Tag: espionage

McAfee notes enormous rise in spam

Spam is continuing to prove problematic for computer users, while social networking worms are also wriggling further into threat lists, McAfee has said in its latest report.

The Threats Report: First Quarter 2013, has also warned there is a continued increase in the number and complexity of targeted threats, including information-gathering Trojans and threats targeting systems’ master boot records (MBRs).  

As new technology continues to emerge so do the threats surrounding them. McAfee Labs found almost three times as many samples of Koobface as were seen in the previous quarter, a high point for the social networking worm that targets Facebook, Twitter and other network users.

Spam email volume rose dramatically after a quiet three years.

McAfee said this was thanks to growth in North America, which had been brought back to life through new “pump and dump” spam campaigns. Topics this time around targeted would-be investors hoping to capitalise on all-time equity market highs.

McAfee also noted an increase in the number and sophistication of targeted advanced persistent threats (APTs). The trend had grown by 30 percent with information becoming as valuable as money on the cybercrime landscape. The report found a 30 percent increase in MBR-related malware and new instances of password-stealing Trojans, which were being repurposed to capture information on individuals and organisations beyond the financial services industry.

The company said many of these were used to target login credentials or intellectual property and trade secrets, and as a result there have been highly-targeted attacks with new levels of sophistication.

There was a slight decline in mobile malware. However, Android malware managed to increase by 40 percent. New PC malware samples increased 28 percent, adding 14 million new samples to McAfee’s list of more than 120 million unique malware threats.

Chinese hackers strike EADS and ThyssenKrupp

Aerospace EADS and German steelmaker ThyssenKrupp recorded major attacks by Chinese hackers in 2012, it has emerged. According to Der Spiegel, the efforts were part of a wider trend of increasingly significant cyber attacks targeting German companies.

EADS confirmed the attacks, telling Reuters that they were “standard attacks” and that the company is working closely with authorities to address the problem.

EADS is the parent company of Airbus and it is also one of the biggest defence contractors in Europe, responsible for projects such as the Eurofighter Typhoon, Eurocopter Tiger and with strong ties to Dassault Aviation, makers of the Rafale fighter jet.

ThyssenKrupp also confirmed the attack, saying it took place in the US and originated from a Chinese internet address. The company did not say whether the hackers obtained any sensitive information.

ThyssenKrupp is one of Europe’s biggest conglomerates, with operations spread out along 670 companies worldwide.

The German Federal Office for the Protection of the Constitution recorded 1,100 cyber attacks from foreign secret services in 2012. Most attacks targeted politicians involved with energy and finance. 

Chinese court jails Apple iPad spies

A South China court has jailed three people for stealing the design to Apple’s iPad 2 tablet computer and using it to make counterfeits.

According to AP, the theft was carried out in a plant run by Foxconn in Guangdong province late last year. It resulted in fake iPad 2 tablets being sold in China before Apple’s official launch of the product.

Xiao Chengsong, the legal agent of Maita Electronics, was jailed for 18 months and fined $23,000 for buying the design from two Foxconn workers.

Foxconn employee Lin Kecheng, was sentenced to 14 months and fined $15,000, while another worker identified as Hou Pengna was given a two-year sentence suspended for one year and fined $15,000. All three were convicted of the crime of violating commercial secrets, it said.

In 2010, Apple’s iPad, the first generation of the tablet computer, was also pirated before its official launch in China and sold as the “iPed” for only a fraction of the cost of the real product.

Foxconn is extremely sensitive about Apple’s designs falling into the wrong hands. When a product went missing, the bloke who was responsible for looking after it was so stressed that he threw himself off a building.


Controversial Huawei proposes $2 billion India market push

Huawei Technologies wants to conquer the Indian market.

The Chinese telecoms company is reportedly looking to invest $2 billion in the country within the next five years.

