http://www.networkworld.com/community/node/26226
By Richard Stiennon
Stiennon on Security
03/22/2008
I have a picture in my head of a huge building just outside of the
Forbidden City in Beijing. It is post industrial classical like a lot
of the newer government buildings in China’s capital city. It has few
windows and no identifier on the front, just a big red poster acclaiming
the 2008 Olympics. Inside there are vast rooms with desks and
computers. Sitting at those desks are uniform wearing Red Army Hackers.
There are large overhead screens reminiscent of Japanese KanBan systems
with attack targets and progress charts depicting the daily activity.
One floor might be dedicated to censors. Most of them are busy
identifying pornography sites but special groups are dedicated to
finding and blocking Chinese access to information on Tibet, Taiwan, and
Falun Gong.
Another room is dedicated to espionage where tools are developed and
deployed to attack the Pentagon, Whitehall, and the German Chancellery.
In this room last week the order was spread to infiltrate and spy on
organizers and supports of Tibetan protests. The coders quickly modify
Trojan Horse software and package it for the English speaking
infiltrators to append to documents carefully crafted email messages and
documents. Attackers then send the messages to lists of members of
Tibetan organizations. Hundreds of “signal analysts” then pour through
the results of captured files, keystrokes, and Skype conversations of
the unwitting targets.
That is modern information warfare. The fact that the Chinese are doing
this indicates to me that the picture in my head is probably fairly
accurate. From F-Secure’s superb analysis of one such email:
The exploit silently drops and runs a file called C:\Program
Files\Update\winkey.exe. This is a keylogger that collects and sends
everything typed on the affected machine to a server running at
xsz.8800.org. And 8800.org is a Chinese DNS-bouncer system that,
while not rogue by itself, has been used over and over again in
various targeted attacks.
Are you a manufacturer? Are you responsible for IT Security at a
government agency or research lab? Are you an athlete? Do you represent
the cause of freedom in Tibet or peace in Darfur ? If so, you have a
new enemy. The government of the largest country in the world is after
your data. They have resources you cannot even dream of. They are
organized. They know what they are doing.
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Mon Mar 24 2008 - 11:01:54 PST