Thursday, October 22, 2009

Cyberespionage Overview

An article in today's Wall Street Journal outlines evidence of a cyberespionage attack against a US technology company. According to the article,
The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are "straining the U.S. capacity to respond," the report concludes.
The report also details the techniques, tactics, and procedures of the cyberspies.
In the months leading up to the 2007 operation, cyberspies did extensive reconnaissance, identifying which employee computer accounts they wanted to hijack and which files they wanted to steal. They obtained credentials for dozens of employee accounts, which they accessed nearly 150 times.The cyberspies then reached into the company's networks using the same type of program help-desk administrators use to remotely access computers.The hackers copied and transferred files to seven servers hosting the company's email system, which were capable of processing large amounts of data quickly. Once they moved the data to the email servers, the intruders renamed the stolen files to blend in with the other files on the system and compressed and encrypted the files for export.Before exporting the data, the collection team used employee accounts to take over four desktop computers to direct the final stage of the operation.They selected at least eight U.S. computers outside the company, including two at unidentified universities, as a drop point for the stolen data before sending it overseas. The high Internet traffic volume on university networks provides excellent cover.

We will discuss the specifics of these kind of targeted cyberespionage attacks in class in the coming weeks.


Zahara Vex said...

The open wireless networks available at most American universities, including here at Georgetown, seem to an open invitation for cyber-terrorists and cyber-spies. While open and easily accessible networks are a convenience, the lack of security leaves students and other users vulnerable to attack from any number of sources including hackers wishing to utilize their hardware for malicious purposes. In addition, these networks can provide a means for organizations to host harmful software, disseminate extremist ideologies, or simply store data until the hacker/intruder chooses to transfer the information to another place. Universities should not be ignorant of the dangers open networks pose, and they should be doing more to secure their networks from inappropriate and unsolicited use.

Eric said...

The benefits of an "open and easily accessible" network at a University goes beyond just convenience; it is a necessary way for students and teachers to communicate. But like everything else we have talked about in class, it is necessary to find a balance between openness and security. One major threat I could imagine happening here at Georgetown would be a denial of services attack--shutting down MyAccess, for example during registration. Because this whole process is online, there would be major consequences for our community.
Another threat, as shown by Ned earlier in the semester, is that the unencrypted information can be easily intercepted. This poses a threat for credit card theft, for example.
As Zahara said, Georgetown needs to take precautionary measures. Some of these measures should probably include education of students and faculty because if it weren't for this class, I would have no idea about these threats and ways to protect myself.