Ongoing Attacks Target Defense, Aerospace Industries

← Back to Stories (view on slashdot.org)

Ongoing Attacks Target Defense, Aerospace Industries

Posted by Soulskill on Tuesday January 31, 2012 @08:10AM from the hackers-want-spaceships-with-lasers dept.

Gunkerty Jeb writes "Researchers have identified a strain of malware that's being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations. The attack campaign, as many do, appears to be changing frequently, as the attackers use different binaries and change up their patterns for connecting to remote command-and-control servers. The research, done by Seculert and Zscaler, shows that the attackers are patient, taking the time to dig up some information about their potential targets, and are carefully choosing organizations that have high-value intellectual property and assets (PDF)."

77 comments

Min score:

Reason:

Sort:

Cyber-Defense by FranktehReaver · 2012-01-31 08:14 · Score: 1

Looks like we need to step it up a notch.
1. Re:Cyber-Defense by eternaldoctorwho · 2012-01-31 08:25 · Score: 3, Funny
  
  Looks like we need to step it up a cyber-notch.
  FTFY
2. Re:Cyber-Defense by The+Mister+Purple · 2012-01-31 09:37 · Score: 1
  
  Looks like we need to step it up a cyber-notch. * puts on sunglasses *
  FTFY
  FTFY
  
  --
  "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
3. Re:Cyber-Defense by TiggertheMad · 2012-01-31 09:48 · Score: 3, Funny
  
  Looks like we need to step it up a bit.
  FTFY
  FTFFY
  
  --
  
  HA! I just wasted some of your bandwidth with a frivolous sig!
4. Re:Cyber-Defense by The+Mister+Purple · 2012-01-31 11:32 · Score: 1
  
  Hmm, I should have applied the * puts on sunglasses * to this one.
  
  --
  "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
5. Re:Cyber-Defense by Exclamation+mark! · 2012-01-31 11:51 · Score: 1
  
  Looks like we need to step it up a bit.
  FTFY
  FTFTFY
  FTFTFFYFY
  
  --
  I'm a wanker.... and loving it!
6. Re:Cyber-Defense by TiggertheMad · 2012-01-31 18:05 · Score: 1
  
  FTFFY == Fixed That Fix For You FTFTFY == Fixed That Fixed That For You??? -Makes no sense. So,
  
  Looks like we need to step it up a bit.
  FTFY
  FTFFY
  FTFOAFFY (Fixed That Fix Of A Fix For You), and I win the pedantic war! Balloons for everyone!
  
  --
  
  HA! I just wasted some of your bandwidth with a frivolous sig!
7. Re:Cyber-Defense by Exclamation+mark! · 2012-02-01 12:28 · Score: 1
  
  Well I've learned a new acronym today! I wasn't aware FTFFY == Fixed That Fix For You! Thanks for the FTFOAFFY!
  
  --
  I'm a wanker.... and loving it!
Well, it's called "Defense" by Shag · 2012-01-31 08:14 · Score: 4, Interesting

So, let's see it defend.

--
Village idiot in some extremely smart villages.
1. Re:Well, it's called "Defense" by alreaud · 2012-01-31 10:51 · Score: 1
  
  There is NOTHING that can defend against the failure of the wetware in the system architecture...
2. Re:Well, it's called "Defense" by O('_')O_Bush · 2012-01-31 11:03 · Score: 1
  
  IMO, its doing a pretty good job. I worked a while on the IA team, and from my experiences, breaches have been small and severely limited in damage ever since the USB drive debacle a few years ago (backdoor installed on vendor distributed drives from a tech conference caused gigs of classified data to be stolen).
  
  It takes 6 hours to receive an email through the firewall and filter, but at least there is no spam.
  
  --
  while(1) attack(People.Sandy);
I wonder... by AngryDeuce · 2012-01-31 08:16 · Score: 3, Interesting

China? Wouldn't be surprised...
1. Re:I wonder... by Anonymous Coward · 2012-01-31 08:28 · Score: 1
  
  China runs the pirated infected Windows machines to mask the source of the Russian hackers.
2. Re:I wonder... by Moheeheeko · 2012-01-31 08:36 · Score: 1
  
  If the governement sector there is anything like the private sector im not suprised. go look at the list of banned people on punkbuster, its so bad that when my friends think somone is hacking, we just call them russian.
Yet, there is no cold war by Anonymous Coward · 2012-01-31 08:25 · Score: 2, Interesting

Or so some proclaim. I have to laugh all the times that I see people posting that there is no cold war by china against the west. China is NOT interested in what is best for their citizens. China is not even interested in grabbing Taiwan and simply calling it quits. They are interested in what will put their communist leadership in effective control. Sadly, most republicans and a number of dems are working hand in hand with the communist and handing it over to them.
1. Re:Yet, there is no cold war by Anonymous Coward · 2012-01-31 09:22 · Score: 0
  
  I doubt actions like this are taking place at the national level. I would imagine that most likely these are taking place at a department level for personal gain. IE: Not sanctioned by their respective government.
  Whether it is China or Russia is hard to know for sure, nor does it matter which one is doing it. Hell, it's probably originating in both countries. Regardless of origin, the reaction should still be the same.
  This ain't cold war politics, this is economic warfare for personal profits using government resources.
I'd feel bad but... by Nyder · 2012-01-31 08:28 · Score: 4, Insightful

they reap what they sow.
You want to make the most profit you can, so you undercut. You leave things out, like good security. You make bad choices, all in the name of profit.
Well, you can't skimp on computer security, can you?

--
Be seeing you...
1. Re:I'd feel bad but... by bkaul01 · 2012-01-31 08:36 · Score: 4, Insightful
  
  Problem is, these attacks don't primarily rely on bad security for their point of entry, but on fooling users. You can have the most secure network in the world, but if a user clicks a malicious link that uses the latest zero-day exploit on some Adobe product, it doesn't matter. These aren't people finding holes in firewalls or ill-conceived or executed security plans; they're targeting pretty well-constructed, legit-looking attacks at specific individuals. You or I might be able to discern a malicious e-mail, even if it's really well put together, and something like 90% of other educated users can too, but if they get one or two people to click out of a few hundred, that's all it takes sometimes.
2. Re:I'd feel bad but... by Anonymous Coward · 2012-01-31 08:42 · Score: 0
  
  If you assume that the attackers are not other companies that would be competing on potential contracts (a reasonable assumption) then it doesn't matter if they copy your work. If they are nation-states, who were unlikely to buy your products, but will use your work to further their own defense & aerospace industries that just means that you will have to get an exten$ion on your contract$. In order to keep up of course.
3. Re:I'd feel bad but... by Anonymous Coward · 2012-01-31 08:48 · Score: 0
  
  Let's say you work at one of those companies, you're the top guy with access to everything, no make that, the least important guy with lots of access to make you a valuable target.
  You get a mail from the outside that says to send some blueprints to an email address, well, you have a boss and bosses and so on, and every company has procedures for what gets in and out, just like hazardous materials do. When you move something from the warehouse whether it's a bar of soap or 30 kilos of dinamite, you need papers and signatures.
  If the email is forged, perfectly in accordance to the company policies, then it means your security isn't worth shit. First, because things like that aren't supposed to be public, and second your IT security was made to prevent something exactly like this.
4. Re:I'd feel bad but... by Anonymous Coward · 2012-01-31 08:50 · Score: 1, Funny
  
  "You get a mail from the outside that says to send some blueprints to an email address"
  I don't think you understand what is going on here. Please come back later.
  It's nothing like that
5. Re:I'd feel bad but... by Maximum+Prophet · 2012-01-31 08:53 · Score: 2
  
  Problem is, these attacks don't primarily rely on bad security for their point of entry, but on fooling users. You can have the most secure network in the world, but if a user clicks a malicious link that uses the latest zero-day exploit on some Adobe product, it doesn't matter. ....
  The thing is, often there's no need for any Adobe product at all. It's nice to have all the bells and whistles, but you can conduct business with plain ascii text emails, and other simpler, more secure systems. You can also use physical firewalls to prevent data from moving from/to the Internet.
  
