Espionage Campaign Targets Corporate Executives Traveling Abroad

marketing by sociocapitalist · 2014-11-10 03:18 · Score: 2

Any corporate executive traveling will have encrypted communications from their company as a matter of course.

This post is nothing but a weak attempt at Kaspersky marketing.

--
blindly antisocialist = antisocial

Re:marketing by Anonymous Coward · 2014-11-10 03:27 · Score: 0

That doesn't mean they can't be attacked, idiot.
Re:marketing by VIPERsssss · 2014-11-10 03:30 · Score: 5, Insightful

Hah, you'd be surprised. "All that encryption stuff just gets in my way. I'm an important person. Just make it work."

Then you have to clean off all the shit from their laptop when they get back. Or worse, they copied their files to their personal laptop and then took that because it's "easier."

And how dare a lowly IT admin tell the VP of R&D that what they want is dangerous and stupid.

--
We are eternal, all this pain is an illusion.
Re:marketing by OzPeter · 2014-11-10 03:40 · Score: 5, Interesting

Any corporate executive traveling will have encrypted communications from their company as a matter of course.
This post is nothing but a weak attempt at Kaspersky marketing.
I just read this on the weekend: The icky part of tech support: Porn and other NSFW surprises
Which has a wonderful bit of text in it:

In a survey published last year by software vendor ThreatTrack Security, 40% of tech support employees said they'd been called in to remove malware from the computer or other device of a senior executive, specifically malware that came from infected porn sites.
Would you care to revise your opinion of corporate executives?

--
I am Slashdot. Are you Slashdot as well?
Re:marketing by Ihlosi · 2014-11-10 03:46 · Score: 5, Insightful

And how dare a lowly IT admin tell the VP of R&D that what they want is dangerous and stupid.
You don't. You tell them it's a huge financial risk for the company.
Re:marketing by gstoddart · 2014-11-10 03:51 · Score: 4, Insightful

Any corporate executive traveling will have encrypted communications from their company as a matter of course.
In my experience, the more senior the executives, the more they don't think basic security and precautions apply to them.
I'm inclined to think this kind of thing is quite real.

--
Lost at C:>. Found at C.
Re:marketing by mlts · 2014-11-10 03:56 · Score: 4, Informative

One can accuse Kaspersky of being a mouthpiece for Russian propaganda, but in this case, this is a genuine threat.
One Wi-Fi network at a local eatery always tries to replace one of my E-mail provider's SSL keys with one from 192.168.168.168. Most people would just click "continue" or "accept"... or even have their Exchange client configured to accept any SSL key. This makes it plausible that a black bag group could step in to do stuff like this.
Of course, since people are so inundated with updates for Flash, Web browsers, and Java, clicking on yet another update becomes muscle memory, so a Trojan horse is definitely an avenue of attack. Couple this with a transparent proxy that is configured to MITM a key or two, and it isn't surprising how a group like this can score big.
The solution? There is no single magic bullet, but there are things that can help. The most important is user training, but next to that:
1: VPNs. The only key that can be attacked by a compromised local Wi-Fi AP would be the VPN's, and a good profile would just disallow access if this is the case.
2: Home Depot announced that it is moving to Macs. No, OS X is not 100% secure (as the exploit posted last week shows), but the bad guys have their tools honed for Windows. For the most part, Macs are not on the bad guys' menu. Running an alternative platform might be an idea.
3: Going with Citrix, and have the laptop be essentially a dumb terminal. Bad guys can still compromise it, especially with a RAT and taking over the session, but going with this raises the bar, especially if 2FA is used. Again, this isn't 100%, but it does help.
4: Tools like enterprise DeepFreeze. Store data on an encrypted, thawed partition, have the OS and applications be on the "frozen" drive. This makes cleanup a matter of just rebooting, assuming the documents are not compromised.
5: Tools like AppLocker or other programs to ensure unauthorized stuff isn't put on. For salespeople, this isn't going to happen, as they are the company breadwinners.
6: VMs. If the user knows what they are doing, VMs/sandboxes and a VDI can be useful, however, with non-technical people, the KISS principle is important, as they may not want to waste the time firing up a VM in order to browse the web between their presentations.
As for antivirus, this attack is a Dancing Pigs/Dancing Bunnies attack, and no AV software will protect against it, unless the user is denied admin rights on their laptop.
Re:marketing by Anonymous Coward · 2014-11-10 03:57 · Score: 1

And then get harassed to produce numbers to prove your point and more numbers to show how your suggestions will help reduce the risk and then even more numbers to show what the ROI to securing their IT is....
All this while actually supporting your users, maintaining your infrastructure and implementing new projects.......Oh and then people crying they did not receive enough training on how to use the solutions you implemented (god forbid they read the documentation you painstakingly spent time preparing....)
It's a lost battle....
Just bow your head, collect what $$$ you can for the least amount of effort, document what you can to play CYA game....and don't take it personally when they outsource your job to India, when they can get 5 people with Phds for the same rate they where paying you....
Re:marketing by TheCarp · 2014-11-10 04:00 · Score: 5, Interesting

and the more people are willing to kow-tow to them.
We had a presentation once at a previous job on the new corperate single sign on system. I thought it was really strage that they were, in fact, storing passwords using an encryption rather than a hash, a fact which they made fairly clear was not simply a slip up in terminology.
After the presentation I grabbed the presentor for a side conversation and asked why they didn't use a hash when that would be far more standard, and he sighed and said that it was because some people couldn't get over the idea of not being able to recover the password if a high level exec asked them to.

--
"I opened my eyes, and everything went dark again"
Re:marketing by thieh · 2014-11-10 04:01 · Score: 2

This post means the police is busted about telling people encrypting their phones is a bad idea.
Re:marketing by CaptainDork · 2014-11-10 04:03 · Score: 4, Insightful

This has been my experience, as well.
I have told management that it's not my job to casually suggest that they are taking risks; it's my job to jump up and down and rant and rave.
I have also informed them that, for any best practice recommendations they choose to ignore, I need a CYA email from them that I have made the risk assessment clear and that they are making the business decision to ignore me.
For those who will not do that, I send them an email referencing our "talk" about how they have declined to conform with best practice "as we discussed on this date."
In my shop, system does not drive business ... business drives systems. My job is to inform, insist, and bitch and complain.
After I apply due diligence (to the max), business evaluates risk and tells me what to do.

--
It little behooves the best of us to comment on the rest of us.
Re:marketing by Anonymous Coward · 2014-11-10 04:17 · Score: 0

no you tape them refusing to adhere to the encryption and if the company suffers a breach or IP is stolen digitally then you pull out that recording and CYOA
Re:marketing by Anonymous Coward · 2014-11-10 04:33 · Score: 1

At-will employment will get you.
You are absolutely correct and are doing the right thing.
In many organizations, your days as an employee would be numbered if you are seen as "not cooperative" by senior management
Re:marketing by Anonymous Coward · 2014-11-10 05:21 · Score: 0

Read the article moron.
Re:marketing by PvtVoid · 2014-11-10 05:24 · Score: 4, Insightful

no you tape them refusing to adhere to the encryption and if the company suffers a breach or IP is stolen digitally then you pull out that recording and CYOA
I would suggest that clandestinely taping your boss being an idiot is a pretty good way to find yourself out of a job.
How about, oh, I dunno, following up such conversations with a friendly, informative email summarizing the discussion and your recommendations, so there's a paper trail?
Re:marketing by Anonymous Coward · 2014-11-10 05:26 · Score: 0

And...? No, you get them to sign a nice document that includes such language in the fine print and have them sign it.--this should be a standard form, btw, so they don't pull some BS about you trying to single them out Then when they try to cover their ass, you'll have their signature which basically admits they gladly fucked over the company. Anything short of that and they'll lie about what you told them, claim you threatened them, and/or otherwise target you.
Of course, all of that doesn't guarantee anything about you not being fired at the point you try to get their signature or later when things go bad. Nor does it guarantee that the VP will be punished for their gross negligence with company resources. But no part of "huge financial risk for the company" is itself likely to move a VP who is so insulated to think nothing they do matters or is so involved that near everything they're involved in could be a "huge financial risk for the company". By having a clearly spelled out document on how their actions are a risk and having them sign it, though, you can spell out exactly how it's not only a risk but a needless one introduced purely for convenience.
It's all about having a clear conscience and not magically pretending the world is fair and the VP will actually stop and read the document or otherwise act responsibly. The whole discussion hinges precisely on the VP being a dumbass.
Re:marketing by Anonymous Coward · 2014-11-10 05:43 · Score: 0

Great, that'll speed up the process finding an employer who isn't entirely up their own ass. The best thing an organization who doesn't listen to technical best practices can do would be to fire me.
Re:marketing by plover · 2014-11-10 05:45 · Score: 2

If you think this is an attempt at marketing, you should recognize they're doing a terrible job at it. Read page 3 of the PDF above, the section titled "Executive Summary". That is not even close to an executive summary, and wouldn't explain jack to any of the executives I work with.
An executive summary for this paper should read like this:
"We have documented a sophisticated espionage ring that is targeting the laptop computers of upper level executives who travel to Southeast Asia. The attackers are using WiFi attacks, compromising hotel networks, compromising hotel business center computers, and tricking the executives into installing malware. Hotel staff are often complicit in either providing access to the attackers, notifying the attackers when the rooms are unoccupied, or by providing a distraction to the executive. They are stealing intellectual property, contacts, notes, schedules, and passwords. They are implanting keyloggers. They are tracking the executive's movements around the globe. They are installing custom malware to gain further access once the compromised computer is brought inside the corporate firewall. They are using sophisticated cryptography to hide their malware and their exfiltration activities. And they are carefully maintaining the compromised computers to ensure continued access for sustained, multi-year attacks."
That's an executive summary.

--
John
Re:marketing by Anonymous Coward · 2014-11-10 05:57 · Score: 0

B.S. Macs are not on the menu. If anything they are the top choice as most execs are running around with macs as a status symbol if anything else...
Re:marketing by Molonel · 2014-11-10 06:35 · Score: 1

Oh, thank you. I needed a nice, rich deep belly laugh on a Monday morning.

I think back over the years of high-level executives who exempted themselves from ever having to change their passwords or using password complexity, or who refused to use VPN because it was too complicated, or whose computers constantly had to be hosed down and reimaged by techs wearing hazmat suits because of highly inappropriate internet browsing on company computers, and malware-infected USB sticks handed to them at conferences ("It was free!")

"As a matter of course," you say.

If only!
Re:marketing by Anonymous Coward · 2014-11-10 06:38 · Score: 0

As for antivirus, this attack is a Dancing Pigs/Dancing Bunnies attack, and no AV software will protect against it, unless the user is denied admin rights on their laptop.
Our org decided to go this route when we deployed Windows 2000, There was bitching/moaning all around but has proven to be the 1st best solution, the 2nd was removing the power user rights later. (that closed the rest of the software install gaps)
I'm surprise more orgs don't do this. (only IT should have admin access.)
Re:marketing by Anonymous Coward · 2014-11-10 07:25 · Score: 0

If you work for a company small enough to have YOU cleaning up the CEO laptop when they return and post on /. about it, I'm sorry but you aren't big enough for darkhotel to be interested in you.
-darkhotel sysadmin
Re:marketing by Fire_Wraith · 2014-11-10 07:54 · Score: 0

My understanding is that as a security professional, this is part of my job. It's risk management, not risk elimination. I need to be able to make the case that the security controls I'm proposing will make economic sense for the company. To use a physical example, sure, I could probably eliminate shoplifting if I put TSA style guards and nude scanners at the entrances of every store, but between the cost of all the machines and guards, and the fact that nobody would shop there anymore, it far outweighs any benefit in reduced shrink. From the sound of it though, you've experienced all this as a regular Admin who was shoehorned into also providing security work, probably because the company was too cheap to hire people specifically for that, which says a lot just to begin with. What follows is utterly unpredictable, and you're absolutely right to document everything you can, and hope that your next job is with a company that's at least slightly less mismanaged.
Re:marketing by Vokkyt · 2014-11-10 07:59 · Score: 1

I want to second this as the reason that a lot of people are afraid of going the proper security route.
At the University I work at, we have been trying to push through full disk encryption for computers that go out into the wild for years now, and each time we're told it's impossible because "what if someone loses the password?"
Even with two key solutions that would ultimately at least allow access should we need it, we're told that the possibility of someone leaving on a trip and getting locked out of their computer is completely unacceptable.
Re:marketing by TheCarp · 2014-11-10 09:10 · Score: 1

It has been about a decade since I worked at a university, but, I still remember hearing about the great debates. I wasn't part of them, but heard about them second hand from one of the people who was. At the time they were trying to push through email virus scanning and....
"But this is a university, its perfectly legitimate that someone researching viruses may want to get email with viruses, we can't do anything that would impede legitimate research!"

--
"I opened my eyes, and everything went dark again"
Re:marketing by Anonymous Coward · 2014-11-10 09:25 · Score: 0

And then get harassed to produce numbers to prove your point and more numbers to show how your suggestions will help reduce the risk and then even more numbers to show what the ROI to securing their IT is....
...and this is different from any other department of a business?
You're in the real world now. The work you do has a dollar value. Find it. If you don't know how to measure it, then go read books or take classes until you can. The difference between a hobbyist and a professional is not a matter of skill. The professional just also knows how much things cost.
The IT department loves to say "security is everybody's business". Well, knowing the bottom line is also everybody's job, even the IT department's. No excuses.
Re:marketing by Anonymous Coward · 2014-11-10 09:31 · Score: 0

... not being able to recover the password ...

So they the want their password to stay as something they can't remember? That's more clever then creating a point of weakness in the authentication system.
Re:marketing by pacman+on+prozac · 2014-11-10 20:39 · Score: 1

And then get harassed to produce numbers to prove your point and more numbers to show how your suggestions will help reduce the risk and then even more numbers to show what the ROI to securing their IT is....
If you can't show how your suggestions will reduce risk then why would you expect a business to spend time and money implementing them.
Re:marketing by Anonymous Coward · 2014-11-10 22:31 · Score: 0

Counterintelligence must start from the top. If management doesn't care and refuses to understand why they should care about having trade secrets stolen then there's nothing you can do.
Re:marketing by Anonymous Coward · 2014-11-10 22:37 · Score: 0

The bottom line is that trade secrets are stolen, contracts are lost and the business goes bankrupt. So the "numbers" are "zero, zero, zero, zero, zero and zero".
Re:marketing by torkus · 2014-11-12 04:06 · Score: 1

Agreed in many cases.
Some things - like VPN and Citrix are relatively secure. Unfortunately many executives also use things like gmail, facebook, SMS, chat, xyz-gaming-app and so on during their travel. I've seen plenty of senior people send confidential information outside of accepted/expected channels. They don't want to remember passwords, much less change them. There's a lot of 'I'm too busy and it won't happen to me anyhow' mentality with data security.
'Sorry, we don't allow abc gizmo you have to use the standard whatever for your presentation'
'Ok, fine'
'You need a 12 character password changed every 30 days for administrative access the core production servers'
'Well I'm just checking on data for meetings from my iPhone, I can't type all that in. Set it the same as my windows password that never changes'
'This computer connects to a real-time stock market trading network, it has a password and 15 minute screen saver timeout'
'I can't waste time entering passwords, that's way too much work and complexity. I just need to do my trades!'

--
You can get rich if you own a politician, but you have to be rich to buy one in the first place.

Gaming the Market by DumbSwede · 2014-11-10 03:26 · Score: 3, Interesting

One always hears about attempts to steal intellectual property, but (assuming this isn’t hype by Kaspersky) could these types of attacks be about insider trading? Could nation-states being playing the markets with this info?

--
Letter To Iran

Re:Gaming the Market by bickerdyke · 2014-11-10 03:43 · Score: 2

Yes, yes, and yes, it could be a Kaspersky-Hype, too.

--
bickerdyke

no PDF warning? by Anonymous Coward · 2014-11-10 03:26 · Score: 0

and that's one fscked up URL!

