Category Archive 'Cyber Attacks'
21 Apr 2009
Bad news at the Pentagon, and especially bad news at the corporate headquarters of certain defense contractors.
Wall Street Journal:
Computer spies have broken into the Pentagon’s $300 billion Joint Strike Fighter project — the Defense Department’s costliest weapons program ever — according to current and former government officials familiar with the attacks.
Similar incidents have also breached the Air Force’s air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.
The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. The revelations follow a recent Wall Street Journal report that computers used to control the U.S. electrical-distribution system, as well as other infrastructure, have also been infiltrated by spies abroad.
Attacks like these — or U.S. awareness of them — appear to have escalated in the past six months, said one former official briefed on the matter. “There’s never been anything like it,” this person said, adding that other military and civilian agencies as well as private companies are affected. “It’s everything that keeps this country going. …
The intruders compromised the system responsible for diagnosing a plane’s maintenance problems during flight, according to officials familiar with the matter. However, the plane’s most vital systems — such as flight controls and sensors — are physically isolated from the publicly accessible Internet, they said.
The intruders entered through vulnerabilities in the networks of two or three contractors helping to build the high-tech fighter jet, according to people who have been briefed on the matter. Lockheed Martin is the lead contractor on the program, and Northrop Grumman Corp. and BAE Systems PLC also play major roles in its development. …
Investigators traced the penetrations back with a “high level of certainty” to known Chinese Internet protocol, or IP, addresses and digital fingerprints that had been used for attacks in the past, said a person briefed on the matter.
29 Mar 2009
The Telegraph reports that a Canadian study produced by researchers asked to investigate cyberattacks on the office of the Dalai Lama reveals large-scale world-wide cyberattacks, all originating from China.
A vast Chinese cyber-espionage network, codenamed GhostNet, has penetrated sensitive ministries and embassies across 103 countries and infects at least a dozen new computers every week. …
The discovery of GhostNet is the latest sign of China’s determination to win a future “information war”. A ten-month investigation by the Munk Centre for International Studies in Toronto has revealed that GhostNet not only searches computers for information and taps their emails, but also turns them into giant listening devices.
Once a computer has been infected, hackers can turn on its web camera and microphones and record any conversations within range.
The study revealed that almost a third of the targets infected by GhostNet are “considered high-value and include computers located at ministries of foreign affairs, embassies, international organisations, news media and NGOs”. This global web of espionage has been constructed in the last two years.
Another report from Cambridge University said the sophisticated computer attacks had been “devastatingly effective” and that “few organisations, outside the defence and intelligence sector, could withstand such an attack”.
The report stopped short of accusing the Beijing government of responsibility for the network, but said the vast majority of cyber attacks originated from inside China.
The New York Times also headlined the report in its Technology section.
The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.
Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lamaâ€™s Tibetan exile centers in India, Brussels, London and New York.
The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.
Intelligence analysts say many governments, including those of China, Russia and the United States, and other parties use sophisticated computer programs to covertly gather information.
The newly reported spying operation is by far the largest to come to light in terms of countries affected.
This is also believed to be the first time researchers have been able to expose the workings of a computer system used in an intrusion of this magnitude.
Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, the researchers said in their report, â€œTracking â€˜GhostNetâ€™: Investigating a Cyber Espionage Network.â€ They said they had found no evidence that United States government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated.
The malware is remarkable both for its sweep â€” in computer jargon, it has not been merely â€œphishingâ€ for random consumersâ€™ information, but â€œwhalingâ€ for particular important targets â€” and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed.
The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lamaâ€™s organization.
The electronic spy game has had at least some real-world impact, they said. For example, they said, after an e-mail invitation was sent by the Dalai Lamaâ€™s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities.
The Toronto researchers said they had notified international law enforcement agencies of the spying operation, which in their view exposed basic shortcomings in the legal structure of cyberspace.
By some curious coincidence, the web-site offering the actual report as inaccessible today.
19 Feb 2009
Armand de Borchgrave, in the Washington Times, shares some impressive figures from a recent Cyber Security conference.
Cyberwarfare is waged on a massive scale the world over. Ostensibly friendly nations zap each other’s electronic nerve cells frequently, and with reckless abandon. On a single day in 2008, the Pentagon was hit by would-be intruders 6 million times in 24-hour period. Before Sept. 11, 2001, the highest annual figure for cyber attacks against the Pentagon was 250,000.
Speaking not for attribution at a think tank meeting, a Pentagon “cyber warrior,” said it felt “like a perpetual hailstorm pelting an imaginary glass envelope around the Defense Department, but there is still no way of telling whether these were attempted intrusions by teenagers testing their hacking skills or the electronic warfare departments of China and Russia, that we know are constantly flexing their electronic muscles.”…
he Pentagon cybernaut did not disclose how many, if any, of the 6 million attempted intrusions were successful. Another Pentagon insider, speaking privately, said “an important internal e-mail system was taken down for two days.”
Speaking at the same think tank meeting, the chief security officer of a major New York-based financial house said they had been attacked 1 million times in a 24-hour period.
04 Jan 2009
Israeli Intelligence mouthpiece DEBKAfile succeeded in restoring service today after a period of outage.
DEBKAfile’s two sites in English and Hebrew came under a massive cyber attack on our servers at the moment Israeli ground forces crossed into the Gaza Strip Saturday night, Jan. 3. The attackers tried and failed to block and replace our content. We did our utmost to restore service as quickly as possible and return to full operation.
DEBKAfile wasn’t the first site hit.
Computerworld reports earlier activity aimed at Israeli business and web domains:
The conflict raging in Gaza between Israel and Palestine has spilled over to the Internet.
Since Saturday (12/27), thousands of Web pages have been defaced by hacking groups operating out of Morocco, Lebanon, Turkey and Iran, said Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham.
The defacements have primarily affected small businesses and vanity Web pages hosted on Israel’s .il Internet domain space. One such site was that of Israel’s Galoz Electronics Ltd. On Wednesday, the hacked Web site read “RitualistaS GrouP Hacked your System! ! ! The world isn’t insurance! ! ! For a better world.”
Other attackers have placed more incendiary messages condemning the U.S. and Israel and adding graphic photographs of the violence. Warner said he has seen no evidence that any Israeli government site has been hit by these attacks, although they have been targeted.
Your are browsing
the Archives of Never Yet Melted
in the 'Cyber Attacks' Category.