Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sophisticated, Targeted Breakins Uncovered

Posted by kdawson on from the don't-answer-job-ads dept.

Ichabod writes "Sophisticated computer criminals stole data from Unisys, Booz Allen, L-3 Communications, Hewlett Packard, and Hughes Network Systems. It sounds like they used a combination of social hacking and undetected low-profile malware (reportedly NTOS.exe) to steal and encrypt sensitive data, and compromised Yahoo accounts to store and retrieve it. An international investigation appears imminent. And yes, unfortunately Reuters calls the criminals 'hackers,' further besmirching the once-revered title."

42 of 204 comments (clear)

  1. Another day another break-in by Anonymous Coward · · Score: 3, Insightful

    Security is only as good as it's implementation. These articles seem to get the same responses everytime. I would love to see /. act like a think-tank sometime and really come up with some solutions.

    1. Re:Another day another break-in by ringfinger · · Score: 4, Insightful
      According to the article, they used social engineering by "seducing employees with fake job-listings". This is interesting because it targets those employees that are most disgruntled. Offer them a chance at another job and they'll give you a username/password that probably is the same one they're using to access the corporate account system.


      I agree, we should somehow pool our collective knowledge and accumulate it somewhere. There's an idea for /. to pull it back up on par with digg.

      --
      21st-Century-Citizen
    2. Re:Another day another break-in by prelelat · · Score: 2, Insightful

      on par with Digg? I think Slashdot is still better than Digg. The articles aren't always some top ten games of all time, top ten country albums of all time. I think you can get allot more technical responses from Slashdot users on average, and you don't get as much "I'm l33tz ur 5ux0rz" I do see good comments at both places, and good stories at both, but if it's a slow news day at Digg you can expect to see allot more useless drivel then on Slashdot. At least if you filter out one particular editor...

      Either way I think they could both use some work.

  2. The only thing I find strange.. by i8myh8 · · Score: 5, Funny

    ..is that they'd use Yahoo! Mail to retrieve the data. Gmail offers more space. Hrm. Poorly researched.

    1. Re:The only thing I find strange.. by jojoba_oil · · Score: 5, Insightful

      Actually, the so-called hackers thought that "Do No Evil" was a command to those using Google's services. As such they went elsewhere.

      In all seriousness, I'd be willing to bet that they used compromised Yahoo! accounts for a few reasons: yahoo users are generally less computer-savvy (read: easier to compromise), they probably use gmail accounts themselves so they didn't want to draw attention there, and google has been rumored before to keep e-mails even after being deleted from the account.

  3. frequency by HomelessInLaJolla · · Score: 3, Insightful

    The article is rather light on details. My first thought is to wonder how, after all this time, they finally managed to figure out that their systems were compromised.

    My second thought is to wonder if it's even true or if this is just spin-hype for Trend.

    My third thought is to objectively note that this is probably not an isolated incident. If this particular incident is this big then, in all likelihood, there are hundreds or even thousands of other compromised systems which haven't been diagnosed.

    My fourth thought is "Haha!"

    --
    the NPG electrode was replaced with carbon blac
    1. Re:frequency by pegr · · Score: 5, Informative

      You want details? This trojan appears to be a variant of this nasty little bugger. (Warning: pdf). The link is to a detailed technical report on how it works, what it does, and how to decrypt data it encrypted. It was authored by Secure Science Corporation back in November of 2006.

  4. Give it up by IndustrialComplex · · Score: 4, Insightful

    I don't think you have to worry about the term 'hacker' being besmirched any more. It, like several other terms have entered the mainstream vernacular. If you really care about the terminology that much, invent a new term for what was the original 'hacking'. It is far too late to close the barn door on the hacker misconception.

    --
    Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
    1. Re:Give it up by morari · · Score: 2, Funny

      And while we're at it: I'm not a Trekkie, I'm a Trekker! Geeze.

      --
      "He who can destroy a thing, controls a thing." --Paul Atreides, Dune
    2. Re:Give it up by Jack+Pallance · · Score: 4, Funny
      I guess you could say, this issue needs more than a "Band-Aid" for a solution.

