"With a few quick keystrokes…[Majia] calls up a screen displaying his latest victims. ‘Here’s a list of the people who’ve been infected with my Trojan horse,’ he says, working from a dingy apartment on the outskirts of [a]city in central China. ‘They don’t even know what’s happened.’”
"As he explains it, an online ‘trapdoor’ he created just over a week ago has already lured 2,000 people from China and overseas — people who clicked on something they should not have, inadvertently spreading a virus that allows him to take control of their computers and steal bank account passwords."
Wired.com’s article spoke to the recent Google v. China chess match relating to cyber-security. What we’ve known so far through media reports is that hackers had gained access to intellectual property via Google users Gmail accounts. Now, a Virgina-based computer forensic firm has created a report which suggests that the "attack that hit Google is identical to publicly undisclosed attacks that have quietly plagued thousands of other U.S. companies and government agencies since 2002 and are rapidly growing. They represent a sea change from the kinds of attacks that have commonly hit networks and made headlines." The article does a great job in outlining for the lay person what kind of information hackers are hoping to obtain.
"Called Advanced Persistent Threats (APT), the attacks are distinctive in the kinds of data the attackers target, and they are rarely detected by antivirus and intrusion programs. What’s more, the intrusions grab a foothold into a company’s network, sometimes for years, even after a company has discovered them and taken corrective measures."
Law Firms/Lawyers Beware!
"One mark of APT attacks is that they have especially hit companies with dealings in China, including more than 50 law firms. ‘If you’re a law firm and you’re doing business in places like China, it’s so probable you’re compromised and it’s very probable there’s not much you can do about it,’ Mandia says. In 2008, [the Virginia-based computer forensic company] investigated a breach at a law firm that was representing a client in a lawsuit related to China. The attackers were in the firm’s network for a year before the firm learned from law enforcement that it been hacked. By then, the intruders harvested thousands of e-mails and attachments from mail servers. They also had access to every other server, desktop workstation and laptop on the firm’s network."
As Majia points out, the lure of money, lack of enforceability of laws related to cyber-crimes (in China and elsewhere), and the low risk of actually getting caught, make the profession of a cyber-thief very enticing for an enterprising individual. Eventually, organization’s, especially those in the U.S., are going to have to talk about the 2 ton elephant in the room – their inability to secure its most valued asset, information. Technology that works in conjunction with PEOPLE and PROCESSES is the only way for them to mitigate their risk exposure (i.e. Data Governance).
To read more, please click here: Report Details Hacks Targeting Google, Others
To read more, please click here: Hacking for Fun and Profit in China’s Underworld