Kaspersky soaking the executives by EmperorOfCanada · 2014-11-10 03:33 · Score: 2

I hope that Kaspersky manages to cheat these executives out of tons of money based on this nebulous threat.

Re:Kaspersky soaking the executives by fustakrakich · 2014-11-10 04:56 · Score: 1

Why? It only means your ATM fees will go even higher. The executives pay nothing. You pay all costs.

--
“He’s not deformed, he’s just drunk!”
Re:Kaspersky soaking the executives by Anonymous Coward · 2014-11-10 06:27 · Score: 0

It is NOT nebulous. Some attackers hat full access to Northern Telecom's CEO's computer. For years before they discovered it.
Now guess what happened to this nice company.

Burners by Anonymous Coward · 2014-11-10 03:33 · Score: 0

I hear about people bringing their personal phones and laptops to China and the rest of SEA all the time. And those stories are full of woe.

Never, ever, bring your own personal device while you're traveling. Not even if you're conducting business.

Re:Burners by tibit · 2014-11-10 03:55 · Score: 4, Interesting

Agreed. I always wiped my machine and installed the few things I really needed before going to Asia. Since I had to do some software development, I'd have an encrypted VM with a compiler. Only while there I'd download the git repository over an encrypted connection, use it, push the changes, then wipe the image before going back. If someone decided to take the machine, there was nothing useful on it. The VM was encrypted so that if a "maid" took it, or, more likely, someone on public transportation, the image would be useless to the thief.

--
A successful API design takes a mixture of software design and pedagogy.
Re:Burners by fustakrakich · 2014-11-10 05:01 · Score: 1

I always wiped my machine and installed the few things I really needed before going to Asia.
You should do that for coming back. You never know when customs will steal your machine. Always travel with throwaway items, and always give false information where possible and practical. This is what today's institutions reward while the honest weep in their jail cells.

--
“He’s not deformed, he’s just drunk!”
Re:Burners by Anonymous Coward · 2014-11-10 05:12 · Score: 1

I use BitLocker with TPM+PIN+USB flash drive, when I fly to other countries.
This way protects me on three fronts:
1: If I have physical control of my USB flash drive, I know the data is not getting accessed, even if the laptop is stolen.
2: If I get everything stolen, too many wrong PIN guesses, and the TPM will refuse to deceypt.
3: A "maid" decides to update the MBR or GPT, the machine isn't going to boot.
From there, I mainly use a Citrix instance to access what data I need, as the encryption is to ensure tamper resistance as opposed to data protection. That way, if the laptop is seized on bogus pretexts, the data is not going to be there. I also use DeepFreeze, to ensure anything put on the machine before it leaves the US doesn't get tampered with.
Of course, XKCD panel 538 applies, but anything less than overt rubber hose coercion, the data remains secured.
Re:Burners by Anonymous Coward · 2014-11-10 06:56 · Score: 0

It works much more civilized. A nice chinese* girl will give you a blowjob while her boyfriend installs a little physical keylogger inside your nice hardware. That one will broadcast all your pazzwordz 500 meters down the road. Next step will be a "petty thief" mugging you on the street. He is also a boyfriend of girl. That guy can now inspect your harddrive becauze he has your passwords at this point.
You will still live under the impression "that is was Bitlocker-secured".
* Could be British or French, too. Just not German - they are too much in awe of ethics.

Corporate espionage is standard practice by quietwalker · 2014-11-10 03:37 · Score: 5, Interesting

... at least, outside of the US, it seems. Many countries have a policy that basically boils down to "if you can grab it, then it's yours, and it's impolite for another company to point fingers and claim you stole it." Not as litigious perhaps, but certainly less trustworthy. I got the standard 4 hour class from at least two companies; don't talk to folks on planes about it, don't talk to folks at the hotels, they'll arrange friendly people to sit next to you, or have a room next to you, or to flirt or whatever. Act as if your laptop/other hardware WILL be stolen or sabotaged. Keep one for travel with only the minimum relevant information on it, and so on.

I worked for a company once that did big data analysis for the semiconductor industry. Boosted yield rates by anywhere from 3 to 15%, which is a big deal. It was a service, not a software product, so we took their data, did our analysis, and the product was suggestions to correct their process, with proof. Obviously we had a lot of special software on the backend which represented our core IP, and we protected that.

When we went to China, we rewrote the executable so it was encrypted, plus locked to the CPU id.

Part of our process required about 18-20 hours to run on the puny laptops we had available, and the folks we met actually laughed when they told us we couldn't stay the night, nor take the systems back to the hotel with us because they had been exposed to their internal network. So we chained it to a desk, and the next morning, the system had died, and it looked like someone had removed the hard drive while the thing was running. Apparently after a day in a half of processing later, they realized they couldn't get their copy to run, and explained that they had to keep our machine, forever, but they would provide us with one that was equivalent - loaded with virii and spyware no doubt.

One of the individuals actually begged us to stop when we took apart our laptop and ground the hard drive and cpu up and shattered the boards. Total lack of composure, I assume he was losing his job at that point.

However, that was just par for the course for much of Asia, barring Japan.

Re: Corporate espionage is standard practice by Anonymous Coward · 2014-11-10 03:59 · Score: 1

Half of Korea ain't so bad either.
But yeah, the rest of Asia is pretty f'ed up.
Re:Corporate espionage is standard practice by Anonymous Coward · 2014-11-10 04:04 · Score: 2, Interesting

One of the individuals actually begged us to stop when we took apart our laptop and ground the hard drive and cpu up and shattered the boards. Total lack of composure, I assume he was losing his job at that point.
Well, yeah. He failed to do his research. Not all targets are soft targets. If he'd done his research, he could have got it escalated to the Dream Team who would have been able to determine how to handle the problem, or to back off and try to find another, less obvious, way to steal your stuff. Sucks to be him.
Re:Corporate espionage is standard practice by Anonymous Coward · 2014-11-10 05:31 · Score: 0

The only difference was the US corporations outsourced the work to the NSA on the tax-payers dime.
Re:Corporate espionage is standard practice by Solandri · 2014-11-10 05:42 · Score: 1

However, that was just par for the course for much of Asia, barring Japan.
Japan is much the same, they are just much better at hiding it.
Re:Corporate espionage is standard practice by Anonymous Coward · 2014-11-10 06:05 · Score: 0

Oh my dear precious little American - there was a time your compatriots sailed to China with frigates and forced the local police to allow the opium trade YOUR forefathers controlled.
You just get a *minor* payback.
Re:Corporate espionage is standard practice by Anonymous Coward · 2014-11-10 06:06 · Score: 0

You Americans are just a little sick, that's all. Japan is your most obedient vasall there.
Re:Corporate espionage is standard practice by IamTheRealMike · 2014-11-10 06:30 · Score: 1

... at least, outside of the US, it seems. Many countries have a policy that basically boils down to "if you can grab it, then it's yours, and it's impolite for another company to point fingers and claim you stole it."
I guess you didn't read the parts of the Snowden releases where NSA/GCHQ were caught engaging in industrial espionage, right?
If you think the USA is somehow on a moral high ground here, I really wonder why. The USA has less that it can steal from other countries, but it certainly hasn't shown any signs of hesitation.
Re:Corporate espionage is standard practice by khallow · 2014-11-10 07:06 · Score: 1

Tell you what. I'll hop in my time machine and stop the opium trade of my "forefathers", if you hop in your time machine and fix 19th century Chinese society.
Re:Corporate espionage is standard practice by quietwalker · 2014-11-10 07:12 · Score: 2

Sorry, I should have been more clear.
There's apparently less corp-to-corp espionage rather than gov-to-corp*. It's simply not intrinsic to our culture, especially when the legal system provides such an easy way to strike at those who do. Heck, we even sue when people switch jobs to a competitor. If you come up with something remotely similar to an existing product - you're gonna get sued, that's how it is.
What I've noticed is that there's two general types of countries; in one type, the onus is on the potential victim to protect their IP, and in the other type, the onus is on the potential criminal to not commit a crime.
So you see places like India and China, where corporate espionage is not only expected, it's condoned at every level. Along with bribes and kickbacks, it's just how business - and often politics - is done. There's not even a cultural disconnect. It's expected! (check out another article from today : http://politics.slashdot.org/s... )
* - except when the government is running the corps, like in china...

It's a lie! by MagickalMyst · 2014-11-10 03:40 · Score: 2

Everyone knows there is No Such Agency.

--
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.

But Wait by LeadSongDog · 2014-11-10 03:51 · Score: 1

Didn't Apple and Google both assure us that our data was safe in their clouds? That even they couldn't read it? What could possibly go wrong?

--
Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.

Re: But Wait by Anonymous Coward · 2014-11-10 03:54 · Score: 0

nothing unless u take innappropriate pics or do illegal stuff. If your a good citizen who cares. Ttt

Target, TJ Maxx, Home Depot by raymorris · 2014-11-10 04:22 · Score: 3, Insightful

Most top level executives don't know DES from GPG or IDEA.
What they do understand is when you send them an email with links to to three Wall Street Journal articles, Target, TJ Maxx, and Home Depot, then say "to prevent this from happening to our company, we need to have the following policies in place:".

Re:Target, TJ Maxx, Home Depot by boristdog · 2014-11-10 04:52 · Score: 2

Doesn't matter. The exec will have all his passwords taped to the bottom of his laptop.
Seen it too many times to be shocked.
Re:Target, TJ Maxx, Home Depot by PvtVoid · 2014-11-10 05:18 · Score: 2

Doesn't matter. The exec will have all his passwords taped to the bottom of his laptop.
Idiots. It's much easier to type them in if they're taped to the top.
Re:Target, TJ Maxx, Home Depot by Anonymous Coward · 2014-11-10 05:22 · Score: 0

If they have physical access to see the passwords they are already beyond screwed.
Re:Target, TJ Maxx, Home Depot by Anonymous Coward · 2014-11-10 09:26 · Score: 0

... don't know DES from GPG or IDEA.

I read that as "... don't know DES from GPG or Ikea". It made much more sense.
Re:Target, TJ Maxx, Home Depot by Anonymous Coward · 2014-11-10 11:23 · Score: 0

full disk encryption, autorun turned off, and enforced logins. security in depth.
all the thief gets is a laptop that will switch its camera on, turn on the GPS, and give us a play by play exactly where it is at all times. they can't use the data
Re:Target, TJ Maxx, Home Depot by Anonymous Coward · 2014-11-10 22:43 · Score: 0

Hand written passwords in his wallet are fine, because it's non-digital and on his person and he needs to be physically abducted to be compromised.
If that password list includes a bios password that can only be reset by disassembling his laptop, at great time cost and personal risk to an intruder, that would be great.
Re:Target, TJ Maxx, Home Depot by sociocapitalist · 2014-11-12 01:41 · Score: 1

Most top level executives don't know DES from GPG or IDEA.
What they do understand is when you send them an email with links to to three Wall Street Journal articles, Target, TJ Maxx, and Home Depot, then say "to prevent this from happening to our company, we need to have the following policies in place:".
Sounds like an excellent way to get them to click on malware links too :-)

--
blindly antisocialist = antisocial

Not surprising in the least by ErichTheRed · 2014-11-10 04:24 · Score: 3, Insightful

I'm a client systems person (yes, yes, I know, the desktop is dead and everyone is going to be writing Excel macros on their iPhones...I'm aware of it.) But, having worked for a couple of companies' IT departments doing this, and for a service provider doing this for other customers, I am absolutely not shocked that corporate execs are being targeted for this. Almost everywhere I've worked, executives have overriden the rules and required that they have full admin access to their laptops. Combining this with BYOD and users travelling onto untrusted networks is a nightmare. All it takes is one time not carefully thinking about a prompt to update something from a non-legitimate source. Once that's done, all the full-disk encryption and other good stuff goes out the window.

The higher the rank, the less they know or care about information security. It's a losing battle too, because (a) they don't want some lowly IT guy telling them what's best for them, and (b) the heavy-handed approach doesn't work because they don't believe there's a threat.

Hotel networks are especially interesting because the system is most likely some turnkey thing like a Cisco or Juniper appliance that gets wired up, thrown in a closet and forgotten about. That's the perfect target for compromise because it never gets updated, bugs never get fixed, and all you have to do to get physical access to the device is get a job as a cleaner or maintenance person.

And who's buying the data? by Princeofcups · 2014-11-10 04:27 · Score: 3, Insightful

The same guys who are having their data stolen are the ones buying data that was stolen from some other guy. It's a sociopath feeding frenzy, and the criminals are cashing in.

--
The only thing worse than a Democrat is a Republican.

and then get fired for not doing your job by publiclurker · 2014-11-10 04:33 · Score: 2, Interesting

Since it is your job to protect them from these risks, not to produce stupid policies that get in the way of their "work". I managed to get a few nice laptops from my wife's former bosses. They were so loaded with malware that the barely functioned. Rather than admit that they were responsible, the point hairs simply bought new laptops and discarded the old ones.

Re:and then get fired for not doing your job by Ihlosi · 2014-11-10 05:25 · Score: 1

Rather than admit that they were responsible,
Why should they "admit" something that they barely understand in the first place?
The average user doesn't know how malware works, how to recognize it, how it gets on their machines, why it's bad to have it on your machine, etc. And the average user also doesn't possess the technical expertise to understand a thorough explanation.
Re:and then get fired for not doing your job by Anonymous Coward · 2014-11-10 05:28 · Score: 0

Evidently your wife is performing neither function if she's giving you a not-wiped laptop.
Re:and then get fired for not doing your job by Anonymous Coward · 2014-11-10 06:44 · Score: 0

China will take over by the sheer force of their hard labour. The only question is how steep the trajectory will be. Spying is not really required. They can buy almost every secret one way or the other from western corpos.
The western world has become a world of Pinky Pussies. C.f. Hewlett-Packard Co, Nortel, Bell Labs, Huawei.

More C&C Domains to add to hosts... apk by Anonymous Coward · 2014-11-10 04:55 · Score: 0

0.0.0.0 begatrendstone.com
0.0.0.0 autozone.000space.com
0.0.0.0 000space.com
0.0.0.0 genuinsman.phpnet.us
0.0.0.0 phpnet.us
0.0.0.0 auto2116.phpnet.us

* Same as before, right into your hosts file those go along with the previous ones from my last post I am replying to, & same source (much farther down into the source PDF...)

APK

P.S.=> Enjoy... apk

Re:"Threat actor" - buzzword du jour by StevenMaurer · 2014-11-10 04:56 · Score: 1

Suddenly this is the new thing. You could simply say "the thief" or "the bad guy" or "the spy", but then you wouldn't sound all Matrix.

Lighten up, Slashdot.

That term is commonly used in the security industry, specifically because it is more generic than "virus writer", "thief", "foreign intelligence service", or "disgruntled worker".

So what about Linuxen and Chromebooks? by joelpomales · 2014-11-10 05:11 · Score: 1

What about giving the execs a Linux notebook with a password protected Bios, a Linux distro with full hard drive encryption + home directory encryption a VPN connection and a VM? Too much for an exec to handle? What about Chromebooks? As far as I know, they'll alert you if they've been tampered (as people that have installed Crouton can attest to), it stores nothing locally and can be wiped out from the other side of the planet? I know that execs can be...fickle. But there are alternatives.

Re:So what about Linuxen and Chromebooks? by Anonymous Coward · 2014-11-10 06:09 · Score: 0

If they have physical access to a machine it is GAME OVER. Just think of the key logger which they can solder to the keyboard while the "exec" is being massaged by a teammate of the attackers.
Re:So what about Linuxen and Chromebooks? by Shajenko42 · 2014-11-10 07:01 · Score: 1

"Real funny. Now get me a real computer before I have you fired so fast it will make your head spin."
Re:So what about Linuxen and Chromebooks? by Anonymous Coward · 2014-11-10 11:43 · Score: 0

key logger soldered?
Does google make an Antitamper addition to chromebooks?
basically a "my case has been cracked open, Im not booting until the admin puts in a password!"

Re:"Threat actor" - buzzword du jour by Anonymous Coward · 2014-11-10 05:15 · Score: 0

New? That term has been around for years in the "cybersecurity" field. Get with the verbiage or lose "cred".