  --
  All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
6. Re:I'd feel bad but... by Jawnn · 2012-01-31 09:13 · Score: 1
  
  Problem is, these attacks don't primarily rely on bad security for their point of entry, but on fooling users.
  Incorrect. Given that users will consistently do things that threaten security, giving them access to potential sources of malware is the very definition of "bad security". If those users' systems are "high value", or those users' systems are are attached to a network connected to "high value" systems, giving those users access to the wild Internet is stupid.
7. Re:I'd feel bad but... by wmbetts · 2012-01-31 09:25 · Score: 4, Insightful
  
  When you're doing a targeted attack with an 0day in something like an ms office product it's pretty simple to get into the network. For example:
  I send a resume to them that's not really a resume it's an 0day in word or adobe. This will get me into HR.
  From HR I then send a list of xyz from a valid and known HR email address that would be of interest to some other manager in another department. I now have an in HR and the other department. I setup filters on the HR ladies computer so she/he won't see any replies to that email. I then send a sorry I didn't mean to send that yet follow up to any replies thus terminating the conversation about said spread sheet, PDF, or what ever.
  Repeat until you have everything you want. Once you have the systems you want just sit there and monitor everything and you'll have all the designs, source, etc.
  I know it might sound far fetched, but I saw something very similar happen at a maker of guitar peddles. They hacked the email server and then did the above and got repo access to the firmware source code and where gone before anyone knew what happened. As far as I know they never figured out who did it, but it was suggested that it was a foreign company.
  
  --
  "Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
8. Re:I'd feel bad but... by Anonymous Coward · 2012-01-31 09:46 · Score: 2, Informative
  
  True. We need to do more to limit the opportunity for user's to open the doors.
  Start with attachments. PDF files should be intercepted and extracted by the mail server, and reprinted to a new PDF file through a PDF engine that is enhanced to strip things like external links, javascript, etc., then replaced with a link so the user will pull the message from the internal secure attachment storage.
  Archive attachments get expanded, recursively, processed, and re-archived.
  All attachments should be checked for proper extensions. Executives and active content should be stripped.
  Also attachments should be retained for 90 days or so, and have new virus sigs run against them, so if some 0-day exploit got through last week, you at least detect it and can take remedial action.
9. Re:I'd feel bad but... by damm0 · 2012-01-31 09:58 · Score: 2
  
  Uh, No. A smooth and engaging first impression can be a critical moment for a product or sales effort. Also, people feel more comfortable when the people they are talking with "look like them". On the Internet, "look like them" really translates into "my emails look like their emails" or "my documents are written in Word, and so are theirs." This application-generated serif is important! So, no, businesses are not going to switch over to emails in plain ASCII because you happen to think it is more secure. Which it isn't, by the way, because you can have plain-ascii emails all you want, but you'll never get rid of attachments, and that's where they'll really nail you. Tell me what kind of work you do, and I'll tell you what kind of attachment you will open every time.
10. Re:I'd feel bad but... by TheCouchPotatoFamine · 2012-01-31 09:59 · Score: 1
  
  tried it, but hackers sent ^G until i had to switch back to sanscrit. (j/k!)
  
  --
  CS majors know the time/space tradeoff, but they never get taught the 3rd, crucial, tradeoff of the set: comprehension!
11. Re:I'd feel bad but... by koan · 2012-01-31 10:15 · Score: 1
  
  That's why you don't put your important info on computers that can be accessed over the Internet or access the Internet, you leave them on a secured LAN with no outside access, this also gives the opportunity to charge any person stealing military secrets with espionage and use the death penalty, quite an effective block to this silliness.
  
