[ISN] Malicious Software Attacks Security Cards Used by Pentagon

From: InfoSec News <alerts_at_private>
Date: Fri, 13 Jan 2012 05:02:33 -0600 (CST)

The New York Times
January 12, 2012

Chinese hackers have deployed a new cyber weapon that is aimed at the 
Defense Department, the Department of Homeland Security, the State 
Department and potentially a number of other United States government 
agencies and businesses, security researchers say.

Researchers at AlienVault, a Campbell, Calif., security company, said on 
Thursday that they had uncovered a new variant of some malicious 
software called Sykipot that targets smart cards used by government 
employees to access restricted servers and networks. Traces of Sykipot 
malware have been found in cyberattacks dating back to 2006, but 
AlienVault’s researchers say this is the first time Sykipot has 
compromised smart cards.

The government uses smart cards to supplement employee passwords, which 
have proven easy to crack. By cracking smart cards, hackers eliminate 
the final hurdle between themselves and some of the government’s most 
sensitive information. Mandiant, a security firm, first outlined smart 
card weaknesses in a January 2011 report and said it had investigated 
several attacks in which hackers used smart cards to crack into 
companies. The latest Sykipot strain offers a look at how hackers are 
compromising smart cards and indicates who they are after.

Researchers say this strain specifically targets smart card readers that 
run ActivClient, a program made by ActivIdentity, an identity 
authentication company based in Fremont, Calif. ActivIdentity’s smart 
cards are used by employees at the Defense Department, Department of 
Homeland Security, Coast Guard, Social Security Administration, Treasury 
Department and other government agencies, along with businesses 
including Monsanto, BNP Paribas and Air France.


Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
Received on Fri Jan 13 2012 - 03:02:33 PST

This archive was generated by hypermail 2.2.0 : Fri Jan 13 2012 - 03:08:07 PST