[Infowarrior] - Fwd: China's Comment Group Hacks Europe—and the World

Richard Forno rforno at infowarrior.org
Fri Aug 3 18:27:52 CDT 2012



Begin forwarded message:

> From: Simon 
> China's Comment Group Hacks Europe—and the World
> 
> http://www.businessweek.com/articles/2012-08-02/chinas-comment-group-hacks-europe-and-the-world#p1
> 
> When Greece was falling apart last summer, European Union leaders
> rushed to prepare another round of capital injections for Athens.
> Someone with advance knowledge of just where those hundred
> billion-plus euros were going and when they’d be deployed could have
> made a fortune. Someone like the hackers who had infiltrated the EU
> Council’s computers.
> 
> Over 10 days last July, the hackers returned to the Council’s
> computers four times, accessing the e-mails of 11 top economic,
> security, and foreign affairs officials. On July 18, they accessed the
> e-mails of EU Council President Herman Van Rompuy, Europe’s point man
> for shepherding the delicate politics of the Greek bailout, in just 14
> minutes.
> 
> The EU breach, first reported by Bloomberg News on July 27, was a
> particularly audacious act of cyber-espionage by the team long known
> to U.S. intelligence as Byzantine Candor. Arguably China’s preeminent
> hacker collective, it also has government ties, according to a 2008
> U.S. State Department cable published by WikiLeaks. The collective’s
> tactic, hacking computers using hidden HTML code known as comments,
> earned it another name in private security circles: the Comment Group.
> 
> 
> 
> In secret, some 30 U.S.-based private-security researchers managed to
> monitor the group for nearly two months last summer. None of the
> researchers contacted by Bloomberg News wished to be named because of
> the sensitivity of the data. The researchers exploited a vulnerability
> in the hackers’ own security and created a digital diary that logged
> their every move as they crept into the networks of at least 20
> victims, shut off antivirus systems, camouflaged themselves as system
> administrators, and then tried to cover their tracks.
> 
> The researchers’ computer logs offer an unprecedented minute-by-minute
> look at the Comment Group’s highly organized operations, believed to
> be at the cutting edge of China’s hacking capabilities. “They aren’t
> doing this for fun. They are doing it in this case because this is
> tradable information,” says Richard Falkenrath, formerly deputy
> assistant to the President and deputy homeland security adviser under
> George W. Bush. “We may not be able to get information that anyone
> either shorted or went long on EU sovereign debt on this, but that’s
> the obvious market.”
> 
> China’s foreign ministry in Beijing dismisses allegations of
> state-sponsored hacking as baseless and says the government will crack
> down given adequate proof. U.S. National Security Council spokesman
> Tommy Vietor declined to discuss the Comment Group specifically,
> referring reporters to a May 4 statement by Secretary of State Hillary
> Clinton in which she said the U.S. and China would work to “develop a
> shared understanding of acceptable norms of behavior” around
> commercial data and intellectual property online.
> 
> Beyond the Comment Group, what started as attacks on the U.S. military
> and defense contractors by Chinese hacker groups has widened into a
> campaign from which no corporate entity is safe. Attacks on Google
> (GOOG), Morgan Stanley (MS), and ExxonMobil (XOM) are among the few
> that have become public. “What the general public hears about—stolen
> credit card numbers, somebody hacked LinkedIn (LNKD)—that’s the tip of
> the iceberg, the unclassified stuff,” says Shawn Henry, former
> executive assistant director at the FBI’s cyber division, who left the
> agency in April. “I’ve been circling the iceberg in a submarine. This
> is the biggest vacuuming up of U.S. proprietary data that we’ve ever
> seen. It’s a machine.”
> 
> The Comment Group researchers say the sheer volume and breadth of the
> hacker collective’s attacks shocked them. Victims ranged from
> corporate giants to top lawyers, from defense contractor Halliburton
> (HAL) to Washington law firm Wiley Rein to a Canadian magistrate.
> Earlier targets included the 2008 presidential campaigns of Barack
> Obama and John McCain and a U.S. nuclear power plant sited next to a
> fault line. Alex Lanstein, a senior researcher for the security
> company FireEye, estimates the group has hacked more than 1,000
> organizations since 2010.
> 
