Thursday, January 14, 2010

More Details on China's Cyber Espionage Campaign

The Washington Post provides some additional insight into the recent the attack series traced to China. According to the article the attacks,
originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States, security experts said. At least 34 companies -- including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical were attacked, according to congressional and industry sources.
Further, the article points out that
the recent attacks seem to have targeted companies in strategic industries in which China is lagging, industry experts said. The attacks on defense companies were aimed at gaining information on weapons systems, experts said, while those on tech firms sought valuable source code that powers software applications -- the firms' bread and butter. The attacks also focused on obtaining information about political dissidents.
James Lewis, from the Center for Strategic and International Studies, provides insight into the Chinese government's motivations in sponsoring or allowing this espionage program to continue. Lewis states,
This is a big espionage program aimed at getting high-tech information and politically sensitive information -- the high-tech information to jump-start China's economy and the political information to ensure the survival of the regime.
The article also provides insight into the modus operandi used by the attackers.
The attackers, experts said, followed the familiar "phishing" ruse: A recipient opens an e-mail that purports to be from someone he knows and, not suspecting malicious intent, opens an attachment containing a "sleeper" program that embeds in his computer. That program can be controlled remotely, allowing the attacker to access e-mail, send confidential documents to a specific address -- even turn on a Web camera or microphone to record what is going on in the room.
Its interesting to note the responses provided by the other companies identified as targets of the espionage attacks in the Article.
Adobe, a software maker, confirmed on Wednesday that it learned of the attacks on Jan. 2 but said there was "no evidence to indicate that any sensitive information . . . has been compromised," while Symantec, which makes security software, said it is investigating to "ensure we are providing appropriate protection to our customers."Dow Chemical said that it has "no reason to believe that the safety, security and intellectual property of our operations are in jeopardy." Yahoo and defense contractor Northrop Grumman declined to comment on the attack.
These denials are standard fare for corporate America and provide a stark contrast to Google's admission. Google's candidness is an exciting development for the cyber security industry which is in dire need of a shake up and finding new approaches to dealing with a decades old problem.

No comments: