(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for January 27th, 2010


leave a comment »

“We’ve seen real, targeted attacks on our C-level [most senior] executives,” says one oil company official, who, like others familiar with various aspects of the attacks, spoke only on condition of anonymity. “I was at a meeting with the FBI earlier this year [2009] that was pretty eye-opening.”

The new type of attack involves custom-made spyware that is virtually undetectable by antivirus and other electronic defenses traditionally used by corporations. Experts say the new cyberburglary tools pose a serious threat to corporate America and the long-term competitiveness of the nation.

Ok, I know that the security guys out there will flinch just as I have every time the acronym APT has been bandied about lately. But since the Google/Aurora revelation this has finally hit the mainstream consciousness. So, yes, there are people out there *cough, CHINA!* being one nation state full of them, who want to steal our data. Not only do they want to steal our IP, but also maybe lay traps to disable things should the need arise.

Yes Virginia, there are Advanced Persistent Threats out there and they are taking advantage of our own stupidity.

Yes, I said it, our STUPIDITY. Let me elucidate for you.

  • Microsoft knew of the IE 6 vuln for some time but oh my, no patch!
  • Its come to light that some of the people involved were targeted through Facebook friending. Gee, OPSEC anyone?
  • The backdoor features of Gmail put there by Google for the government were used against them
  • The EU’s just clicked clicked clicked on those attachments infecting themselves
  • These exploits and methodologies are not new. In fact, as is being reported now a bit more on the press, these types of attacks have been going on since the 90’s
  • Generally, passwords are weak within many companies and home networks
  • Generally, information security education programs at companies are lax for its employees if given at all

Now, that this has happened to the Gas and Oil industry is no great surprise to me. In fact, if anything I am kinda wondering if maybe they missed more over the years and are just unaware of the scope of the data ex-filtration. It is likely that these companies never noticed the outbound connections that were created by malware specifically created to exfil data out of their networks and through their firewalls. Mostly  because they are not paying enough attention to the outbound firewall rules nor do they have any network monitoring to alert them to any strange traffic.

Then I came across this part of the article…

But lurking in the cybershadows is a far more insidious and sophisticated form of computer espionage that, until the recent exposure by search-engine titan Google, was little publicized and often went undetected. Such attackers represent the elite – a dark army of cyberspies targeting the heart of corporations around the world where trade secrets, proprietary data, and cutting-edge technologies lie locked away in digital fortresses.

SNORT! Digital fortresses? Really? Man, this guy has been reading too much Dan Brown! These companies are hardly “digital fortresses” they are often cobbled together networks with poor security defenses internally that are being used to transmit data easily out of. A digital fortress at the very LEAST would be encrypting their data at rest to prevent such an exploit from working!

As for the sophistication of the cyber spying, I say yes, it is sophisticated in that there are concerted efforts to gather data by using classic spying techniques and persistent methods with a digital twist. What’s called social engineering today has been around a long time in the espionage realm. So, its not so new. So, getting someone to knee jerk react and click on an email that looks legit, is not so much a new idea.

Now, about the fact that the Chinese may be infiltrating the gas and oil industries. Well, that make perfect sense doesn’t it? China wants to be a superpower. One of the things that China needs to be a superpower is energy to power its factories, cities, basically the engine of their economy.

There’s a line in Syrianna that kinda explains my meaning:

Jimmy Pope

“We use one quarter of the oil in the world, Bennet. Your house is light and warm and my house is light and warm, but what if it were that way for half of the week, or none of the week? Hell, China’s economy is not growing as fast as it could because they can’t get all the oil they need. I’m damn proud of that fact”

The simple truth is that China needs the data, the designs, the IP, everything in their minds to be that superpower. So, they are going about stealing it from the international equivalent of “stealing candy from a baby” We, unfortunately are that baby where it comes to data security it seems.

The Chinese attacking these companies to get a leg up on where drilling seems likely, what methods are being used, what agreements are in the works, etc, would be great data for them to have. It’s only natural… and really makes me wonder at how the C levels at these companies could be so surprised at the depth and breadth of these efforts by the Chinese.

It’s time that this digital baby got some schoolin.

Full story HERE