  --
  "If any question why we died, Tell them because our fathers lied."
12. Re:I'd feel bad but... by aaarrrgggh · 2012-01-31 11:04 · Score: 1
  
  Yes, it is more like the defense contractors requesting you change the extension of the zip file so it can pass through the firewall...
13. Re:I'd feel bad but... by frank_adrian314159 · 2012-01-31 11:16 · Score: 1
  
  This. Plus, it becomes even easier with companies scattered all over the globe because you can't check on particular items that look odd. At least not easily or without the impediment of time zones.
  
  --
  That is all.
14. Re:I'd feel bad but... by Beardo+the+Bearded · 2012-01-31 11:48 · Score: 1
  
  Well that's the fucked up thing.
  I'm a military contractor. While I'm waiting for a file to download, I'm posting on /. My other monitor has a spec on it right now.
  Nothing I work on with this computer is Classified, FULL STOP. 99% of the documents aren't classified anyway. There's no point and it just makes it harder to work with them.
  If for some reason I want to look at a Classified document, I have to do this:
  1. Request the document.
  2. Get that document request approved and sent to me via a CD with the material burned onto it.
  3. Go to the secure room with a supervisor and sign in.
  4. Check the secure machine.
  5. Get the HDD for the secure machine out of the vault.
  6. Power up the secure machine. It doesn't have LAN or Internet connections. I'm pretty sure the room itself doesn't have ports.
  7. Close the windows and blinds.
  8. Work on the Classified document.
  9. Power down the computer, put the drive back in the vault, sign out.
  For some documents, there's also apparently a debriefing. I haven't looked at any of those.
  Come to think of it, they should encrypt those disks. I don't think they do. I'll see about getting that change made.
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
15. Re:I'd feel bad but... by koan · 2012-01-31 11:58 · Score: 1
  
  Which is exactly how it should be done.
  Why should it be convenient for anyone? I wager 5 quatloos that convenience means little to nothing compared to information security.
  
  --
  "If any question why we died, Tell them because our fathers lied."
16. Re:I'd feel bad but... by Reason58 · 2012-01-31 13:03 · Score: 1
  
  Problem is, these attacks don't primarily rely on bad security for their point of entry, but on fooling users.
  Of course any enterprise level security plan should include user awareness training. The idea that security only applies to machines is not correct, even when it comes to IT.
17. Re:I'd feel bad but... by Thing+1 · 2012-01-31 13:28 · Score: 1
  
  Executives and active content should be stripped.
  Yeah, I know you're an AC and likely won't see it, but: love the typo. :)
  
  --
  I feel fantastic, and I'm still alive.
18. Re:I'd feel bad but... by bkaul01 · 2012-02-01 03:07 · Score: 1
  
  Of course, but it will never be 100% effective. You can reduce the click-rate from 10% to 1% through training, but there's still that 1% that will be fooled and click it to see what it is.
attackers carefully select... by lostsoulz · 2012-01-31 08:29 · Score: 1

...the latest recipient of their "Clicky here purleese," email with the recruitment.xls attachment.
I think I've seen these. by Anonymous Coward · 2012-01-31 08:31 · Score: 5, Interesting

I work for a military-tech company of sorts, and I'm pretty sure I've seen malicious emails like this.. sounds pretty familiar with the bogus conference invites. Fortunately, the company seems to have competent IT, and most non-software people have pretty locked-down machines. Also, if you actually click a link in a malicious email, our internal DNS redirects to a page that essentially calls you an idiot for clicking that link, and warns you to be suspicions of certain emails or else IT will come give you a stern talking to.
Executable attachments simply don't get through, as is common with corporate email. There are better ways to send things anyway.
Certainly some emails would get through the cracks, but whatever my IT department does to make this work seems pretty effective.
1. Re:I think I've seen these. by rtb61 · 2012-01-31 09:44 · Score: 1
  
  The reality is companies should start running networks in parallel. There is not reason that the network that handles email and web browsing should in any way be connected to the internal network. Any data transferred from one network to the other should only be done manually at the computer admin desk, after the data has been scanned and confirmed suitable to leave or be added. It is the simplest way to secure the system and the most reliable. Whilst it might cost a bit more, just one security failure could end up paying for the additional cost for many years.
  
