What's really going on here? The average Chinese citizen cannot move about the Internet without strict monitoring. Anyone attempting to hack from within China will immediately catch the attention of the CHICOM's great Firewall. Yet, we see unrelenting cyber attacks on sensitive U.S. computer systems. How could this be? The AVERAGE citizen is restricted from such activities, but those granted permission to attack the U.S. are given free access. Who can grant a person or group access around the firewall? Who has the ability to get around the firewall? The CCP of course....the question is: who in the Chinese government is behind the well planned and directed attack: Chinese Military, Chinese Intelligence, Chinese Cyber Army?????
APPSENSE SECURITY
The cyber attacks on the Critical National Infrastructures of the US and UK, originating from inside China have hit the headlines again. This time they appear to be targeted against one specific agency within the Department of Commerce, Bureau of Industry and Security (BIS). The BIS is involved in the regulation of the export of sensitive goods and technologies as well as enforcing export control and anti-boycott laws. The targeting of this organization is in some ways not surprising, it is responsible for the prevention of the exportation of military technology to China.
The exact method used for this attack has not been publicised, but there have been strong suggestions that this involved carefully researched e-mails and possibly Trojans. This involved the Chinese group sending e-mails apparently from internal e-mail address to various government employees. The subject and content of these mails were deliberately chosen. The careful research mentioned above allowed the mails to be targeted in such a way that the victim would be more inclined to trust the mail and any attachment to it.
The same method of researched e-mails would also work if malicious websites were being used to exploit some vulnerability in Internet Explorer, as was seen recently with the VML based exploitation. There have been reports of Web sites registered on Chinese Internet service providers hosting malware with Rootkit capabilities. It is likely that this is true as the BSI has admitted that they are not attempting to repair any computers perceived to be infected. Instead wholly new machines are being used to replace these.
This is the latest in a long line of attempts to spy on other areas of the Government and infrastructure which were traced back to China. The, so called, Titan Rain attacks used some similar techniques as did the attack on the United Kingdom government at the start of 2006. This one used the, at the time, unpatched vulnerability in WMF rendering. This involved e-mails containing information apparently about a secret rendezvous being sent to around 70 members of the UK parliament as well as other staff in the British Government.
The levels of complexity and preparation involved in these attacks may mean they are the first things to warrant the, massively over hyped, name of cyber warfare.
Tuesday, February 6, 2007
Chinese Attack: Is this the work of Chinese Intelligence?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment