Whitehouse Hacked by Chinese Several Times

Share

An unnamed senior US official has declared to the Financial Times that the Whitehouse computer network was victim to numerous cyber attacks from China. According to the same official, the attackers had access to e-mails for short periods of time[1].

The unclassified network of the Whitehouse was breach numerous times by the attackers, which may have stole information. The sensibility of the information accessed is not specified, but since it was on the unclassified network, no data of value should have been viewed by the hackers. The attacks were detected by the National Cyber Investigative Joint Task Force, an agency created in 2007 and under the FBI[2].

No one from the American and Chinese sides commented on this event. This declaration comes amid many cyber attacks performed in previous years also and every time, blamed on the Chinese or Russians. In 2007, the Pentagon claimed to have been hacked by the cyber division of the People’s Liberation Army (PLA)[3]. It has been known for a while not that China has developed advanced cyber warfare capabilities and has gain a lot of experience.

It has been known for a while not that China has developed advanced cyber warfare capabilities and has gain a lot of experience in that domain.
It has been known for a while not that China has developed advanced cyber warfare capabilities and has gain a lot of experience in that domain.

[1] “Chinese hack into White House network”, Demetri Sevastopulo, The Financial Times, November 6, 2008, http://www.ft.com/cms/s/0/2931c542-ac35-11dd-bf71-000077b07658.html?nclick_check=1 (accessed on November 7, 2008)

[2] “New US National Cyber Investigative Joint Task Force Will Be Led by FBI”, ILBS, April 28, 2008, http://www.ibls.com/internet_law_news_portal_view.aspx?id=2044&s=latestnews (accessed on November 6, 2008)

[3] “Pentagon: Chinese military hacked us”, Lewis Page, The Register, http://www.theregister.co.uk/2007/09/04/china_hack_pentagon_leak/ (accessed on November 6, 2008)

Malware Authors Loves Obama Too

Share

The Register reports that malware creators are already using Mr. Obama’s popularity to distribute the Papras Trojan using spam, social engineering and Google Ads[1].

Users usually receive an email from what seems a legitimate news sources such as CNN and BBC, inviting users to see the speech of Barack Obama on their website. The content of the email is the following[2]:

Barack Obama Elected 44th President of United States

Barack Obama, unknown to most Americans just four years ago, will become the 44th president and the first African-American president of the United States.
Watch His amazing speech at November 5!

Proceed to the election results news page>>

2008 American Government Official Website
This site delivers information about current U.S. Foreign policy and about American life and culture.

And senders are usually:

  • news@cnn.com
    news@usatoday.com
    news@online.com
    news@c18-ss-1-lb.cnet.com
    news@president.com
    news@unitedstates.com
    news@bbc.com

The email contains a link to a fake website, which prompts the users to update their Flash player in order to see the speech. Of course, the update is actually a Trojan.

Screen shots of the email and fake website, from F-Secure[3]:

 

Papras is an information stealing Trojan, trying to get a hold of logins and passwords among others. This Trojan is detected by only 14 of the 36 major anti-virus programs.


[1] “Obama-themed malware mauls world+dog”, Dan Goodin, The Register, November 5, 2008, http://www.theregister.co.uk/2008/11/05/obama_malware_attacks/ (accessed November 6, 2008)

[2] “Computer Virus masquerades as Obama Acceptance Speech Video”, Gary Warner, CyberCrime & Doing Time, November 5, 2008, http://garwarner.blogspot.com/2008/11/computer-virus-masquerades-as-obama.html (accessed on November 6, 2008)

[3] “US Presidential Malware”, F-Secure, November 5, 2008, http://www.f-secure.com/weblog/archives/00001530.html (accessed on November 6, 2008)

Both U.S Presidential Campaigns Hacked

Share

Newsweek reports that the computer systems of M. Obama and M. McCain were both hacked by unknown attackers during their campaigns[1]. Very little information is available, but according to Newsweek, the FBI and the Secret Services claimed that several files from the Obama servers had been compromised by a “foreign entity” in midsummer. The same happened to the McCain campaign.

According to the FBI, documents were stole by foreign powers (probably Russia or China) in order to gather information for future negotiations.

But the former director of technology for the 2004 presidential campaign of Rep. Dennis Kucinich expressed skepticism about the claims. Henry Poole from CivicActions, a firm that offers Internet campaign consulting services, said “It’s unlikely that either campaign would have stored sensitive data on the same servers that were being used for public campaigning purposes[2]“.

