Came across an interesting story about the halls of Congress being hacked in October 2006. Although no one knows or is saying, some speculate that the attack can be traced to the Chinese, who seem to get accused of hacking into a lot of government systems (worldwide). Of course, the Chinese officially deny these allegations.
Shane Harris of the National Journal reported the attack was initially discovered in one office, but cyber-investigators eventually traced it to eight members' offices, where one or more computers were infected. Besides this, seven committee offices, including the Commission on China, Ways and Means and the International Relations Committee were identified as having compromised computers in them. The International Relations Committee (now the Foreign Affairs Committee) had 25 infected computers and an infected server found in it.
The virus discovered was a trojan designed to allow malware (malicious software) to invade government machines and steal information. The investigation revealed that the trojan was probably downloaded by an employee, who clicked on a link in a spam e-mail. This method of dropping a virus on a computer is usually referred to as Phishing.
Phishing attacks are normally designed to steal personal and financial information, which is later used to commit financial crimes and identity theft. While most phishing attacks (from a historical perspective) have been financially motivated, we are now seeing more person/position-targeted attacks. This type of phishing is referred to as spear phishing or whaling. In April, there were reports of spear phishing attacks against corporate executives all over the country.
The unidentified hackers used a wide-array of attack methods and the malware was downloaded from random Internet addresses. It's suspected they were using other infected machines to launch the attacks, which makes the activity even harder to trace. In this latest instance, it makes sense; the intent was to steal confidential and sensitive information.
The article points out that there is a lot of evidence that the Chinese have "penetrated deeply" into both government and corporate systems.
Just hours before the Olympics, Joel Brenner, the top U.S. counterintelligence official, warned Americans to leave their smart phones and other wireless computer devices at home. He told CBS News that the public security services in China can turn on a cell phone and activate its microphone when the owner thinks it's off. In July, Senator Sam Brownback also warned that China was planning to mount a massive espionage operation on guests staying at major hotels during the Olympics.
Last year there was speculation in the press that Commerce Secretary Carlos Gutierrez's laptop was hacked during a visit to China and the information was used to hack into government computers. Even scarier, rumors abound that Chinese hackers have already attacked power grids and that they are developing a cyber-warfare capability.
The article's conclusion points to a just released Report of the CSIS Commission on Cybersecurity for the 44th Presidency. The study recommends that President Elect Obama establish a Cyber-Security Directorate in the NSC, who would direct a National Office for Cyberspace.
As a mere observer of all of this, I think President Elect Obama needs to take this report seriously. We need to remember (especially while a financial crisis is going on) that besides being a threat to National security, hacking also threatens our financial stability. Although this post points to the Chinese, they certainly aren't the only players in the International hacking game, and the problem it presents isn't going away. Sadly, some believe the problem is getting worse.
There is little doubt that change is needed in the way we address this problem and hopefully this is what will occur.
Showing posts with label spying. Show all posts
Showing posts with label spying. Show all posts
Sunday, December 21, 2008
Wednesday, July 04, 2007
FlexiSpy - software that spies on people via their smart phone
There is already a lot of "buzz" that mobile phones, especially those of the smarter variety, will be targeted for their "information value."
A product called "FlexiSPY" is being legally sold, which allows anyone (with the money to buy it) to invade the privacy of someone, who uses a smart phone.
Here is FlexiSPY's marketing pitch (from their site):
A product called "FlexiSPY" is being legally sold, which allows anyone (with the money to buy it) to invade the privacy of someone, who uses a smart phone.
Here is FlexiSPY's marketing pitch (from their site):
Catch cheating wives or cheating husbands, stop employee espionage, protect children, make automatic backups, bug meetings rooms etc.
If FlexiSPY is installed on a smart phone, it downloads data to their server 4 times a day, which can be accessed via the Internet by anyone paying for their service 24 hours a day, 7 days a week.
The FlexiSPY site blasts F-Secure, a security vendor, for calling their software a trojan, and claims FlexiSPY will not answer their e-mails. This is probably because F-Secure was the first one to question this software and it's potential abuse factor. The site claims F-Secure's true intent is to sell their own software, which can remove FlexiSPY.
This is partially true, billions are made in the spy versus spy (white-hat versus black-hat) world of computer security. Although, in all fairness, F-Secure isn't the only on record that is worried about the use of FlexiSPY's spyware.
According to FlexiSPY, their software IS NOT a trojan because it has to be loaded on a telephone by a human being, and the software doesn't replicate itself.
I wonder how long it will be before a hacker figures out how to drop the software remotely? Of course, it also makes sense that FlexiSPY wouldn't want someone to be able to replicate their software. Replicated software doesn't make them any money.
I'll leave it to the reader's imagination how a product like this could be used by criminals, spies, or stalkers.
