM (#40311967)

      That is correct. 5 years ago I worked at a Defense contractor and we had a carefully crafted spear phishing attack. The hackers learned that Company "doe" did the support for IT for most of their IT. The group created a "doesupport.com" domain, and stole company logos from "doe.com". A fake site was crafted, and honestly looked pretty legit. They even had someone that knew English do the wording. The problem was, with all that work they had a username and password dialogue box on the site, and our users were warned about this type of attack every day. We had 1 user out of about 6800 log in to the site, and more than 2800 tickets from users reporting the suspected site.

      The site was in the US, but traced it's roots to China. Interesting how fast this gets found out when Government is involved.

      Obviously "doe" is a fictional name to protect both the contractor and support people.

      • "5 years ago I worked at a Defense contractor and we had a carefully crafted spear phishing attack .. A fake site was crafted"

        A Defense contractor that can be compromised by a click-and-download-this-executable hack shouldn't be in the defense industry.
        • by s.petry (762400)

          I'm not sure you understand the complex nature of these attacks. These are not simply fire and forget executable files, like you see in your email constantly from script kiddies. There are few, if any, executable files involved initially. They are more after usernames, passwords, and network information. From their, they can launch more sophisticated attacks trying to gain access to network components, etc... and do more targeted phishing and attempt to send files.

          When files are sent, these again are no

    • by FhnuZoag (875558)

      My suspicion is that this is basically observation bias in action. Every public system on the internet in every country is subject to a constant barrage of low level email driven malware, these days. We only hear the reports of the universities, IT security companies, and government services, because these are the only folks with enough security consciousness and enough to lose to notice it, and who are worth writing news articles about. This doesn't mean a particular attack is targetted, or trying to accom

  • "Peaceful rise", my foot.

  • by Anonymous Coward

    ... if we aren't making our chips here, how can we ever expect to be able to secure our milatary secerets? I hate how goverment subsidies to an industry are pretty much impossible to repeal after they are created, but national security should genereally take front stage.

    • IBM.

      If IBM had been allowed to make CPUs for desktops/laptops there would never had been Intel. Well Intel would have been a lot smaller due to IBM ruling the market.

      I am guessing that if the shit does hit the fan, IBM may be allowed to do something. At least for government systems.

  • by Anonymous Coward on Wednesday June 13, 2012 @12:38PM (#40311641)

    When we start using cyberweapons against people without constraint and then post a whole bunch of articles about how cost effective it is, other nations see that as a reason enough to use them against us. Most states cant afford enough money to build $35 million dollar fighter jets or spy satilites, but can slip some script kiddies a few bucks to send out some spam with exploits in it.

  • Biggest Change (Score:5, Interesting)

    by Papa Legba (192550) on Wednesday June 13, 2012 @12:43PM (#40311693)

    This is low level Cyber warfare and its starting to ramp up. this is like the introduction of planes in WWI. At first they waived at each other on their scouting mission. then someone brought a pistol, then a rifle. Then it was gunners and machineguns until we get the Red Baron and Fighter Aces. Next thing we know its jet Propulsions and heat Seakers, Stealth fighters launching! Make no mistake, Stuxnet was the First pistol at 1000 feet, what comes next no one can guess.

    what is obvious is that Information Assutrance is no longer a support service, somewhere behind tech support and first to be cut, IA is now a front line warfighter task. Lets just hope the bean countes realize in time!

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Sure we can guess, because it's just the same goddamn hacking methods. The only new thing that'll obviously change is the quality and complexity of the malicious software - like more intelligent worms/trojans/botnets/whatever. Stuxnet wasn't the first pistol, it was the first heat-seeker.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        For some time, Chinese hacking has been the "landwar in Asia" tactic. Lots and lots of units in the field. When you have 30,000 longbowmen, it really doesn't matter how good their aim is, as long as they can fire quickly and in roughly the right direction a lot of people are going to be hit by arrows. Much of their hacking has been the same, sacrifice accuracy for quantity and get results.

        The USA has (for quite some time now) preferred the "sniper" model. Small groups, low profile, and then someone fall

        • by plover (150551) *

          Stuxnet wasn't a virus designed to spread until it found Natanz and then attack it. That would have been noticed much earlier. Stuxnet was deployed inside the air-gapped systems of Natanz, and was only detected after it escaped containment and began to spread.

          That's the sniper using a ghillie suit and flash suppression, hiding in a marsh. Sounds like the USA's m.o.

    • Make no mistake, Stuxnet was the First pistol at 1000 feet, what comes next no one can guess.

      Year 3021: Buffer over-run exploit used to gain access to global defence grid

    • by couchslug (175151)

      People don't care about Security until they get hurt.

      I see these attacks as useful to coerce a defensive response. Evolutionary pressure FTW!

