cryptogon.com

news – analysis – conspiracies

• Home
• About
• Archives
• Contact
• Support Cryptogon
• Story Suggestions

U.S. Defense Contractor Found that a Single Compromised Windows Box had Been Secretly Siphoning Information to a Server in Mainland China for 18 Months

April 13th, 2008

Via: Wired:

The attackers relied on e-mails tempting the victim to open the attachments, in some cases by presenting them as résumés from job seekers.

But when the target opened the attachment, the application would usually crash, while the embedded code covertly installed a keylogger and data-stealing software that scooped up documents anywhere on the organization’s network to which the user had access.

The malware then forwards the stolen information to services called DNS bouncers in China, such as 8800.org, that attackers can use to obfuscate and rapidly change where stolen documents or passwords are sent. Finally, the code opens up what looks to be a legitimate document, in the hopes that the target won’t know his or her computer was just infected.

The espionage was highly successful, according to Hyppönen. One multi-billion-dollar defense contractor who went to F-Secure for help found that a single compromised Windows box had been secretly siphoning information to a server in mainland China for 18 months.

“Most attacks go unnoticed and targets don’t know they are hit,” Hyppönen said.

Hyppönen won’t declare that the espionage is the work of the Chinese government or hackers loyal to it, though all the evidence points that way.

“Is it the Chinese?,” Hyppönen asked. “It sure looks like it but it could be a smokescreen. We don’t know.”

One Response to “U.S. Defense Contractor Found that a Single Compromised Windows Box had Been Secretly Siphoning Information to a Server in Mainland China for 18 Months”

1. Eileen says:

   April 14, 2008 at 3:48 am

   yes, the Chinese.
   They are pretty darn smart.
   Nationwide endeavor that is classified underway, starting with this:
   http://www.time.com/time/press_releases/article/0,8599,1098911,00.html
   What a laugh.
   Rather than turning its guns on the real enemy, the US govmint (I call it that because it needs a mint, you know, bad breath)is going to unleash its latest and greatest spyware on US citizens?
   Don’t heads rot when they are up the ass fermenting in feces? You’d like to think the this would happen to the U.S. govmint.
   Dumber than dirt.
   Eating their own like they are jelly beans.
   Hey Poindexter, you were stupid when you supported Reagan and Bush I, now I’ll bet you are another robotron like D.C. Find your heart dude. These people will EAT YOU ALIVE!

Sign in | Register

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events. If you are a legal copyright holder, or a designated agent for such, and you believe a post on this website falls outside the boundaries of "fair dealing," and legitimately infringes on your or your client's copyright, please contact Kevin Flaherty. Cryptogon contains both original material and material from external sources. Original material: Copyright Kevin Flaherty. Material from external sources: Copyright the respective owners / authors.

Design by Andreas Viklund | Ported by Matteo Turchetto