Huawei vice president Yao Weimin told the papers that India is the company’s  largest overseas market and it already has contracts with five India-based carriers – Reliance Communication, Tata Communications, Bharti Airtel, Idea Cellular and Aircel.  

Its current operation in India employs 6,000 staff, 90 percent of them locals and 2,000 responsible for R&D.

Last month a Bloomberg report suggested India was blocking Huawei from selling equipment to domestic phone carriers, citing espionage concerns and network security issues.

Similarly, in the US Huawai is not exactly flavour of the year – with lawmakers concerned that it could be involved in dodgy dealings. In October lawmakers tried to block a deal between Sprint and Huawei, claiming that close ties with the Chinese military could spell a security breach.

There’s also concern over Chinese banks having close ties with Huawei, with Export-Import Bank of China giving it a $600 million credit line allegedly used to offer cheap financing to some customers.

Back in India, Huawei says it will keep trying to get both feet in the door. It wants to invest $2 billion for an R&D centre, which will provide 3,000 jobs to people in Bangalore. It will also create a production base for networking and communication equipment in Chennai, and training centres for 3G engineers in other main cities.  

Businesses will face widening cyber-security threats in 2011

Many businesses are struggling with how to approach a growing list of cyber security threats according to a report by technology research firm Ovum.

The report, called 2011 Trends to Watch: Security, found that cyber espionage and online fraud are the two most pressing threats that need to be addressed, while other problems like compliance and intellectual property protection also rate high.

Ovum found that cyber espionage had moved from the realm of governments to businesses, meaning that companies can no longer afford to ignore this growing threat. It cited incidents of state-sponsored cyber attacks within the commercial sector, including the allegedly Chinese attack on Google earlier this year. 

34 US companies were found to have endured similar attacks, while the Fortune 500 list are seen as always under threat.

Cloud services and virtualisation are other areas which require focus as they brings new security risks of their own. Ovum said that the pace at which security in cloud computing and virtualisation is being understood is slow, which could create significant challenges for what is ultimately a very open network. 

An exploit on a cloud could have extremely destructive and widespread effects given the shared nature of the service.

Ovum said that a new, holistic approach to security needs to be taken, focusing on protecting assets as opposed to merely defending perimeters.

The study also highlights growing demand for better security on embedded devices like smartphones and tablets which have taken the world by storm over the last couple of years. With the embedded device industry expected to boom further in 2011, security must be tightened.

It is recommended that businesses adopt a risk management strategy, effectively to focus on prevention rather than cure. Ovum also suggests vendors should play an increasing role in improving security on the devices and services they provide.

“Security needs are growing fast,” said Gragam Titterington, analyst at Ovum and author of the report. “Businesses are facing a large-scale, well-organised and well-resourced criminal network which is intent on defrauding them and their customers.”

Whistleblowing site hacked

A whistleblowing site has been hacked and defaced and all its 54,000 files deleted.

Cryptome said that that blocking attacks is nearly impossible due to the purposefully weak security of the Internet.

In a statement it said that “Nearly all security methods are bogus. A competent hacker or spy, or the two working together, can penetrate easily. We monitor and keep back-ups ready. And do not trust our ISP, email provider and officials to tell the truth or protect us.”

And we thought we were paranoid.

Cryptome has revealed the steps the hackers used. First, its EarthLink email account was accessed and its access password changed. Using that email address, the hacker asked for information about Cryptome’s multiple accounts. The Cryptome.org management account was accessed at Network Solutions (NSI) and all “54,000 files (some 7GB) were deleted and the account password changed.”

Cryptome discovered that something was up when it could not gain access to email or its NSI account.

After placing a call to NSI, Cryptome had all files restored except for the previous two days. After chatting with EarthLink online support, email access was restored and NSI emails were received about the management account changes.

The question is, who could have done such a thing? One of the key suspects would have to be China. Cryptome CN publishes information, documents and opinions banned by the People’s Republic of China. But when you publish secrets, you make a lot of enemies. Just as Wikileaks has.