  • How dare China try to hack another country's computers, infect them with malware, and otherwise snoop on us!
    Only a ROGUE STATE would do such a thing!!!
    • by k6mfw (1182893)
      Yeah, like when we want to learn activities of foreign countries, we employ intelligence agents. When they do the same to us, we accuse them of using spies.
  • They offshore all the jobs, all the technology, all the R&D work and the investments there, so who gives a rat's ass?????

    No offense, but posts like these are nonsensical --- or maybe propaganda for the next war by design?????

    So maybe the blog poster should contact Boeing (Narus), Packet Forensics, and all the other sleazoid American corporate whores about selling them all that surveillance tech, huh???

    And please let us never forget about Jerry Yang and his Yahoo crimes (we've heard of one, but that

  • ...they need to stock up on copious amounts of gold to stave off the cyberarmy, or else be "deleted".

  • by bmo (77928) on Wednesday June 13, 2012 @01:27PM (#40312285)

    FTFS: "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors."

    While Willie Sutton never actually said "that's where the money is" when it came to robbing banks, the truth in general about that statement couldn't be more apropos regarding this situation.

    Data=Wealth.

    --
    BMO

  • by Brewster Jennings (2642639) on Wednesday June 13, 2012 @02:52PM (#40313497)
    If you are a defense contractor doing IT and you're clicking on random .exe files in your email, you may want to consider another line of work. I mean, to be honest, your users shouldn't even be able to run them, or send them over the company e-mail network.

    That's why we have administrator-level access and ultra-restrictive GPOs in the first place, right? In the hopes that the few people who can actually do damage to computers and servers aren't monkeys banging away in the hopes of producing Shakespeare?

    As a final note, I would like to point out that ending my post with a question mark makes it seem more poingant and totally deserving a five. Except I spoiled it. Crap.

    • by jxander (2605655)

      Crap.

      Or is it?

    • ...that it is NOT *.exe attachments. These days are long over. Attackers use PDF or MS Office documents attached to emails. So you are Wally Blacksmith of Killcorp Inc. Your job entails developing novel radar systems. One nice, sunny morning you get a nicely worded email about "Innovations in low-observable Radar" and it writes about a conference in Napes, Italy. The sender appears to be james.smith@britishradar.com. So you can't wait to see that the brits are up to an you click on that PDF. Acrobat Reader
      • by FhnuZoag (875558)

        Except that if you RTFA, it is.

        "The attack begins with a spear phishing email sent to employees of the targeted company and containing a PDF attachment. In Digitlbond's case, the file is called "Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe" and when it's opened, the file installs a Trojan downloader called spoolsvr.exe."

        If you are running an unsolicited attachment called blah.pdf.exe and ignoring the windows authorisation message that pops up, then why the hell are you providing IT secu

  • If "cyberwar" was actually a real threat they cared about, they would shift to Linux and thin-client desktops forthwith. Hell, they could get more government money for doing so. "It's for security!" That they are not doing so shows that this is not a real threat, but trumped-up nonsense to try to look like there's a problem. Which they need more money to deal with.

  • by dgharmon (2564621) on Wednesday June 13, 2012 @04:35PM (#40315003) Homepage
    "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies

    Just who in their right minds connects a SCADA unit directly to the Internet. Lets have a contest too see how long someone can write about Internet security without once mentioning Microsoft Windows.

    "In Digitlbond's case, the file is called "Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe" and when it's opened, the file installs a Trojan downloader [threatpost.com] called spoolsvr.exe "
    • And the sad thing is that due to incompetence and/or greed, the DoD not only permits Windows on its networks, it actually ENCOURAGES it. Many of the security reqs are written such that only Windows can really do all them(basically they throw in some pointless shit that only windows does but doesnt offer any security and call it a major issue). The PLA really should write Redmond a thank you letter for writing such shitty software then lobbying the hell out of the people in power to get it installed everyw
  • Before I am going to elaborate, yes - technology will be only part of the fix. But technology will be a major part of better security ! Here is my list of security technologies:

    Sandboxing:Google Chrome's Sandbox is an excellent example of how to limit damage from faulty code. Much more could be done by using this approach in many other file formats and use cases. Other interesting approaches are AppArmor, SE Linux and Linux Security Modules in general.

    Formal Proofs:The problem with sandboxes and operati
  • The DOJ uses IE 6 and SP2 which stopped receiving security updates only 2 years ago!

    How could this possibly happen?

  • made it to ppl who know one thing about trojans and security. I love how he explains that "Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe" installs spoolsvr.exe ... this email would not even make it to someones mailbox and if the email makes it and that someone is a "programmer" or "security expert" and did not understand that this is most probably a trojan then .... f*c|$ "Attacks Targeting US Defense Contractors and Universities Tied to China" is a really bad title

If God had a beard, he'd be a UNIX programmer.

Working...