[ISN] Job ads leave Washington hacked

From: InfoSec News (alerts@private)
Date: Tue Jul 17 2007 - 22:30:41 PDT


By Jim Finkle
July 18, 2007

HACKERS have stolen information from the US Department of Transportation 
and several corporations by seducing employees with fake job-listings on 
ads and email, a computer security firm says. The list of victims 
included several companies known for providing security services to 
government agencies.

They include consulting firm Booz Allen and computer services company 
Unisys, chief executive of British Internet security provider Prevx Mel 
Morris said.

Hewlett-Packard declined comment, while officials with other companies 
couldn't be reached for comment. A Department of Transportation 
spokeswoman said the agency couldn't find any indication of a security 

Malicious programs were able to pass sophisticated security systems 
undetected because that software hadn't been instructed that they were 
dangerous. Hackers only targeted a limited group of personal computers, 
which kept traffic down and allowed them to stay under the radar of 
security police who tend to identify threats when activity reaches a 
certain level.

"What is most worrying is that this particular sample of malware wasn't 
recognised by existing antivirus software. It was able to slip through 
enterprise defences," said Yankee Group security analyst Andrew Jaquith, 
who learned of the breach from Mr Morris.

It was not clear whether the hackers used information stolen from the 
personal computers, Mr Morris said.

Internet security firms began to release patches to fight the malicious 
software on Monday night.

Trend Micro, for example, sent its customers software that prevented the 
malware from being installed on computers. The software also blocks 
browsers from going to websites that the company has identified as being 
infected with the dangerous programs, company spokesman Mike Haro said.

"This is a serious threat. It shows how sophisticated hackers have 
become," Mr Haro said.

A piece of software, NTOS.exe, probes the PC for confidential data, then 
sends it to a website hosted on Yahoo. The site's owner was likely to be 
unaware that it was being used by hackers, Mr Morris said.

That website hosts data that had been stolen from more than 1,000 PCs 
and encrypted before it was posted on the site, Mr Morris said.

He said he believed the hackers had set up several "sister" websites 
that were collecting similar data from other malware.

Officials with Yahoo were not available for comment.

Mr Morris said that he had downloaded the data from the website and 
decrypted it at the request of investigators from the FBI's Law 
Enforcement Online, or LEO, program, who were looking into the matter.

An FBI spokesman declined comment, saying it was agency policy to 
neither confirm nor deny whether an investigation was ongoing.

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Tue Jul 17 2007 - 22:46:07 PDT