The Register® — Biting the hand that feeds IT

Feeds

China fingered in cyberattack on mystery high tech co.

'Extremely large volumes' siphoned

By Dan Goodin, 22nd October 2009
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

The Chinese government is stepping up efforts to steal valuable information from high-technology companies in other countries, according to a congressional advisory panel, which detailed one operation that siphoned "extremely large volumes" of sensitive data.

The 2007 attack against the unnamed high-technology company was just one of several successful operations the US-China Economic and Security Review Commission believes was sponsored by Beijing.

According to The Wall Street Journal, which reported the contents of a report the panel was expected to release Thursday, the Chinese government is suspected because of the "professional quality" of the attack and the technical natures of the stolen information.

According to the WSJ:

The hackers "operated at times using a communication channel between a host with an [Internet] address located in the People's Republic of China and a server on the company's internal network."

In the months leading up to the 2007 operation, cyberspies did extensive reconnaissance, identifying which employee computer accounts they wanted to hijack and which files they wanted to steal. They obtained credentials for dozens of employee accounts, which they accessed nearly 150 times.

The cyberspies then reached into the company's networks using the same type of program help-desk administrators use to remotely access computers.

The hackers copied and transferred files to seven servers hosting the company's email system, which were capable of processing large amounts of data quickly. Once they moved the data to the email servers, the intruders renamed the stolen files to blend in with the other files on the system and compressed and encrypted the files for export.

The attackers used at least eight US-based computers, some at universities, as drop boxes before sending it overseas. The company's security team managed to detect the theft while it was in progress, but not before significant amounts of data left the company network.

China is one of 100 countries believed to have the capability to conduct such operations, according to the report. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (23)
Latest Comments
Inachu

How they do it.

The company will normally hire a person for short term SAP advising and hops around company to company. They will call the helpdesk they need read and write access to do their job which elevates their account.

So always give these types thin client access to a firewalled server with no outside access!

0
0
JaitcH

Ever heard of a switch?

My employer has electronic files which for commercial, and other reasons - we are headquartered in an authoritarian country - and to prevent external access we have two separate networks running on separate cabling in our office premises.

To enforce this separation users physically have to rotate a switch that disconnects the general network - with InterNet access - to the isolated network.

Users also have to change logins which severely limits what applications can be run.

Sounds like a kluge? Maybe, but we know the nosey bastards next door in China can't stop by, nor can the government of this country.

0
0
Matt 32

hmmm...

>They used a host with an address in China? Yeah, cause they'd do that, wouldn't they?

Read the article. The files were being dropped into University and other servers in the U.S. first before the transfer to China.

High Tech companies won't blacklist Universities they have researchers / business relationships with. University academics won't blacklist nations.

There's all sorts of non-Defense specific industries the Chinese (and Russians, Poles, Israelies, Iranians, French, British, etc...) would love to get into. I've worked at an R&D center in the past that (before my time there in the 90s) had a foreign national as the top person...until he was taken away by the FBI for industrial espionage. Americans, in general, have a far lower appreciation about the scale of industrial espionage globally then others.

Such espionage could be for simple economic competetive advantage. Think of the counterfeit Cisco switches and routers that came out of China.

It could also have dual-use to enable further attacks. Think of the value of having the source code for Cisco IOS so you can make your own hooks into said counterfeit routers and see who buys and installs them.

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
133
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
59
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15