  --
  Chaos - everything, everywhere, everywhen
2. Re:I think I've seen these. by damm0 · 2012-01-31 10:01 · Score: 1
  
  In some companies, this approach would cost SO much as to effectively bankrupt the company. This approach is not the best. Hackers will get in. You can count on that.
3. Re:I think I've seen these. by Anonymous Coward · 2012-01-31 10:33 · Score: 0
  
  Can set up a bunch of VM's on a server, that users can use for external access/email and then have a transfer point to bring data up to internal LAN.
More "cyber" law enforcement is. . . by Anonymous Coward · 2012-01-31 08:33 · Score: 1, Insightful

. . . Going to occur. Meaning, because of crap like this, there will be a greater push for law enforcement types to be on the internet. This does not strike me as a good thing at all. I can see government security freaks pushing against privacy, required internet ID's, and laws against computers and people holding "viruses and other malicious code." As in all other areas, once you give an inch to government control, they will take feet.
1. Re:More "cyber" law enforcement is. . . by The+Mister+Purple · 2012-01-31 12:03 · Score: 1
  
  required internet ID's
  That will be something new to socially engineer out of people.
  
  --
  "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
If you can't win with advanced weapons... by gmuslera · 2012-01-31 08:40 · Score: 1

... its time to go back to the basics, like doing spear attacks.
1. Re:If you can't win with advanced weapons... by The+Mister+Purple · 2012-01-31 12:04 · Score: 1
  
  I'm a big fan of the atlatl.
  
  --
  "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
A day in the life of a defense executive... by thestudio_bob · 2012-01-31 08:44 · Score: 5, Funny

Hmmm.... I don't remember having a conference call with a Nigerian prince. Maybe he wants to by a lot of defense equipment. Awesome!

--
The real Sig captains the Northwestern. This one captains /.
"Another" PDF Vulnerability by Neuroelectronic · 2012-01-31 08:45 · Score: 0

Why do corporations use Adobe PDFs anymore? There has been a long and colorful history of PDF files being the first vector of attack. I'm not even sure it's not intentional. Why does your reader need to be 50mb and support every type of datatype and scripting language under the sun? Why can't these "extras" be part of a different product and not pushed to everyone's desktop in the world? There isn't even anything that PDF's offer anymore that would make them necessary or implacable.
Administrators should simply blacklist Adobe Reader and get a corporate license of FoxIt, if PDF is even a common format, internally.
old school by bigbangnet · 2012-01-31 08:46 · Score: 1

Maybe I'm from the old school but email for me are meant to be only text. no html code, no attachment, no file...just plain text from beginning to end. less risk in the first way. And wtf is wrong with them, opening emails with attachments anyway ?
1. Re:old school by Anonymous Coward · 2012-01-31 08:57 · Score: 0
  
  It's not that attachments are bad, it's that the User Mail Agent executes attachments marked as "runnable" on opening.
2. Re:old school by bigbangnet · 2012-01-31 09:44 · Score: 1
  
  So if I send you an image with a trojan horse which is bypassing your anti-virus this is not bad ? Sorry but i can't see your point, it's flawed. Attachments can be bad because they can contain viruses in lots of forms. I could attach a simple innocent looking image with sub7 or other types of trojan horse "software" and I have a chance (depends on your security software) that it wont detect it and I'll be able to control your pc. In other words, attachments are not to be taken lightly.
3. Re:old school by tlhIngan · 2012-01-31 10:54 · Score: 1
  