> Comment Group’s attacks have been so successful that a cyber-security
> unit within the Air Force Office of Special Investigations in San
> Antonio is dedicated to tracking them, according to a person familiar
> with the unit who could not speak on the record due to national
> security concerns. Most of the attacks the researchers witnessed,
> though, were commercial targets relevant to China’s economic
> interests. The lawyers targeted, for example, were pursuing trade
> claims against the country’s exporters; another victim was an energy
> company preparing to drill in a disputed area of the South China Sea
> that China officials say belongs to them.
> 
> U.S. spycatchers and private security researchers say Comment Group
> thefts include anything that could give China an edge as it strives to
> become the world’s largest economy. From the networks of major oil
> companies, they take seismic maps charting oil reserves; from patent
> law firms, clients’ trade secrets; from investment banks, market
> analysis that might affect the global ventures of state-owned
> companies. Drugmakers and tech companies are also targets.
> 
> 
> One of the group’s tricks is to hijack unassuming websites and use
> them to send commands to victim computers. (Host websites have
> included those of a teacher at a south Texas high school and an Idaho
> drag-racing track.) This turns mom-and-pop sites into tools of foreign
> espionage; identifying such zombie sites provides a way to relatively
> easily track Comment Group activity.
> 
> In case after case, the hackers’ trail appeared wherever and whenever
> there were global headlines. Last summer, when the news focused on
> Europe’s debt crisis, the Comment Group followed. The timing coincided
> with a frantic period for EU Council President Van Rompuy, set off by
> the failure on July 11 of the EU finance ministers to agree on a
> second bailout package for Greece. Over the next 10 days, the slight,
> balding former Belgian prime minister presided over tense
> negotiations, drawing European leaders, including German Chancellor
> Angela Merkel and European Central Bank President Jean-Claude Trichet,
> to a consensus. And the hackers had a ringside seat.
> 
> It’s clear from the logs that this was less a smash-and-grab hack than
> the cyber equivalent of a wiretap aimed at gathering vast amounts of
> intelligence over weeks or months. The hackers had an established
> routine, always checking in around 9 a.m. local time, the logs show.
> They controlled a Council server that gave them a complete run of the
> e-mail system. From there, they simply signed onto the accounts of Van
> Rompuy and the others. The spies grabbed e-mails and attached
> documents, encrypted them in compressed files, and catalogued the
> reams of material by date. They took a week’s worth of e-mails each
> time, appearing to follow a set protocol. Their other targets included
> Odile Renaud-Basso, then-economic adviser and deputy head of the
> cabinet, and the EU’s counter-terrorism coordinator. It’s unclear how
> long the hackers’ incursion lasted, the researchers say.
> 
> There’s also no indication the hackers penetrated the Council’s
> offline system for secret documents. “Classified information and other
> sensitive internal information is handled on separate, dedicated
> networks,” the Council press office said in a statement when asked
> about the hacks. The e-mail networks “are not designed for handling
> classified information.”
> 
> The EU attacks were representative of the Comment Group’s playbook,
> the researchers say. Starting with a malware-laden e-mail, they moved
> rapidly through networks, nabbing encrypted passwords, cracking them
> off-line, and then returning to mimic the organization’s own network
> administrators. The hackers were able to dip in and out of networks,
> sometimes over months, disabling antivirus software and manipulating
> network administrator status as needed.
> 
> The Comment Group has changed up a few tactics since last summer, the
> researchers say, but not its pace. Falkenrath, the former Bush
> security aide, says China has succeeded in integrating decision-making
> about foreign economic and investment policy with intelligence
> collection. “That has big implications for the rest of the world when
> it deals with the country on those terms,” he says.
> 
> 
> The bottom line: China’s hacker collective may provide the state
> unparalleled access to sensitive foreign economic information.
> 


---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.



More information about the Infowarrior mailing list