Customers use computers at an Internet cafe in Shanghai, China. The hackers have used... Read More
The hackers have used tools found in some of the most sophisticated spying operations linked to China, including a 2010 attack on Google Inc. (GOOG) and the theft of some of the U.S.’s most valuable technology. Malicious code used by the hackers has been removed from 43,000 computers worldwide since Oct. 14, according to a report the coalition is releasing today.
The take-down largely bypassed traditional law enforcement tools, relying instead on
cooperation between companies that are normally fierce competitors. Coalition members -- which include Microsoft Corp. (MSFT), Cisco Inc. (CSCO) and Symantec Corp. (SYMC) -- say they can act faster than governments because they operate global Internet systems and have business relationships with tens of thousands of companies.
“We believe this is a first-of-its-kind effort,” said Peter LaMontagne, chief executive officer of Novetta Solutions LLC, a cybersecurity company based in McLean, Virginia, that is part of the coalition. “The security industry is starting to raise the bar, or hopefully forcing hostile actors to have to spend more of their resources” to continue attacks.
Director of National Intelligence James Clapper and other Obama administration... Read More
Challenging Hackers
FireEye Inc. (FEYE), iSight Partners and other companies that are part of the effort are challenging Chinese hackers who have operated for more than six years stealing secrets from governments, technology manufacturers and thousands of other companies in the United States, Asia and Europe, according to the report.“This demonstrates a greater degree of coherence and effectiveness on the part of the private sector than we’ve seen up to now,” said Zachary Goldman, executive director of the Center on Law and Security at the New York University School of Law, who wasn’t involved in the effort.
Director of National Intelligence James Clapper and other Obama administration officials have repeatedly listed China as one of the top hacking threats to the U.S. during congressional hearings and in public speeches.
Companies have complained for years that the government collects information on state-sponsored perpetrators for intelligence purposes but doesn’t do enough to stop them.
‘Stopping Harm’
“What’s different here is that the priority is stopping the harm as opposed to imposing consequences on the perpetrator,” Goldman said.The Federal Bureau of Investigation issued an alert on Oct. 15 warning the makers of microchips, computer networking equipment and data storage services that Chinese hackers are trying to steal their secrets. The alert was done in coordination with the private-sector coalition and took aim at the same sophisticated hacking group, according to a representative of a coalition member who asked for anonymity to discuss a private matter.
The alert indicates Beijing-backed hackers continue to operate even after U.S. prosecutors in may won an indictment of five Chinese military officials for stealing trade secrets from American companies.
“The FBI has recently observed online intrusions that we attribute to Chinese government affiliated actors,” said Joshua Campbell, an FBI spokesman, in an e-mail. “Private-sector security firms have also identified similar intrusions and have released defensive information related to those intrusions.”
Malicious Code
The hackers, dubbed Axiom by the coalition, have used customized malicious code and a global network of compromised computers to conduct espionage and extract sensitive government documents and corporate trade secrets, according to the report.The report doesn’t list victims though says they include technology companies and government agencies, pharmaceutical and energy companies, media organizations and pro-democracy dissidents opposed to the Chinese government.
China’s Ministry of State Security, the intelligence and security arm of the government, likely tasked Axiom with carrying out some of its most secretive attacks using custom malware known as HiKit, according to LaMontagne.
The FBI alert this month said the hackers were using HiKit, indicating the same group the coalition has uncovered.
180 Machines
The malware allows data to be uploaded and downloaded on compromised computers and has been found on 180 machines since Oct. 14, LaMontagne said.“The fact that the primary beneficiary of information stolen in these campaigns is not military or directly financial, but rather intelligence benefiting Chinese domestic and international policies, is highly telling and implies the Chinese intelligence apparatus could be behind such attacks,” according to the report.
Axiom is more sophisticated and stealthy than other Chinese-based hackers, the report said. Hackers linked to the Chinese People’s Liberation Army were identified in 2013 by cybersecurity company Mandiant Corp. because they allowed their names to be known through online forums and by registering Internet domains.
“In contrast, there have been no identified mistakes in operational security on the part of Axiom operators to date,” the report said.
Temporary Setback
The setback to the hackers may only be temporary, the companies say. The hackers have been ejected from tens of thousands of computers and their malware will now be harder to hide from security tools, said Brian Bartholomew, a senior intelligence analyst at iSight Partners, a Dallas-based security firm and a member of the coalition. They can build new infiltration tools but that is a a costly and time-consuming task, he said.“Information on individuals stored by Western and Asian government entities has also been targeted by Axiom,” according to the report. “Information held by these organizations includes details on individuals with access to confidential or classified information, which would be extremely useful for intelligence and counterintelligence operations.”
A link also exists between Axiom and the high-profile attack in 2010 called Operation Aurora that targeted the networks of Google, Yahoo! Inc. (YHOO), Adobe Systems Inc. (ADBE) and dozens of other prominent technology companies, LaMontagne said in an interview.
’Greater Good’
The coalition has sent out technical information to companies and government agencies about how Axiom operates through 64 security firms in 22 countries.“We were able to sit down, put aside the secret-sauce speech that everyone normally gives and say, for the greater good, let’s share everything that we have,” Bartholomew said. “The private sector has some reach and access that law enforcement doesn’t.”
The coalition will continue to monitor the impact its efforts are having on Axiom.
“The big question is whether this going to shut them down completely,” Bartholomew said. “The consensus is probably not, but it’s a really good effort at seriously throwing a wrench in their operations. They’re going to have to reboot and develop all new malware.”
Geng Shuang, a spokesman for China’s embassy in Washington, said Chinese law prohibits Internet crime and the country is a victim of hacking attacks.
“Judging from past experience, this kind of reports or allegations are usually fictitious,” Shuang said in an e-mail.
He said, “groundless accusations at others is not constructive at all and does not contribute to the solution of the issue.”
No comments:
Post a Comment