Category Archives: Stealth Techniques
The internet and the current phenomenon of social media has changed the way we communicate, do business and even socialize, it is a paradigm shift that society has embraced at such speed and ease that rarely a moment goes by in a civilised nation where such technology has not impacted each and every person.
The way in which social media flourishes is that it requires engagement and ‘engagement’ is encouraged by ‘sharing’, and ‘sharing’ comes in various forms whether it be via Facebook’s or LinkedIn ‘Likes’ or actual ‘sharing’ buttons, to sharing the mobile App you have downloaded via a ‘share’ button.
Sharing introduces a whole new realm to how we perceive trust. Studies have shown that the majority of the figures below are a result of people ‘sharing’.
- In one day on the Internet:
- Enough information is consumed to fill 168 million DVDs
- 294 billion emails are sent
- 2 million blog posts are written (enough posts to fill TIME magazine for 770 million years)
- 172 million people visit Facebook
- 40 million visit Twitter
- 22 million visit LinkedIn
- 20 million visit Google+
- 17 million visit Pinterest
- 4.7 billion minutes are spent on Facebook
- 532 million statuses are updated
- 250 million photos are uploaded
- 22 million hours of tv and movies are watched on Netflix
- 864,000 hours of video are uploaded to YouTube
- More than 35 million apps are downloaded
- More iPhones are sold than people are born
As we know ‘sharing’ brings trust, loyalty and generally out of this comes relationship development, whether personal or professional and in turn it is here vulnerabilities may emerge.
Recently the media has been awash with not only industrial cyber espionage reports but of a major issue facing the internet community and that is ‘country sanctioned’ cyber espionage and or attacks.
History may one day reveal that as the United States fretted over the possibility of a “cyber Pearl Harbor” – a catastrophic attack that would take down electrical grids – its economic lifeblood was being slowly drained away by a massive hacking enterprise located in the People’s Republic of China. (Magnuson, 2012)
Cyber Command Commander Army Gen. Keith Alexander last year called the cyber-espionage being conducted against U.S. companies the largest transfer of intellectual property from one nation to another in the history of the world. (Magnuson, 2012)
Eric Rosenbach, deputy assistant secretary of defense for cyber policy, said the nation is not as focused on intellectual property theft as it should be. A catastrophic cyber war is important to prepare for, but an unlikely scenario. Stealing data important to the nation’s economic security, meanwhile, is occurring here and now. (Magnuson, 2012)
We all have seen them on our travels or have had friends bring back ‘knock offs’ from trips to Asia, watches, handbags, sunglasses, fashion items even IPHONEs and computer software. All produced with such high quality similarities that it is hard at times to distinguish the ‘fake’ from the real item.
The proliferation of the internet and its related activity has allowed for ‘copying’ to occur at a rate that cannot be controlled or monitored. The aforementioned figures identify the staggering internet traffic and streaming that is taking place on any given day.
Experts describe a large, technologically advanced and well organized enterprise coming out of China that is going after businesses large and small. Any firm that has a trade secret, or could be used as a stepping stone to a larger company, is a potential target. Intellectual property theft has the potential to erode a company’s profits or even bankrupt it. There is no magical software that can stop every intrusion attempt, but even companies with few resources can take steps to mitigate the risk, experts told National Defense. (Magnuson, 2012)
To thwart the Chinese cyber-espionage enterprise, it is important to characterize it. In the world of network security, it was once called the “advanced persistent threat.” But government officials have done away with using that euphemism: it’s China, they now say. The October 201 1 “Foreign Spies Stealing U.S. Economic Secrets in Cyberspace” report, produced by the FBI‘s office of national counterintelligence executive, acknowledged that the attacks came from China, but stopped short of blaming the Chinese government, which routinely denies involvement. (Magnuson, 2012)
Jason Lewis, chief technology officer of Looking Glass Cyber Solutions, said, “In general, when you have a situation where the state runs everything, you have to assume that the state is involved in any enterprise.”
In country “scouts” doing the reconnaissance are increasingly using social media websites to gather personal information to use in phishing attacks, said Dave Papas, chief operating officer of Cyveillance, a subsidiary of QinetiQ North America that provides security for Fortune 500 companies. (Magnuson, 2012)
Friends, hometowns, hobbies, anything that can be placed in the email to make the target believe it is a legitimate message, can be used and every piece of information is a means to an end.