      Get it?

      Band-Aid!!

      (OK, It was a term that used to be used exclusively to mean a specific brand, but has now changed its meaning over time to mean something broader. I don't know why I even try with you people...)

    3. Re:Give it up by Fred_A · · Score: 2, Funny

      I thought trekkers just went on long hikes...

      --

      May contain traces of nut.
      Made from the freshest electrons.
  5. DoT is on the list.. by dotpavan · · Score: 3, Funny

    and "A Department of Transportation spokeswoman said the agency couldn't find any indication of a security breach." awesome!

  6. "to steal and encrypt sensitive data" by InvisblePinkUnicorn · · Score: 5, Funny

    See, hackers get a bad rap. These folks were kind enough to encrypt the sensitive data they found, so that no outside parties could get a look at personal records.

  7. No, it was never that way by Henry+V+.009 · · Score: 2, Informative
    "further besmirching the once-revered title"
    Revisionist history a little?
    1. Re:No, it was never that way by sconeu · · Score: 4, Informative

      Yes. See the Jargon file. The term "hacker" has a long and distinguished history, before it was hijacked by the asshats who are "crackers".

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    2. Re:No, it was never that way by wamatt · · Score: 2, Insightful

      Perhaps its irrelevant what it once was. A hacker now is a bad guy. Trying to re-educate the massive public mindset for the sake of some historical correctness, seems like a futile experience. Eventually 99% of the population won't know or care the origin.

      It's like complaining about the word "gay" being used by teenagers and not referring to a homosexual or when people say "Mac O.S.X" instead of Mac OS Ten

    3. Re:No, it was never that way by fenodyree · · Score: 3, Funny

      Asshats!

      Now there is a title. Hackers gone, White Hat never made it. Enter Asshat.
      Today I asshatted a Big Corp's main server, so I emailed their admin to fix the hole. I am such an Asshat.

    4. Re:No, it was never that way by Anonymous Coward · · Score: 2, Funny

      You do know that OSX was programmed entirely in roman numerals, right?

    5. Re:No, it was never that way by It'sYerMam · · Score: 2, Funny

      Or that their system was compromised by a thin, crispy biscuit.

      --
      im in ur .sig, writin ur memes.
    6. Re:No, it was never that way by Penguinshit · · Score: 2, Funny

      I prefer the term "honky", thankyouverymuch...

      --

      I have something in common with Stephen Hawking...

  8. If you have a problem with the term hacker by pembo13 · · Score: 3, Informative

    contact the editors about it politely.

    --
    "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
    1. Re:If you have a problem with the term hacker by Waffle+Iron · · Score: 2, Insightful

      I would only have a problem with the term "hacker" if my mind were too feeble to grasp the concept of a homonym.

  9. Social engineering by athloi · · Score: 3, Informative

    At least in the old days, we used to call it "social engineering" and hacking meant any kind of programming outside the obvious. That included getting machines to fork over security credentials, but that meaning was a subset of the broader term, which meant both a cheesy quick fix ("what a hack!") and a dancelike circumnavigation of inherent limitations to produce a semi-elegant but sturdy fix ("kernel hackers drink coffee black").

    --
    technical writing / development
  10. Better writeup at WaPo by wiredog · · Score: 4, Informative

    The Security Fix Blog

    --

    Best Slashdot Co
    1. Re:Better writeup at WaPo by BobMcD · · Score: 2, Interesting

      You'd think so, yeah, and I was going to mod you up for it, but some one here has their wires crossed...

      Reuters story: Hackers steal data, moving it in encrypted form to their own servers.

      A Department of Transportation spokeswoman said the agency couldn't find any indication of a security breach WaPo/Kaspersky story: Hackers sew up customer data in encryption, leaving behind a ransom note asking $300 for the key.

      Those are similar, down even to the list of companies. But I wonder, if all the DoT's data is encrypted, and there's a ransom note, how they failed to detect that?

      In seriousness, I wonder what the truth of the matter is... Did BOTH of these events occur? If so, there's likely to be some InfoSec jobs opening up real soon.

  11. Don't use windows on Secure networks. by LWATCDR · · Score: 3, Informative

    I know the pro windows crowd will jump up and down but I hope they will hear me out.
    1. Windows is the most popular OS on the planet. Just for shear number of systems it is most hacked.
    2. Windows is harder to lock down than most other OSs. That is often because software expects to be running with admin rights.

    I am trying to figure out how no one noticed these programs trying to make connections to the outside world. My guess is that they where not expecting a Trojan. Heck we got hit by a worm at my office. It didn't get through our firewall at all. Somebody brought a notebook in and connected it to our network.
    It only infected three machines but it was a good cheap lesson for us.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    1. Re:Don't use windows on Secure networks. by acherrington · · Score: 2, Informative

      ...Or you can use the NSA's Security Guide to provide a standard model of security. Sounds like you need to look at the configuration guides for router's switches and Operating Systems. http://www.nsa.gov/snac/downloads_all.cfm

      --


      Victory is gained, not in knowing your opponents next move, but in preempting them.
  12. Evil FBI at it again. by N8F8 · · Score: 2, Funny

    Using their evil databases to identify trends and patterns.

    --
    "God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
  13. Interesting new avenue for social engineering... by ringfinger · · Score: 2, Interesting

    Put job ads in front of disgruntled employees and ask them to create accounts to apply -- then watch as they merrily type in their favorite usernames/passwords into your cracker system. Easy as pie...

    --
    21st-Century-Citizen
  14. more data please by scolbert · · Score: 2, Interesting

    Wouldn't it be nice if we could get more data on these security breeches? The articles are so lite weight. What technique? What data? I think the more we learn about these problems, the more bullet proof we can make our systems. We are at a disadvantage in that the criminal understands the vulnerability and can exploit it over and over again.

    Sammy at IT/Personafile

  15. Not Sophisticated At All by neoshroom · · Score: 3, Insightful

    "What is most worrying is that this particular sample of malware wasn't recognized by existing antivirus software. It was able to slip through enterprise defenses," said Yankee Group security analyst Andrew Jaquith, who learned of the breach from Morris. "This is a serious threat. It shows how sophisticated hackers have become," Haro said.

    This is not sophistication.

    1. Take any virus/trojan that is recognized by antivirus software.
    2. Put it through an executable compression package to make its code vary from what it used to be on the hard drive or in memory.
    3. Viola! Your malware is now stealthed from any antivirus program.

    Either that was rather simple or I am a seriously dangerous hacker.

    --
    Big apple, new Yorik, undig it, something's unrotting in Edenmark.
    1. Re:Not Sophisticated At All by icydog · · Score: 2, Informative
      How did you get modded +5 Insightful? From the link you posted:

      Also, some older virus scanners simply report all compressed executables as viruses because the decompressor stubs share some characteristics with those. Most modern virus scanners can unpack several different executable compression layers to check the actual executable inside.
  16. From Webster by Shihar · · Score: 4, Insightful

    Main Entry: hacker
    Pronunciation: 'ha-k&r
    Function: noun
    1 : one that hacks
    2 : a person who is inexperienced or unskilled at a particular activity
    3 : an expert at programming and solving problems with a computer
    4 : a person who illegally gains access to and sometimes tampers with information in a computer system

    I am pretty damn sure that the thieves in question meet both #3 and #4, hence they are 'hackers'. I probably would not waste time bothering Reuters to complaining that not all hackers are evil. They used the word correctly.

  17. Everybody's happy! by ingo23 · · Score: 3, Funny
    From the article:

    A Department of Transportation spokeswoman said the agency couldn't find any indication of a security breach.

    See, it's a win-win situation - the criminals did everything smoothly without leaving a trace, and at DoT it looks like nothing happened!