  Maybe I'm from the old school but email for me are meant to be only text. no html code, no attachment, no file...just plain text from beginning to end. less risk in the first way. And wtf is wrong with them, opening emails with attachments anyway ?
  All it takes is the right email. Since this isn't a mass attempt at phishing, it'll take some research.
  First, find out a subcontractor (not hard to do if you read press releases), and a project they're working on.
  Then, you find out someone who would have something to do with said project (not too hard, a bit of social engineering and a phone can get you in really quickly).
  Finally, craft a very plausible looking email. If it's in the early stages of a project, round up something like "New specifications for project X". Or something like "Update to specifications", or "Question about specifications". Direct it to the project manager and maybe add something like "Here are our updated specifications - could you please review them?" with a corrupt attachment. The PM may simply forward it to the engineering team thinking they should look into it, and an engineer sees it's from the PM, double-clicks, and boom.
  For everybody using email, there are emails they will always open. Project emails especially. Forge plausible looking headers and it'll be especially easy.
  Heck, remember the RSA hack? It was forged by sending the RSA HR person an email they expect - a list of candidates from the recruitment firm they use. Except that list was designed to spread malware. Customers are also a prime candidate for forged emails.
  Think of the last email you viewed and read. And then ask "why did I open this email? Could it be forged in any way?" Heck, think of the last attachment you didn't delete from you email. Maybe it was a photo from a company event? Hell, if you're in the consumer electronics industry, you probably received some attachments from people at CES - friends who went, etc.
  These aren't your typical phish emails. They are highly targeted ones sent to a few people with a much higher chance of being read and acted on.
targeted at bosses / hire ups / the type of people by Joe_Dragon · 2012-01-31 08:48 · Score: 1

targeted at bosses / hire ups / the type of people who don't want IT in there way and they are the type of people who don't want to be locked down mainly as they have no idea on why they need to be locked down like that.
Re:targeted at bosses / hire ups / the type of peo by X0563511 · 2012-01-31 08:54 · Score: 1

We are seeing Darwin at work, in an unexpected fashion.
The more idiot bosses/execs that get nailed doing this, the less (theoretically) there will be when all is said and done.
Lets just have some patience, and for now enjoy the show.

--
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
That's part of "defense". by khasim · 2012-01-31 08:56 · Score: 1

If there is a weakness, plan to reduce / remove / detect-&-mitigate it.
Right now I agree with the GP. They're saving money by farming the responsibility out to the vendor of whatever product they purchase / lease.
executives and officials by Anomalyst · 2012-01-31 09:05 · Score: 1

That would be the ones that use 12345 or "password" for their authentication.
Why do such places allow their users to see anything but plain text from outside sources? Since they are vulnable to these exploits, one has to assumme they have a MS infrastructure. Set the outlook group policy to disable preview and display only the plain text portion of a message.

--
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
1. Re:executives and officials by Anonymous Coward · 2012-01-31 09:19 · Score: 0
  
  That would be the ones that use 12345
  damn!
  
  or "password" for their authentication.
  damn damn!
2. Re:executives and officials by jamstar7 · 2012-01-31 13:13 · Score: 1
  
  That would be the ones that use 12345
  damn!
  Time to change the combination on your luggage, eh?
  
  or "password" for their authentication.
  damn damn!
  and your login password...
  
  --
  Understanding the scope of the problem is the first step on the path to true panic.
With virtual machines, why is this a problem? by mbkennel · 2012-01-31 09:20 · Score: 1

Why isn't all high-value email being run with an outlook client in a locked virtual machine? Say centralized, with a VNC connection and all the anti-malware scrubbing everything and resetting its configuration?
1. Re:With virtual machines, why is this a problem? by Anonymous Coward · 2012-01-31 10:41 · Score: 0
  
  What means of transferring good attachments out of the VM to open locally will not be used (through social engineering, if you'll dignify it with that term) to transfer bad attachments out -- where they can do harm?
  And if the answer is, lock down attachments, force them to pass through other channels (FTP, sftp, or whatever), wouldn't that work equally well with regular mail clients and a mail server that rejects all attachments?
Red Chinese by benjfowler · 2012-01-31 09:25 · Score: 1, Troll