It was recently reported in the Australian Financial Review that an “…Australian chief executive was travelling in China recently when he received a curious email from his adult daughter asking if “Daddy” was having a good time. But it wasn’t his daughter who had sent the email…” (Grigg, 2013) It was a ‘phishing’ attack to penetrate the chief executives lap top and such a line in the email idicates the logistical efforts of a well resourced and technologically advanced team to not only hack into the executives daughters email but to establish his travel movements and the like. Had it not been for the executive being alert and realising that his daughter had not called him ‘daddy’ for a long time, the attempt by the perpetrators failed on this occasion.
This attack is a clear example of an attack that attempts to infiltrate a network in the form of an phishing email, a well-crafted letter that seemingly comes from a friend or business associate. This tactic has not changed in years, but is growing more sophisticated and frequent. Why? Phishing attacks work and, “it is a lot easier to control humans than the technology,” said Rick Doten, vice president of cybersecurity for DMI, a firm that does work for the U.S. government. (Magnussen, 2012)
This example clearly, supports that we must not count on it being written in anguished English like the common scam letters purportedly originating from Nigerian princesses as it is common place now that native speakers of English are helping compose the phony emails.
Once an attachment or a link to a fake website is opened, specialists in moving around a network without being detected take over and probe for other vulnerabilities. This may mean taking over an email account in order to generate more trusted, fake emails as most likely would have bene the case with the example identified in the Australian Financial Review.
It is well founded that smaller companies, particularly in the defense industrial base, may be used to go after bigger companies – big prime contractors – higher in the food chain. Once the cyberspies have located the information they want, another team takes over to exflltrate it. It is ideally ferreted away in normal traffic without being detected. (Magnussen, 2012)
Open source defence journals have reported the following:
- A US company has identified an organisation in China that it says is responsible for stealing hundreds of terabytes of data from US government organisations and companies
- According to the company, the organisation receives direct funding from the Chinese government through a PLA department called Unit 61398
China is conducting a campaign of sustained and persistent state-sponsored hacking by an organisation referred to as Advanced Persistent Threat 1 (APT1), according to a report from US cyber security company Mandiant that was released on 18 February.
The report, entitled ‘APT1: Exposing One of China’s Cyber Espionage Units’, details wide-ranging hacking activities that Mandiant has traced back to China. It focuses on a particular series of cyber security breaches and intrusions carried out against at least 141 victims from 2006, all of which Mandiant has attributed specifically to APT1. According to the report, “hundreds of terabytes” of data have been stolen in these attacks.
Mandiant concludes that APT1 is able to carry out such sustained and extensive hacking activities because it receives direct government backing. It names the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s 3rd Department, or Unit 61398, as the organisation behind this activity. This group is also informally referred to as Comment Crew or Comment Group. Mandiant states the allegations are based on its own forensic analysis of similarities in the characteristics and geographical sources of hacking activity.
Comment Crew’s activities were traced to the Pudong New Area of Shanghai, where Unit 61398 is believed to engage in computer network operations. Mandiant said Unit 61398 is staffed by “hundreds, if not thousands” of people that have undergone cyber training and are proficient English speakers. Of the victims tracked in the Mandiant report, 87% are headquartered in countries where English is the native language.
Andrew Beckett, head of cyber security consulting at Cassidian, told IHS Jane’s that “the Mandiant report provides no surprise to those involved in cyber security and this should provide a wake-up call to industry and governments. Comment Crew are one of many groups Cassidian know of that are operating in this area”.
China’s Ministry of National Defence rejected Mandiant’s findings. “The Chinese military has never supported any kinds of hacker activities, so saying that the Chinese military is involved in internet attacks is neither professional nor consistent with the facts,” it said in a statement released on 19 February.
However, I recall from one of my lectures in my Masters of National Security, from American Military University that China allegedly has in excess of 50,000 persons engaged in ‘internet espionage at any one time.
So, next time you get that ‘friend’ request or you ‘like’ or ‘fan’ a page in Facebook or in any other form of social media or email, always remember that ‘friend’ or ‘like’ could be just be a foreign spy……
Grigg, A, 2013, ‘Australian Execs Among Those Hacked In China’ The Australian Financial Review, 26 January 2013.
Magnuson, S. (2012). Stopping the chinese hacking onslaught. National Defense, 97(704), 26-28. Retrieved from http://search.proquest.com/docview/1026586020?accountid=8289
Social Skinny, 2012, http://thesocialskinny.com/100-social-media-mobile-and-internet-statistics-for-2012/