Thursday, February 18, 2010

Massive Computer Hack Originated in China


More than 75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date, according to a northern Virginia security firm.

The attack, which began in late 2008 and was discovered last month, targeted proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries in 196 countries, according to Herndon-based NetWitness.

News of the attack follows reports last month that the computer networks at Google and more than 30 other large financial, energy, defense, technology and media firms had been compromised. Google said the attack on its system originated in China.

This latest attack does not appear to be linked to the Google intrusion, said Amit Yoran, NetWitness's chief executive. But it is significant, he said, in its scale and in its apparent demonstration that the criminal groups' sophistication in cyberattacks is approaching that of nation states such as China and Russia.

The attack also highlights the inability of the private sector -- including industries that would be expected to employ the most sophisticated cyber defenses -- to protect itself.

"The traditional security approaches of intrusion-detection systems and anti-virus software are by definition inadequate for these types of sophisticated threats," Yoran said. "The things that we -- industry -- have been doing for the past 20 years are ineffective with attacks like this. That's the story."

The intrusion, first reported on the Wall Street Journal's Web site, was detected Jan. 26 by NetWitness engineer Alex Cox. He discovered the intrusion, dubbed the Kneber bot, being run by a ring based in Eastern Europe operating through at least 20 command and control servers worldwide.

The hackers lured unsuspecting employees at targeted firms to download infected software from sites controlled by the hackers, or baited them into opening e-mails containing the infected attachments, Yoran said. The malicious software, or "bots," enabled the attackers to commandeer users' computers, scrape them for log-in credentials and passwords -- including to online banking and social networking sites -- and then exploit that data to hack into the systems of other users, Yoran said. The number of penetrated systems grew exponentially, he said.

"Because they're using multiple bots and very sophisticated command and control methods, once they're in the system, even if you whack the command and control servers, it's difficult to rid them of the ability to control the users' computers," Yoran said.

The malware had the ability to target any information the attackers wanted, including file-sharing sites for sensitive corporate documents, according to NetWitness.

Login credentials have monetary value in the criminal underground, experts said. A damage assessment for the firms is underway, Yoran said. NetWitness has been working with firms to help them mitigate the damage.

Among the companies hit were Cardinal Health, located in Dublin, Ohio, and Merck, according to the Wall Street Journal. A spokesman for Cardinal said the firm removed the infected computers as soon as the breach was found.

Also affected were educational institutions, energy firms, financial companies and Internet service providers. Ten government agencies were penetrated, none in the national security area, NetWitness said.

The systems penetrated were mostly in the United States, Saudi Arabia, Egypt, Turkey and Mexico, the firm said.

5 comments:

Sarah Steinmeier Period 8 said...

This second internet security breech to emerge from China is disconcerting. The nation that is incredibly likely to censor its citizens from basic internet rights is creating a vast number of e-terrorists that engage in organized crime. While China does have the large population to proportionally create these criminals, the nation itself is too inactive in the online world for this to not raise some sort of red flag. China's censoring techniques are clearly not working to either keep citizens from the most basic websites or to shut the door on cyber crime.

Anonymous said...

wow thats kinda cool and scary all at the same time. its sad that our computers can be hacked into so easily. but at the same time its kinda cool that people are that smart.

Brian Fuentes 8th. said...

Wow...it's so funny how everyone wants to pay their bills on line and buy stuff online.That is why I don't believe on buy anything through the computer.

KiaRahnama4 said...

this is one of the latest attack versions that people adapat in order to make their unsatisfaction known. a few weeks ago a few news media linked to govt of Iran were hacked too, so i guess this is turning to be a national phenomenon.

clarissabaker3 said...

This story is especially disconcerting because so much more is online now. Not only on a company level but a personal level as well. Everything from banking to school can be done online today. It is expected that criminals will exploit the technology but many people are much less cautious of their online information. Many people don't even know about the dangers or the means of protection are. With new crime will come new ways to try to combat it.