February 12, 2011

New Information On Chinese Internet Espionage Emerges

By creature124

Firstly; Well done Egypt, well done.
Secondly; For the sake of being more easily understood, I am going to use the word ‘hacking’ as the media does. Don’t get mad.

Apparently not content with hacking Google, the US govt and the Dalai Lama, it seems Chinese hackers have also been targeting major oil companies as well.

Since November 2009, hackers have been targeting company computers as well as the personal computers of executives and others who hold sensitive information, the hacking group have been breaking in and copying files predominately related to active oil and gas fields and bids to open new ones. It goes without saying the value that information holds, I think.

What piqued my interest however was the reasons that McAfee (the security company and well-known antivirus provider who wrote the original report) are sure that the attacks have actually come from China. As a general rule, any hacker worth his salt does his best to hide his actual physical location. However, these hackers don’t seem to have taken such measures – they believe they have identified one individual IP address located in Bejing that is directing the attacks (though it seems like there are numerous attackers involved). Of course, knowing that, they still have nothing – without the co-operation of the Chinese ISP, it is impossible to identify the individual, and China wouldn’t extradite a citizen to the west for prosecution anyway.

Even more telling, all the attacks have the signature of a particular hacking tool kit that has been dubbed ‘Night Dragon’, which is particularly common in the chinese underground. I find this downright fascinating – they studied the pattern of the attacks, the order of operations and resultant traffic to make the identification. This kind of thing is why I am studying IT security.

But perhaps most telling of all – every single attack seems to have occurred within the hours of 9am to 5pm Beijing local time. This isn’t some script kiddie or freelance hacking profiteer – this is being done by salarymen. It’s clear cut corporate espionage.

The question is, what can be done about it?

About creature124

Loud and intolerably smug, but far wiser than he has any right to be. Humble too. View all posts by creature124
This entry was posted on Saturday, February 12th, 2011 at 3:19 pm and posted in News As I See It. You can follow any responses to this entry through the RSS 2.0 feed.

Leave a comment