  18. Use of "hacker" by Matt+Perry · · Score: 4, Insightful

    Reuters calls the criminals 'hackers,' further besmirching the once-revered title.
    Get over it. Seriously. This romanticism for some obscure meaning of a word being understood by the general public is really getting tiresome. Words can have multiple meanings depending on the context and hacker is no different. We just have to live with it. There's no way to change the meaning of the word in the public consciousness without some type of huge marketing campaign. Saying you are a Perl hacker is going to be interpreted the way you want by the audience you are targeting with that phrase. If someone thinks you are breaking the security of Perl then they probably don't know what Perl is and aren't the audience for your use of that word. Likewise, when I talk about forking and killing children I'm not talking about murdering babies (contrary to what the marketing woman thought, whose office was near my cube, when she reported me and my co-worker to HR 10 years ago).
    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  19. "Sophisticated, Targeted Breakins" by Pluvius · · Score: 2, Funny

    I didn't think it could get more sophisticated than the classic Breakin 2.0: Electric Boogaloo. Bravo, hackers!

    What's with the whining about the word "hacker," anyway? Talk about beating a dead horse.

    Rob

  20. wow by nomadic · · Score: 2, Funny

    I know the pro windows crowd will jump up and down but I hope they will hear me out.

    Uh....the huge pro windows crowd on slashdot?

    1. Re:wow by cecille · · Score: 3, Insightful

      Gah, not to get into a huge flame war here, but I seriously don't understand why there's this association of liking/using windows and being some kind of computer moron.

      Let me put it right out in the open here - I like and use Windows. In fact, I'd wager that a large number of /. people do, and either downplay it or deny it. Now I'm not saying that unix type OS's don't have their place - I use solaris and linux at work for coding and my servers generally run openBSD. BUT I want my personal box to be as easy and hassle free as possible so I run windows and only windows. I don't consider myself to be a windows victim and it's not a choice I made just because that's what came with the box. Say what you want about bloatware, but it's nice to buy a piece of hardware and have it just work. It's nice to install a program without having to recompile the kernel. It's nice to have a box I can actually buy decent games for. And no...I haven't reinstalled every two weeks since I bought it and yes, it is still working and not overflowing with disease and spyware.

      Look, I'm not trying to defend every aspect of the OS - clearly there are some issues. But as I get older and more impatient, I'm starting to see windows as the more attractive option simply because there are some things that they got very, very right. Namely the fact that they put so much emphasis on usability.

      Anyway, my long winded point is that not all windows users are stupid or just stumbled upon windows by accident. I know it's fun to bash things senselessly, but let's grab a little perspective here. Windows is not the devil, it's just not perfect. Nothing is.

      --
      ...no two people are not on fire.
  21. Re:Security Answer by Chineseyes · · Score: 2, Funny

    My solution -- never let group #2 touch a computer again. Ever.


    Congratulations you just put group #1 out of work.

    --
    I think the invisible hand of the market has its middle finger extended

    --A wise old fart named SC0RN
  22. Re:Already known. Just not implemented. by Kadin2048 · · Score: 3, Insightful

    The problem is that this, like most other effective security schemes, is expensive.

    Companies won't implement more security than is cost-effective. Their decision making process is going to be driven directly by the perceived odds of being broken-into, times the cost of a possible breakin. They're not going to spend more money than that.

    I doubt there are really going to be any serious (multi-million or -billion dollar) consequences for any of the companies involved. Maybe a few people will get fired and some new procedures will get written into some document that nobody reads, but there's not going to be a major bloodletting. (These companies run the government, in the most literal sense.)

    When you see a F500 company absolutely taken to the cleaners -- totally bankrupted -- due to an IT-security mishap, then you'll see real security implemented. But until then it's just going to be a lot of after-the-fact patching-up and good 'ol "security theater." And a lot of blaming the messenger. That's always cheap.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  23. on par with digg? by xzvf · · Score: 2, Insightful

    Quality on par with digg? I don't even know how to respond. Maybe you wanted to Quantity on par with digg. The moderation and answers here are far more insightful and not nearly as biased as the ones on digg.

  24. Re:This isn't true by idontgno · · Score: 2, Funny

    cat /dev/zero | gzip -c | mail -s "Unpack this, beeotch" fulcrum@evil.org
    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.