Stolen Data About India, The United Nations, and The Dalai Lama Traced To China
Thursday, April 15, 2010
This InformationWeek article caught my attention for two reasons. First, because of the targets:
"... the Indian Ministry of Defense, the United Nations, and the Office of the Dalai Lama, among other organizations.... The security experts who revealed the attacks managed to track the perpetrators over eight months... Some of the stolen data consisted of visa applications provided to Indian embassies, for example. Other data recovered included some 1,500 letters sent from the Dalai Lama's office... The malware used to compromise victims typically involved an element of social engineering, to convince recipients to open infected files. The attackers used PDF, PPT, and DOC files to exploit old and recent vulnerabilities in Adobe Acrobat and Acrobat Reader, Microsoft Word 2003 and Microsoft PowerPoint 2003."
There was a time when PDF documents were safe. I guess that time has passed. And yes, I follow the Dalai Lama on Twitter. The second reason (bold text added for emphasis):
"The report on the attack... is called Shadows in the Cloud: An investigation into Cyber Espionage 2.0... represents an attempt to differentiate between previous hacking methods and an emerging approach that relies on "the misuse of social networking and cloud computing platforms, including Google, Baidu, Yahoo, and Twitter... The researchers identified three Twitter accounts, five Yahoo Mail accounts, twelve Google Groups accounts, eight Blogspot blogs, nine Baidu blogs, one Google Sites account, and 16 blog.com blogs that were part of the attackers' infrastructure. The report concludes by warning that the selling points of cloud computing -- reliability, distribution, and redundancy -- are the very properties that make cloud services attractive to cybercriminals."
Wow! so china has now many hackers? great hackers because they can stole data?
Posted by: leeain | Thursday, April 15, 2010 at 08:57 PM