Sophisticated, Targeted Breakins Uncovered

Ichabod writes "Sophisticated computer criminals stole data from Unisys, Booz Allen, L-3 Communications, Hewlett Packard, and Hughes Network Systems. It sounds like they used a combination of social hacking and undetected low-profile malware (reportedly NTOS.exe) to steal and encrypt sensitive data, and compromised Yahoo accounts to store and retrieve it. An international investigation appears imminent. And yes, unfortunately Reuters calls the criminals 'hackers,' further besmirching the once-revered title."

No, it was never that way

[Henry+V+.009]

"further besmirching the once-revered title"

Revisionist history a little?

Re:No, it was never that way

[sconeu]

Yes. See the Jargon file. The term "hacker" has a long and distinguished history, before it was hijacked by the asshats who are "crackers".

If you have a problem with the term hacker

[pembo13]

contact the editors about it politely.

Social engineering

[athloi]

At least in the old days, we used to call it "social engineering" and hacking meant any kind of programming outside the obvious. That included getting machines to fork over security credentials, but that meaning was a subset of the broader term, which meant both a cheesy quick fix ("what a hack!") and a dancelike circumnavigation of inherent limitations to produce a semi-elegant but sturdy fix ("kernel hackers drink coffee black").

Better writeup at WaPo

[wiredog]

The Security Fix Blog

Don't use windows on Secure networks.

[LWATCDR]

I know the pro windows crowd will jump up and down but I hope they will hear me out.
1. Windows is the most popular OS on the planet. Just for shear number of systems it is most hacked.
2. Windows is harder to lock down than most other OSs. That is often because software expects to be running with admin rights.

I am trying to figure out how no one noticed these programs trying to make connections to the outside world. My guess is that they where not expecting a Trojan. Heck we got hit by a worm at my office. It didn't get through our firewall at all. Somebody brought a notebook in and connected it to our network.
It only infected three machines but it was a good cheap lesson for us.

Re:Don't use windows on Secure networks.

[acherrington]

...Or you can use the NSA's Security Guide to provide a standard model of security. Sounds like you need to look at the configuration guides for router's switches and Operating Systems. http://www.nsa.gov/snac/downloads_all.cfm

Re:frequency

[pegr]

You want details? This trojan appears to be a variant of this nasty little bugger. (Warning: pdf). The link is to a detailed technical report on how it works, what it does, and how to decrypt data it encrypted. It was authored by Secure Science Corporation back in November of 2006.

Re:Not Sophisticated At All

[icydog]

How did you get modded +5 Insightful? From the link you posted:

Also, some older virus scanners simply report all compressed executables as viruses because the decompressor stubs share some characteristics with those. Most modern virus scanners can unpack several different executable compression layers to check the actual executable inside.

Re:The only thing I find strange..

Good point, except Yahoo just updated their storage to unlimited.