It'll be the Chinese. Their get-rich-quick mentality, and the evil Chinese Communist Party's habit of indoctrinating everyone with a bullshit sense of self-righteous grievance that everything is Whitey's fault, gives then license to lie, cheat and steal. Chinese have a "shame" culture (unlike our Western "guilt" culture). There's no shame in lying, cheating, dealing drugs, adulterating food and medicine, stealing, etc in their culture -- only the shame of getting caught.
Too bad we can't give them a well deserved hiding, despite their extreme lack of preparedness (they're so set up to attack, their defences are hopeless), we can't do a thing about it. We could've developed a cyber-army worthy of Mordor, except the utter morons in the US Government destroyed the US hacker scene in the 1991 Operation Sundevil busts.
The solution would be very easy: do what the Chinese and Russians do: get a tacit understanding from the US government, that no American who hacks the US government or a US business will go to jail, and then let the hackers go to town. We should've done this 20 years ago.
1. Re:Red Chinese by benjfowler · 2012-01-31 09:30 · Score: 1
  
  ... who REFRAINS from hacking the US government or US businesses, even.
Well known by maotx · 2012-01-31 09:27 · Score: 1

DSS are already our cyber detectives and can bring a great deal of wealth into what to expect with these types of attacks.

This is their report from last year on what kind of defense contractors are being targeted and why. (PDF Warning 2011-unclassified-trends.) Social engineering has generally always been the weakest link in a good secure system, but can still be deterred with strict security policies. It's not really a matter of if you'll get infected, but a matter of when. I've heard of incidents where companies have been infected for months without realization before the FBI stepped in to stop the further transmission of gigabytes of sensitive information.

If you think you or your company has been infected by foreign or domestic threats, go ahead and contact your local FBI office. They'll work with you in a cooperative investigation and guide you to prevent a similar incident from reoccurring. Despite what the movies show, the FBI does not come in and just take control of your network. You're still in charge and nothing happens without your consent.

--
I'm a virgo and on Slashdot. Coincidence? Yes.
Here is what I would consider the major problem... by sir+lox+elroy · 2012-01-31 09:36 · Score: 2

The Gov't and a lot of corporations run their networks like a home network. Flash, sure you can have that because you might want on YouTube and that is a good use of tax payer funds. Acrobat, yah here you go, never mind there are pdf viewers out there that are more secure. Whitelists and blacklists, nah, our users can sit around and watch porn all day, that is an even better use of taxpayer funds. Word docs and spreadsheets, yah you can send and receive those without worrying. We only scan your email for anything you say reguarding our CEO of the company or President of the US, but send and receive those viruses all day long as we have not figured out good perimeter security. Speaking of perimeter security, just email everything you want back and forth that is secure right, or download it to your laptop if you work for the VA.

--
Kosh: "Understanding is a 3 edged sword, your side, their side, the Truth."
Re:targeted at bosses / hire ups / the type of peo by CanHasDIY · 2012-01-31 09:39 · Score: 1

The more idiot bosses/execs that get nailed doing this, the less (theoretically) there will be when all is said and done.
Except, considering the attitudes of pretty much everyone in middle-to-upper management, they will just throw the nearest IT person to the wolves and absolve themselves of any responsibility for their actions.

Been to that rodeo, rode that bronco, got the t-shirt.

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
My machine is fine. by Beardo+the+Bearded · 2012-01-31 10:23 · Score: 1

I'm a military contractor so I'm getting a
30 spins on the house!
We decided to treat you with a present of 30 spins without making a deposit. If you feel like having a gamble but you don't want to risk anything because you are unsure of how it all works, then this No deposit bonus solution is just for you. In addition to that you can have our 1000CAD Welcome bonus package. If you feels like you want to make a deposit we'll match it up to 1000CAD on your first four deposits!
There was never better time to sign in
out of these replies.

--

---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
The open-source malware by dgharmon · 2012-01-31 10:44 · Score: 1

'Clearly the above patterns are trying to appear as though they are related to Microsoft’s “Windows Update” service versus something malicious. A clear, common name for this particular threat did not seem to emerge in the open-source, so we have commonly referred to this threat family as the “MSUpdater” Trojan` link

--
AccountKiller
1. Re:The open-source malware by Anonymous Coward · 2012-01-31 12:23 · Score: 0
  
  'Clearly the above patterns are trying to appear as though they are related to Microsoft’s “Windows Update” service versus something malicious. A clear, common name for this particular threat did not seem to emerge in the open-source, so we have commonly referred to this threat family as the “MSUpdater” Trojan` link
  
  I see what you did there... Nice pdf link.
Re:That's what they get ... by hairyfeet · 2012-01-31 10:58 · Score: 1

Are you forgetting the Linux devs having to scramble to plug a zero day privilege escalation just the other day? this is spear fishing dumbass, they'll find a zero day for whatever OS the target is using and then hit it. We aren't talking some low level script kiddies dufus, we are talking about either criminal orgs or more likely hostile government. your magical thinking won't save you from a targeted attack. Maybe you should tell the guys at Kernel.org to "just use Linux herp derp".,

--
ACs don't waste your time replying, your posts are never seen by me.
Re:targeted at bosses / hire ups / the type of peo by jamstar7 · 2012-01-31 12:57 · Score: 1

We are seeing Darwin at work, in an unexpected fashion.

The more idiot bosses/execs that get nailed doing this, the less (theoretically) there will be when all is said and done.
Great in theory, but that's not quite how the universe works.

Make an idiot-proof mousetrap and the universe evolves a smarter better class of idiot.

--
Understanding the scope of the problem is the first step on the path to true panic.
Who cares. by unity100 · 2012-01-31 16:31 · Score: 1

Has that industry has been utilized for ANYthing other than perpetuating distant wars for the profit of a few corporations at great public expense ?
Which expense, then came out of stuff that reflects directly on people's well being, and the general stability of the society in general, like social security or healthcare ?
why should people give a fuck ? let corporations defend themselves with the money they sucked away from public funds behind the pretense of defense.

--
Read radical news here
Re:Here is what I would consider the major problem by Penguin+Follower · 2012-01-31 18:53 · Score: 1

The Gov't and a lot of corporations run their networks like a home network. Flash, sure you can have that because you might want on YouTube and that is a good use of tax payer funds. Acrobat, yah here you go, never mind there are pdf viewers out there that are more secure. Whitelists and blacklists, nah, our users can sit around and watch porn all day, that is an even better use of taxpayer funds. Word docs and spreadsheets, yah you can send and receive those without worrying. We only scan your email for anything you say reguarding our CEO of the company or President of the US, but send and receive those viruses all day long as we have not figured out good perimeter security. Speaking of perimeter security, just email everything you want back and forth that is secure right, or download it to your laptop if you work for the VA.
Well, I don't know which Gov't agencies you've dealt with, but this is not how it works at military installations. You can have Acrobat and Flash, but you don't get anywhere on the Internet that can do real damage save for Facebook and YouTube. You most certainly won't get to any porn sites. The web is heavily filtered at the AF base I work at.
PDF by greyblack · 2012-02-01 04:29 · Score: 1

Hackers use PDFs to hack into defence contractors network.

Read the full report in this PDF...

--
Everybody uses broad generalizations.
Re:That's what they get ... by lwriemen · 2012-02-02 01:41 · Score: 1

they'll find a zero day for whatever OS the target is using and then hit it.
... and this one was on Windows. Did I mention Linux anywhere in my post. ??? Is it the first item on the script you Windows fanbois are given for replies to posts like mine? I'll have to give Microsoft credit; they've always been good at astroturfing, even on Usenet back in the '90s.