Jaw-dropping and life-changing details about Chinese attacks on Google emerge
If you're not a hardened, tinfoil hat-wearing the-apocalypse-is-nigh conspiracy theorist, you soon will be. Wired has just published a stunning article detailing a really scary report from computer forensic firm Mandiant. The story brings to light some disturbing truths about the always-connected, always-on world we live in.
As an Internet nerd, I actually found the details numbly humbling. It made me think about a silent war, a cold war that is warming the ground we walk and air we breath -- but has not yet bubbled forth to be joined in the field of war. Reading Wired's story and thinking about the depth and detail and concerted effort required to pull off such a hack scares me.
You should read the full article for complete details, but here's a quick breakdown of the attacks employed against targets such as Google, U.S. oil companies, defense contractors and counter-terrorism departments:
- A new form of attack is being leveraged by hackers, called Advanced Persistent Threats (APT) -- think of APT as a 'ticking bomb', an apparently-benign piece of software that can be turned on at any time. These APTs can avoid detection and remain dormant for months or years, only turning on when the 'coast is clear'. In this most recent case, an unpatched zero-day attack on Internet Explorer 6 was the entry point.
- These attacks are theft-oriented -- the sole purpose behind these APT attacks are to get at sensitive data: email, Word documents, Powerpoint presentations, spreadsheets, etc. Corporate secrets, counter-intelligence, you name it.
- 'Spear-phishing' provides the way in -- spear phishing is a 'targeted' attack where email, chat or other communication tools are used to trick individuals in a position of power. In this case, a campaign of phishing attacks tailored towards getting a counter-terrorism official's password was successful. Once you have a way in -- malware, via the high-ranking and high-clearance user -- it's much easier to get more data...and so the web of exploited and compromised machines and accounts grows!
- A very clever way of sending the data back home -- once the network and users have been compromised and the data harvested, it has to be sent back. In these advanced APT attacks, data is compressed and then slowly leaked out of the home network using false headers and custom protocols sent over obscure or misleading ports (SSL, in this case).
Perhaps the most chilling fact that comes to light from this report is that this recent attack on Google and other Silicon Valley companies wasn't the first -- and it certainly won't be the last. Stories have emerged that show these hacks have have been going on for years, and are not merely targeting corporate entities. For example, Mandiant's CEO Kevin Mandia told Wired "If you're a law firm and you're doing business in places like China, it's so probable you're compromised and it's very probable there's not much you can do about it."
This is the beginning of the cyber war that we've been theorizing about for years. I hope we have a contingency plan in place.