Continue reading "Last Word on China's Hack Attack"
Continue reading "Paterva re-releases Evolution as Maltego"
Thanks to Richard for pointing out China's response:
China vehemently denied that its army was involved in international computer espionage on Thursday after newspaper reports that the British government had sustained cyber attacks from the Chinese.
"Saying that the Chinese military has made cyber attacks on the networks of foreign governments is groundless and irresponsible and are a result of ulterior motives," foreign ministry spokeswoman Jiang Yu said.
(emphasis my own)
At this point, there isn't sufficient evidence (in the press) that this isn't true.
France is reporting they were next in the Chinese, hack attack saga. What struck me about this report was the following line (from translation at Demon.be)
Chinese origin, not necessarily indicating involvement of the Chinese military. - Francis Delon, Secrétariat général de la défense nationale (SGDN)
Finally, some common sense, however, this common sense hasn't been picked up, and the general claim stills seems to be that China "as a country" is hacking the world.
What I find particularly bizarre, is that most of the stories seem to indicate the use of a trojan e-mailed to the victims. Currently, a rather popular attack. For example, a run of the Storm worm last week, had us running for cover at some clients as McAfee's signatures couldn't keep up with the 30 minute repacking strategy in use. However, if we were to analyse the source IPs of both the original e-mails and the websites hosting the binary, I am fairly certain the conclusion would not be that the countries hosting these IPs were engaged in a cyber war against, for example South Africa. However, this seems to be what the current assumptions are when it comes to these Chinese trojans. The only difference is that this appears to be a more targeted attack, but less data points shouldn't allow for greater assumptions.
For example, the machine/s mailing out this naughty trojaned Word document, could very easily be compromised machines. Even if a counter hack was performed and the source of the compromise was followed to China, once again, you're left with a big country and a lot of potential criminals beyond the government.
Finally, there seems to be a definite shift between this current round of reports, and the stuff Shawn Carpenter talked about in his Time interview. He seemed to talk about active hacking, people sitting behind keyboards slowly penetrating Lockheed Martin networks and the like. This round, is generally reported as 'simple' trojan activity. Either there's been a shift in tactics, or I making assumptions on too little information.
Reports of Chinese hacker activity are surfacing again. First against Germany, then unclassified Pentagon networks, the EU parliment (in 2005) and now the UK. These reports seem to constantly rear their heads. But, as I pointed out in 2005, the limited descriptions of the attacks that filter into the press, have the same MO as the Chinese Triads (that info is from 1997). Given the big move of criminal organisations onto the Internet, why is the first assumption the Chinese Government?
Continue reading "The Titans still Reign"