Re:Air travel begets insane CO2 production by blackomegax · 2014-11-10 05:36 · Score: 1

It's funny how none of you shills ever post from a real account.

Re:Easy to stop via custom hosts files... apk by Anonymous Coward · 2014-11-10 05:56 · Score: 0

You forgot noip.com, dyn.com, dnsdynamic.com, and a whole bunch of other dynamic DNS providers. Are you saying that you'll make the choice as to which DDNS providers you think are safe and which are not based on subdomains? No thanks.

"All of his passwords"? Many solutions: SSO, IDM by raymorris · 2014-11-10 05:59 · Score: 1

If the exec has too many passwords at work to remember easily, of course they will write them down.
Solutions to that include SSO, IDM, etc.

Re:Air travel begets insane CO2 production by Anonymous Coward · 2014-11-10 06:00 · Score: 0

It's funny how you think ad hominem defeats logic.

Re:Air travel begets insane CO2 production by Anonymous Coward · 2014-11-10 06:21 · Score: 0

It's funny how you think ad hominem defeats logic.

It's funny how you attribute 'logic' to your own gibberish, instead of crazy fucking idiot like the rest of us attribute it to.

Citrix FALLACY by Anonymous Coward · 2014-11-10 06:35 · Score: 0

Attackers with just a medium level of competence will simply make screenshots every five seconds or so. Then they will use some open-source OCR tool to index said screenshots. The best ones will be downloaded to the attackers lair based on said indexing. No white cats required, though.

THAT will provide the attacker with the SAME intelligence as the "executive". Which is plenty, if the exec is not a dumbass and stays well-informed. Via Citrix.

Re:Easy to stop via custom hosts files... apk by Anonymous Coward · 2014-11-10 07:14 · Score: 0

He forgot that the attacker might upload to gmail. That he might creates new domains on a continuous basis.

Static defenses dont work alone. You need Network Police to monitor the traffic of all computers to be secured. Those folks need to inspect any deviation from "known good" traffic patterns. Which is easier said than done. If you want to do it properly, you need software engineers for that, as filters need to be adapted to the specifics of a certain business.

Of course you can BUY this service from companies like Counterpane. Which is probably the best approach for most corporations. Network security folks are a special breed and it does not make sense to have them managed by a standard PHB of ACME Inc.

Re:Air travel begets insane CO2 production by Anonymous Coward · 2014-11-10 07:22 · Score: 0

And there you go using A/C, avoiding logic, and using ad hominem again.

No wonder you can't get a job! Haha.

I referred to the source article's source... apk by Anonymous Coward · 2014-11-10 07:51 · Score: 0

A .pdf file from the researchers as to what I put out vs. THIS threat in particular only.

APK

P.S.=> That's all... & yes - it works (ala you can't be burnt if/when you can't touch a flame)... apk

"Rinse, Lather, & Repeat"... apk by Anonymous Coward · 2014-11-10 07:55 · Score: 0

The source article's source did that monitoring already - read again -> http://it.slashdot.org/comment...

APK

P.S.=> You guys need to learn to read & as for OTHER threats of this nature (using host-domain names, dynamically generated or not? Hosts once they are known, can be blocked in hosts) - my free hosts updating program gets the latest threats that way on other threats and this one, from 12 reputable sources in the security community... apk

Re:"Rinse, Lather, & Repeat"... apk by Anonymous Coward · 2014-11-10 08:29 · Score: 0

Your "12 reputable sources in the security community" are in error if they are blocking the entire mooo.com domain. There may be some subdomains there that are bad but there are a heck of a lot of subdomains in mooo.com that are valid.
Didn't MS (or someone) get a lot of flak for deciding that noip.com (or some DDNS) was just one giant malware trap? A lot of perfectly safe domains and useful websites got taken offline because of that.
No thanks, I'll make my own choices as to which domains are good or bad.

counter-espionage by phorm · 2014-11-10 08:01 · Score: 1

I wonder how hard it would be to dump something on there that "looks" like the real deal, but deliberately delivers poor performance, bad output, or even a cleverly hidden security hole.

Let them steal it, and then see if you can use those to your advantage when they make use of the subtly broken tech.

BS detector by Anonymous Coward · 2014-11-10 08:27 · Score: 0

Attack vector described by Kaspersky is widely known. This is just a nicely written marketing campaign around it by Kaspersky lab inc.

Here's link to description from FBI in 2012:
http://www.fbi.gov/sandiego/press-releases/2012/malware-installed-on-travelers-laptops-through-software-updates-on-hotel-internet-connections

You have that choice: edit hosts... apk by Anonymous Coward · 2014-11-10 08:40 · Score: 0

However, once a domain goes bad (even subdomains) it's suspect - see subject line above: Hosts are just a textfile you can edit to remove ones you want to take a chance on is all, yourself.

APK

P.S.=> This keeps you up to date vs. this & other threats, automagically, as I noted in my 1st reply -> http://start64.com/index.php?o... ... apk

But the average user by publiclurker · 2014-11-10 09:47 · Score: 0

would understand after their first computer was rendered unusable that the stuff that IT wants to put on their computer is there for a reason, even if they don't understand the specifics.

she's an accountant by publiclurker · 2014-11-10 09:51 · Score: 0

and IT did wipe all of the computers with the possible exception of the one that the CFO's kids tried to use as a panini press. the only thing usable from that system was the memory, which I gave to a friend that had a similar system. the ignorance of the executives did have one advantage. Every 6 months they demanded the hottest systems on the market for their critical web surfing and minesweeper games. It would order these systems and take out a lot of the extra memory, etc and give it to the engineers for their CAD systems.

China is proven, Snowden only has allegations by sethstorm · 2014-11-10 11:14 · Score: 1

I guess you didn't read the Snowden allegations

FTFY.

If you think the USA is somehow on a moral high ground here, I really wonder why.

See my title - China has been proven to do it while Snowden hasn't even gone to a US court. The only people that think that the US has lost any moral ground are those that oppose the US, and/or additionally support Snowden's allegations.

--
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.

Execs by Anonymous Coward · 2014-11-10 19:56 · Score: 0

OK so I am one of these dumb senior corporate executives ! (my brother referred me to this thread...). The problem is I don't have one password to remember and manage, I have about 15 for work, each of which with the requirement to periodically change with different password lengths and specs. Some have frequent usage some infrequent. It is therefore simply not possible to reliably remember all this, so the only option is record them somehow, defeating the purpose of the password. I know about digital passbooks etc. The IT worlds solution of using a changing password for each and every system therefore does not work and it a bit simplistic to blame the user. Maybe you can blame the guy who tapes the password - I use a PostIt note much more secure.

So the problem is not just with the users - we need to find a practical solution for managing multiple, changing passwords.

Easy to stop via custom hosts files... apk by Anonymous Coward · 2014-11-11 00:25 · Score: 0

0.0.0.0 microblo5.mooo.com
0.0.0.0 mooo.com
0.0.0.0 microyours.ignorelist.com
0.0.0.0 ignorelist.com
0.0.0.0 micronames.jumpingcrab.com
0.0.0.0 jumpingcrab.com
0.0.0.0 microchisk.mooo.com
0.0.0.0 microalba.serveftp.com
0.0.0.0 serveftp.com
0.0.0.0 officerevision.com
0.0.0.0 tradeinf.com
0.0.0.0 42world.net
0.0.0.0 academyhouse.us
0.0.0.0 adobeplugs.net
0.0.0.0 amanity50.biz
0.0.0.0 autocashhh.hostmefree.org
0.0.0.0 hostmefree.org
0.0.0.0 autochecker.myftp.biz
0.0.0.0 myftp.biz
0.0.0.0 autoshop.hostmefree.org
0.0.0.0 autoupdatfreeee.coolwwweb.com
0.0.0.0 coolwwweb.com
0.0.0.0 checkingvirusscan.com
0.0.0.0 dailyissue.net
0.0.0.0 dailypatch-rnr2008.net
0.0.0.0 fenraw.northgeremy.info
0.0.0.0 northgeremy.info
0.0.0.0 generalemountina.com
0.0.0.0 goathoney.biz
0.0.0.0 jpnspts.biz
0.0.0.0 jpqueen.biz
0.0.0.0 mechanicalcomfort.net
0.0.0.0 micromacs.org
0.0.0.0 ncnbroadcasting.reportinside.net
0.0.0.0 reportinside.net
0.0.0.0 neao.biz
0.0.0.0 private.neao.biz
0.0.0.0 reportinside.netself-makeups.com
0.0.0.0 self-makingups.com
0.0.0.0 sourcecodecenter.org
0.0.0.0 supportforum.org
0.0.0.0 updatewifis.dyndns-wiki.com
0.0.0.0 dyndns-wiki.com
0.0.0.0 begatrendstone.com
0.0.0.0 autozone.000space.com
0.0.0.0 000space.com
0.0.0.0 genuinsman.phpnet.us
0.0.0.0 phpnet.us
0.0.0.0 auto2116.phpnet.us

* Those entries added to your hosts file will blockout domains/hosts this malware uses, included are sinkholed domains/C&C etc. (which *may* only be 'sinkholed' @ the DNS level in the USA only, as was the case with other malwares, courtesy of the FBI for US folks only - NOT overseas...)

SOURCE ARTICLE = http://www.net-security.org/se... & source of domains/hosts to cutoff via hosts is on that page as THIS .pdf -> http://25zbkz3k00wn2tp5092n6di...

APK

P.S.=> For even MORE comprehensive coverage & protection vs. such threats? Use my free APK Hosts File Engine 9.0++ 32/64-bit -> http://start64.com/index.php?o... (for more SPEED, SECURITY, RELIABILITY, & even ANONYMITY online)... apk

Re:Air travel begets insane CO2 production by blackomegax · 2014-11-11 02:50 · Score: 1

The AC post was not I, but I do agree with it.

Kaspersky???? by MoarSauce123 · 2014-11-14 00:51 · Score: 1

Eugene Kaspersky is Putin's sauna buddy and their AV product is engaging in funky behavior. Unfortunately, my company's IT decided to ditch our old AV and go with Kaspersky instead. Not because it is better, less a performance drag, more compatible, or anything - quite contrary. The decision was made because we need some AV to check off a box on a list for management and do so by spending the least amount of money. Leaves us cubicle dwellers wondering who ships GB of data every night to a data center in Canada...it is Kaspersky AV! We asked why and got no response. Since that database server may hold customer data at times we cut the cord for Kaspersky and since then the nights are quiet. Since then I disregard anything Kaspersky or its mouthholes claim even more than before. Might as well install some Chinese AV or any other malware that downloads gobs of data for 'our protection'.

Slashdot Mirror

Espionage Campaign Targets Corporate Executives Traveling Abroad

101 comments