It is unclear if anyone got compromised at all. If so, why would the FBI and Secret Services report such events? Hopefully there is more to come on this…

See also:

“Hackers and Spending Sprees”, Newsweek, November 5, 2008, http://www.newsweek.com/id/167581/page/1 (accessed on November 6, 2008)

“Both US political campaigns got hacked”, Egan Orion, The Inquirer, November 6, 2008, http://www.theinquirer.net/gb/inquirer/news/2008/11/06/both-political-campaigns-got (accessed on November 6, 2008)


[1] “Hackers and Spending Sprees”, Newsweek, November 5, 2008, http://www.newsweek.com/id/167581/page/1 (accessed on November 6, 2008)

[2] “Report: Obama, McCain campaign computers were hacked by ‘foreign entity'”, Jaikumar Vijayan, ComputerWorld, http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Cybercrime+and+Hacking&articleId=9119221&taxonomyId=82&pageNumber=1 (accessed on November 6, 2008)

Fake Anti-Virus Brings in 158 000$ a Week

Share

Russian criminals who are selling a fake anti-virus, “Antivirus XP 2008/2009” among others, have made more than 150 000$ in a week, according to the Sydney Morning Herald[1]. If you ever seen those annoying popups warning you that you might be infected with one or more viruses, then you probably came across this scam.

Fake Spyware Detection Alert
Fake Spyware Detection Alert

“For most people they might just be browsing the web and suddenly they don’t know why this thing will pop up in their face, telling them they’ve got 309 infections on their computer, it will change their desktop wallpaper, change their screen saver to fake ‘blue screens of death’,” said Joe Stewart, from SecureWorks said.

The software is sold for 49.95 $US and will “detect” various viruses and Trojans on the computer. Stewart shows that Antivirus XP still has some basic anti-malware functionality, but as he explains, it’s mostly in case the authors are brought to court “they might try to claim the program is not truly fraudulent – after all, it can clean computers of at least a few malicious programs[2]“. Only 17 minor threats can be removed, far from the 102,563 viruses the anti-virus claims to clean. And don’t expect a refund for the software.

The entity behind this fraudware is called Bakasoftware, a Russian company that pays affiliates to sell its anti-virus to users. Affiliates can earn between 58% and 90% of the sale price. Criminals are therefore using everyway to trick users into installing the software, including scaring the user into believing that he is infected, even using botnets to push the program into the users’ computers.

Since it is not hacking people’s computers and only runs the affiliate program, Bakasoftware does not have to worry about being shut down by police“, Stewart said[3].

Affiliate ID

Affiliate Username

Account Balance (USD)

4928 nenastniy $158,568.86
56 krab $105,955.76
2 rstwm $95,021.16
4748 newforis $93,260.64
5016 slyers $85,220.22
3684 ultra $82,174.54
3750 cosma2k $78,824.88
5050 dp322 $75,631.26
3886 iamthevip $61,552.63
4048 dp32 $58,160.20
Table 1.0 – Top earners in the Bakasoftware Affiliate Program[4]
 

Screenshots took from the administrative panel of bakasoftware.com which was hacked by NeoN:

Bakasoftware Registred Domains
Bakasoftware Registred Domains

Bakasoftware All Socks Controls
Bakasoftware All Socks Controls

(Screenshots are from “Rogue Antivirus Dissected – Part 2”, Joe Steward, SecureWorks, October 22, 2008, http://www.secureworks.com/research/threats/rogue-antivirus-part-2/?threat=rogue-antivirus-part-2)

By the time of this writing, http://www.bakasoftware.com/ was not accessible. Another interesting fact, if the Russian language is installed on your computer, there’s a good chance you won’t be considered as a target because of Russian legislation. Apparently the creators have been sued anyway[5].

Many other fraudware are available, always proposing anti-malware software. Their ads are oven seen on torrents, warez and cracks/serials sites. What’s particularly dangerous is that they can come with other legitimate software or by drive-by downloads. Once they are installed in your computer, they get annoying very fast and can trick you into buying fraudware. Popups can appear that you are infected. Other types of fraudware are those “boost your computer” software.

P.S “baka” means “stupid” in Japanese. A totally appropriate title for the operators of this company.
See also:

“Fake software nets hacker $158,000 in a week”, Stewart Meagher, The Inquirer, November 5, 2008, http://www.theinquirer.net/gb/inquirer/news/2008/11/05/fake-antivirus-nets-hacker-150 (accessed on November 5, 2008)

“Antiviral ‘Scareware’ Just One More Intruder”, John Markoff, The New York Times, October 29, 2008, http://www.nytimes.com/2008/10/30/technology/internet/30virus.html (accessed on November 5, 2008)

“Crooks can make $5M a year shilling fake security software”, Gregg Keizer, ComputerWorld, October 31, 2008, http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security_hardware_and_software&articleId=9118778&taxonomyId=145&intsrc=kc_top (accessed on November 5, 2008)


[1] “Russian scammers cash in on pop-up menace”, Asher Moses, The Sydney Herald, November 4, 2008, p.1, http://www.smh.com.au/news/technology/security/russian-scammers-cash-in-on-popup-menace/2008/11/04/1225560814202.html (accessed on November 5, 2008)

