S
SANGKA
Guest
H Security posted:
Here are some of the kinds of things this RAT is into:
Don't feel bad if you drew the same conclusion from this infographic as I did (it's probably China, the Washington Post and Dmitri Alperovitch (the researcher who published his findings on McAfee) concur.
The most damning thing in here (which points to government interest and not cyber-criminals or corporations) though is the hacking of the International Olympic Committee and the World Anti-Doping Agency leading up to the 2008 Beijing Olympics. The IP addresses of their compromised servers sit side by side on this machine with data on oil and gas drilling, US government think tanks, defense contractors, and other sensitive topics from over a dozen different countries.
Hopefully we can have people from other countries weigh in on this as well because I don't want this to be all rabid nationalism and US vs. China. Here for example is a BBC article about German firms worrying about China's rampant IP theft.
So I guess my questions are: How ambitious is China? Will they be able to utilize the alleged petabytes of data stolen? Did they just assume there won't be any repercussions when they got caught because of the economic situation? Why is no one making a peep about them basically stealing the rest of the world's homework like a petulant child? Are we going to step up our security or just keep being cheap, lazy and self indulgent2? And I guess, is Mr. Alperovitch full of poo poo? Are we doing well on the network security angle? I'd say no, but I'm just kind of a dilettante or enthusiast on the subject.
I wish to note that intellectual property theft by a government represents the very essence of organized crime.
-Howard Berman
1 Read: Microsoft
some guy on the McAfee forums posted:
According to a report by McAfee, since 2006, cyber-espionage has been carried out against a total of 72 organisations in 14 countries in a series of professional hacking attacks. 49 of the 72 organisations targeted are located in the US and include government agencies, defence contractors, an academic institution, and the New York and Hong Kong offices of a news organisation. Reportedly, the news organisation in question is Associated Press.
So this security expert/blogger found a control server for some monolithic entity that has basically been stealing any and all intellectual property to be had from poorly secured servers1 across the globe.
Here are some of the kinds of things this RAT is into:
Don't feel bad if you drew the same conclusion from this infographic as I did (it's probably China, the Washington Post and Dmitri Alperovitch (the researcher who published his findings on McAfee) concur.
The most damning thing in here (which points to government interest and not cyber-criminals or corporations) though is the hacking of the International Olympic Committee and the World Anti-Doping Agency leading up to the 2008 Beijing Olympics. The IP addresses of their compromised servers sit side by side on this machine with data on oil and gas drilling, US government think tanks, defense contractors, and other sensitive topics from over a dozen different countries.
Hopefully we can have people from other countries weigh in on this as well because I don't want this to be all rabid nationalism and US vs. China. Here for example is a BBC article about German firms worrying about China's rampant IP theft.
So I guess my questions are: How ambitious is China? Will they be able to utilize the alleged petabytes of data stolen? Did they just assume there won't be any repercussions when they got caught because of the economic situation? Why is no one making a peep about them basically stealing the rest of the world's homework like a petulant child? Are we going to step up our security or just keep being cheap, lazy and self indulgent2? And I guess, is Mr. Alperovitch full of poo poo? Are we doing well on the network security angle? I'd say no, but I'm just kind of a dilettante or enthusiast on the subject.
I wish to note that intellectual property theft by a government represents the very essence of organized crime.
-Howard Berman
1 Read: Microsoft
some guy on the McAfee forums posted:
Were the initial intrusions all on Microsoft OS machines? Also, was a particular browser targeted?
Dmitri Alperovitch posted:
All the malware we’ve seen was Windows-based. There were a variety of vulnerabilities used
2 A lot of the vulnerabilities involved here were from stupid management types who felt the need to surf the web as admins and so basically negate whatever security had been put in to place.