Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aurora Attack — Resistance Is Futile, Pretty Much

Posted by kdawson on from the big-leagues dept.

eldavojohn writes "Do you have branch offices in China? iSec has published a new report (PDF) outlining the severity of the attacks on Google.cn, allegedly by the Chinese government, dubbed 'Aurora' attacks. Up to 100 companies were victims, and some are speculating that resistance to such attacks is futile. The report lays out the shape of the attacks — which were customized per-company based on installed vulnerable software and antivirus protection: '1. The attacker socially engineers a victim, often in an overseas office, to visit a malicious website. 2. This website uses a browser vulnerability to load custom malware on the initial victim's machine. 3. The malware calls out to a control server, likely identified by a dynamic DNS address. 4. The attacker escalates his privilege on the corporate Windows network, using cached or local administrator credentials. 5. The attacker attempts to access an Active Directory server to obtain the password database, which can be cracked onsite or offsite. 6. The attacker uses cracked credentials to obtain VPN access, or creates a fake user in the VPN access server. 7. At this point, the attack varies based upon the victim. The attacker may steal administrator credentials to access production systems, obtain source code from a source repository, access data hosted at the victim, or explore Intranet sites for valuable intellectual property.' The report also has pages of recommendations as well as lessons learned, which any systems administrator — even those inside the US — should read and take note of."

9 of 268 comments (clear)

  1. Re:Who clicked on the PDF? by Anonymous Coward · · Score: 2, Funny

    Target corporation: Unemployed geeks in their mothers' basements.

    Damn. This attack is going to wipe the IT industry out...

  2. Even better, don't hire humans by xzvf · · Score: 5, Funny

    Humans are the biggest weakness in the chain. Don't hire them, or at least hire the most non-people types you can. Hire the non-team players and the ones that argue with everyone. When someone calls them and asks them to go to a web site, they'll say screw you and hang up.

    1. Re:Even better, don't hire humans by SkeeZerD · · Score: 2, Funny

      I disagree...can I have a job?

    2. Re:Even better, don't hire humans by Machtyn · · Score: 2, Funny

      Actually, I've noticed a lot of "this" going around in the US and world economy.

  3. Auror by Anonymous Coward · · Score: 1, Funny

    Anyone else read that as Auror Attack?

  4. Re:oh for the love of ____! by Anonymous Coward · · Score: 5, Funny

    Meanwhile I _am_ Chinese, currently in China, and I can tell you your information is lacking in a few areas.

    The Chinese Government is your friend and only wants the best for you.

  5. Re:oh for the love of ____! by Anonymous Coward · · Score: 2, Funny

    Okay, I know an ex-pat who has moved to China and married.

    It's refreshing to see such a rock-solid substantiation on Slashdot.

  6. Re:How do we know THAT isn't compromised? by Anonymous Coward · · Score: 4, Funny

    in china, trojans are small. Because they have small dicks.

  7. Re:Sounds like resistance is easy. by Anonymous Coward · · Score: 1, Funny

    Did it ever occur to you that when he said "Just don't use MS Windows" he was implying that you should use VMS? But then again there are all those SYSTEMkits out there.