 

[2] “Rogue Antivirus Dissected – Part 1”, Joe Stewart, SecureWorks, October 21, 2008, http://www.secureworks.com/research/threats/rogue-antivirus-part-1/?threat=rogue-antivirus-part-1 (accessed on November 5, 2008)

[3] “Russian scammers cash in on pop-up menace”, Asher Moses, The Sydney Herald, November 4, 2008, p.2, http://www.smh.com.au/news/technology/security/russian-scammers-cash-in-on-popup-menace/2008/11/04/1225560814202.html (accessed on November 5, 2008)

[4] “Rogue Antivirus Dissected – Part 2”, Joe Steward, SecureWorks, October 22, 2008, http://www.secureworks.com/research/threats/rogue-antivirus-part-2/?threat=rogue-antivirus-part-2 (accessed on November 5, 2008)

[5] “Infamous vendor of “AntiVirus XP” badware sued”, Adam O’Donnell, ZDNet, September 30th, 2008, http://blogs.zdnet.com/security/?p=1980 (accessed on November 5, 2008


Microsoft: Malware Up 38% in United States in 2008

Share

According to the latest Security Intelligence Report from Microsoft, malicious software installations on computers increased 38% in the U.S for 2008.[1] Also, the number of “High Severity” vulnerabilities detected increased by 13% in the second half of 2007, putting the total of “High Severity” vulnerabilities to 48%.

Downloaders and droppers, accounting for 30% of all malicious software, with around 7 millions computers infected in the United States alone.

And of course, no good Microsoft document would be complete by stating that Vista in more awesome than XP, and therefore the report states that if you own Windows XP SP3, you’re likely to be infected 9 times on 1000 infections, while this number drops to 4 times on 1000 infections for Vista.

“For browser-based attacks on Windows XP-based machines, Microsoft vulnerabilities accounted for 42 percent of the total. On Windows Vista-based machines, however, the proportion of vulnerabilities attacked in Microsoft software was much smaller, accounting for just 6 percent of the total[2].”

Taken from the report:

Country/Region

2007

2008

% Chg.

Afghanistan

58.8

76.4

29.9

Bahrain

28.2

29.2

3.4

Morocco

31.3

27.8

-11.4

Albania

30.7

25.4

-17.4

Mongolia

29.9

24.7

-17.6

Brazil

13.2

23.9

81.8

Iraq

23.8

23.6

-1.1

Dominican Republic

24.5

23.2

-5.2

Egypt

24.3

22.5

-7.5

Saudi Arabia

22.2

22.3

0.4

Tunisia

15.9

21.9

37.3

Turkey

25.9

21.9

-15.4

Jordan

20.4

21.6

5.5

Former Yugoslav Republic of Macedonia

16.3

21.1

29.8

Lebanon

20.6

20.2

-1.8

Yemen

17.7

20.1

13.7

Portugal

14.9

19.6

31.7

Algeria

22.2

19.5

-12.2

Libya

17.3

19.5

13.1

Mexico

14.8

17.3

17

United Arab Emirates

18.2

17.3

-4.8

Monaco

13.7

17.0

23.7

Serbia

11.8

16.6

41.4

Bosnia and Herzegovina

12.8

16.3

27.5

Jamaica

15.0

16.3

8.9

Table 1.0 – Countries with the Highest Infection Rates[3]

See also:

“Microsoft Security Intelligence Report”, Microsoft, January-June 2008, http://www.microsoft.com/downloads/details.aspx?FamilyId=B2984562-47A2-48FF-890C-EDBEB8A0764C&displaylang=en (accessed on November 4, 2008)

“Les menaces en augmentation de 43%, dit Microsoft”, Marie-Ève Morasse, Cyberpresse, November 3, 2008, http://technaute.cyberpresse.ca/nouvelles/internet/200811/03/01-35773-les-menaces-en-augmentation-de-43-dit-microsoft.php (in French) (accessed on November 4, 2008)


[1] “Microsoft Security Intelligence Report”, Microsoft, January-June 2008, p. 122

[2] Ibid. p. 5

[3] Ibid. p.49

Chinese Cyber Warfare to Gain Military Superiority

Share

Since the 70s, when Deng Xiaoping was the head of China, the People’s Liberation Army tried to modernize itself and cut its size in order to become more efficient. Still, China is still behind when it comes to military even if its defense budget is the second largest after the United States on the planet, with US$57 billion in 2008[1]. According to an article published in Culture Mandala, China could boost its cyber warfare capabilities in order to compensate for their technological backwardness.

It started as soon as in 2003, when it deployed its first cyber warfare units, the “zixunhua budui[2]“. Since, many attacks have been attributed to China, such as Operation Titan Rain in 2003[3]. China hopes that by using asymmetrical warfare, such as information warfare and cyber warfare, it might level other modern armies.

Michael Vickers, Senior Vice President for Strategic Studies at the Center for Strategic and Budgetary Assessments declared that “a Chinese attack on Taiwan could entail special operations and cyber attacks on U.S. regional bases in Japan and South Korea, and might even include cyber attacks on the U.S. homeland that target the U.S. financial, economic, energy, and communications infrastructure[4]“. In the same document, we can read:

“One way to assess this risk is to ask whether a cyber attack by China launched a few days in advance of a clash could prevent U.S. carrier battle groups from deploying to the Taiwan Straits. Launching the attacks too early would create the risk of discovery and countermeasures.[5]

China could boost its cyber warfare capabilities in order to compensate for their technological backwardness
China could boost its cyber warfare capabilities in order to compensate for their technological backwardness

It is clear to me that a nation with a technologically late compared to modern armies have all the advantage to develop asymmetrical warfare. We can assess its effectiveness in Afghanistan and Iraq. And cyber warfare is a perfect way to destabilize modern armies used to technology in their daily operations. But this is far from being easy for both sides, as talented individuals and highly skills hackers are needed to develop this kind of warfare. Terrorists and groups are unlikely to develop a high quality cyber warfare force, although they still can be efficient. China, on the other hand, can and is smart to do it. After all, if a force can disable communications the enemy’s communications networks, such as GPS, emails and phone networks, it can makes a strong army useless. Like a strong man or woman, if the brain can contact the muscle through the nervous system, the body is powerless…

See also:

“How China Will Use Cyber Warfare To Leapfrog in Military Competitiveness“, Jason Fritz, Culture Mandala, Vol. 8, No. 1, October 2008

China’s Military Modernization and Its Impact on the United States and the Asia- Pacific“, U.S.-China Economic and Security Review Commission, 110th Cong, 1st Sess., March 29-30, 2007


[1] “How China Will Use Cyber Warfare To Leapfrog in Military Competitiveness”, Jason Fritz, Culture Mandala, Vol. 8, No. 1, October 2008, pp.29

[2] “Trojan Dragon: China’s Cyber Threat”, John J. Tkacik, Jr., The Heritage Foundation, February 8, 2008, http://www.heritage.org/Research/asiaandthepacific/bg2106.cfm#_ftn6 (accessed November 3, 2008)

[3] “Titan Rain – how Chinese hackers targeted Whitehall”, Richard Norton-Taylor, The Guardian, September 5, 2007, http://www.guardian.co.uk/technology/2007/sep/04/news.internet (accessed November 3, 2008)

[4] China’s Military Modernization and Its Impact on the United States and the Asia- Pacific, U.S.-China Economic and Security Review Commission, 110th Cong, 1st Sess., March 29-30, 2007, p. 2

[5] Ibid. p.144

Dept. of Homeland Security Thinks Blogs is Key to IEDs

Share

The Department of Homeland Security seeks ideas on how to retrieve information in blogs and forums about the potential use and fabrication of Improvised Explosive Devices (IEDs). The DHS thinks that by analyzing information posted on blogs and forums in real time, it may be able to counter the use of IEDs on the field. They are therefore looking for “Indicators of Intent to Use Improvised Explosives (IEDs) available in Blogs to support the Counter-Improvised Explosive Devices (C-IED) Program.[1]

Any potential person interested would have to:

“2) developing objective, systematic data collection and retrieval techniques to gather data on a near real-time basis from blogs and message boards. Data will be collected at multiple, pre-determined times to evaluate the transmission of information over time, and should include metrics for determining the impact factor and usage patterns of the blogs and message boards. 3) identifying blogs and message boards utilized or favored by groups that engage in violent or terrorist activity to include in the study. Blogs and message boards must be representative of various characteristics of the larger populations of interest. and 4) collecting quantitative and qualitative data from the bloggers to evaluate such issues relating to knowledge of the preparation and execution of violent activities, including IED attacks.[2]

Now, I can think of so many ways to defeat this kind of surveillance. Encryption for one. Second, don’t use blogs or forums from the Internet to show where you will plan your next attack. Use a virtual private network (VPN). Maybe by looking for blogs or forums, they may find the stupidest insurgents/terrorists or teenagers that think they are cool, but the vast majority of them know how to use technology and have learned about encryption. A private web server would do the job also…Imagination is the limit!

See also:

“DHS: Scour Blogs to Stop Bombs”, Noah Shachtman, October 31, 2008, http://blog.wired.com/defense/2008/10/dhs-scour-blogs.html (accessed on October 31, 2008)


[1] “Counter-Improved Explosive Devices Blogging”, Department of Homeland Security, Sollicitation Number: HSHQDC-09-R-00004, October 28, 2008

[2] Idem.