It never ceases to amaze me how some of these products are sold right over the Internet to ANYONE! It gives credence to the old saying, "there ought to be a law."
The FlexiSPY site blasts F-Secure, a security vendor, for calling their software a trojan, and claims FlexiSPY will not answer their e-mails. This is probably because F-Secure was the first one to question this software and it's potential abuse factor. The site claims F-Secure's true intent is to sell their own software, which can remove FlexiSPY.
This is partially true, billions are made in the spy versus spy (white-hat versus black-hat) world of computer security. Although, in all fairness, F-Secure isn't the only on record that is worried about the use of FlexiSPY's spyware.
According to FlexiSPY, their software IS NOT a trojan because it has to be loaded on a telephone by a human being, and the software doesn't replicate itself.
I wonder how long it will be before a hacker figures out how to drop the software remotely? Of course, it also makes sense that FlexiSPY wouldn't want someone to be able to replicate their software. Replicated software doesn't make them any money.
I'll leave it to the reader's imagination how a product like this could be used by criminals, spies, or stalkers.
It never ceases to amaze me how some of these products are sold right over the Internet to ANYONE! It gives credence to the old saying, "there ought to be a law."
FlexiSPY even lists several electronic publications on their site as "talking about them." I decided to see what a few of them (besides F-Secure) had to say.
Gizmodo states:
Gizmodo states:
The software allows a sickening amount of privacy invading features.
Endgaget states:
While FlexiSPY is designed to install itself invisibly, it's now been officially categorized as a trojan (which, face it, it really is) and has been added to F-Secure's virus database.
And the Register states:
A piece of software which allows a user to track another person's mobile phone use would be almost impossible to use in the UK without breaking the law, according to a surveillance law expert.
If fact, using this software could be illegal and subject to penalties in most of the civilized world. Most of these countries would require some sort of court order, even if this technology were to be used by law enforcement.
Gizmodo story, here.
Engadget story, here.
Register story, here.
FlexiSPY acknowledges the same concern that the surveillance law expert brings up in the Register article about them:
It is the responsibility of the user of FlexiSPY to ascertain, and obey, all applicable laws in their country in regard to the use of FlexiSPY for "sneaky purposes". If you are in doubt, consult your local attorney before using FlexiSPY. By downloading and installing FlexiSPY, you represent that FlexiSPY will be used in only a lawful manner. Logging other people's SMS messages & other phone activity or installing FlexiSPY on another person's phone without their knowledge can be considered as an illegal activity in your country. Vervata assumes no liability and is not responsible for any misuse or damage caused by our FlexiSPY. It's final user's responsibility to obey all laws in their country. By purchasing & downloading FlexiSPY, you hereby agree to the above.
I guess the old latin saying "caveat emptor" (buyer beware) applies in this instance!
Saturday, March 11, 2006
How Dangerous is China
David Perera of GovExec.com wrote an interesting piece deducting that Chinese hackers might be more interested in hacking our logistic systems than more classified systems that the military uses.
David Perera writes:
Last November, I wrote about, US Military Hacked, Sober Worm Goes Worldwide, What Next?
"The Chinese (who seem to be behind the most recent attack on the military) have been suspected of selling technology (including nuclear) to governments, who might be dangerous to world peace. All one has to do is read the story of AQ Khan, who developed nuclear weapons for Pakistan and admitted selling secrets to North Korea, Libya and Iran. There is a lot of speculation that he obtained a lot of his knowledge from the Chinese, who were caught stealing nuclear secrets from us during the Clinton Administration, Online NewsHour: Spies Among Us -- June 9, 1999."
There is also a lot of other evidence that the Chinese are heavily involved in cyber-espionage activities. The FBI Computer Crime Survey stated that China was responsible for 23.9% of the cyber attacks in their survey.
Of course, the United States is still the number one source, but one has to consider that the internet is heavily censored in China. This would lead a logical person to come to the conclusion that certain activities are being tolerated by those, who censor it.
In fact, some have dubbed it the "Great Firewall of China."
Another factor to consider is organized criminal activity of Chinese origin:
Chinese Criminal Enterprises - US Department of State
One of the activities, they are actively involved in is "illegal immigration," which could provide a conduit for planting spies in the industrial and financial sectors.
Patrick Devenny of FrontPage.com recently wrote a story, where he quoted Sun Tzu from the Art of War:
In his article, he writes:
AND there could be more ominous implications. One of the biggest threats today is the possibility of Iran becoming a nuclear power.
Guess who has been providing them with technology that could have stolen from us-China (courtesy of NTI).
David Perera writes:
For Americans today, war evokes images of roadside bombs and hidden snipers in the Middle East. But Defense Department planners who are paid to think about future wars worry about the People's Republic of China. Rising powers long have challenged dominant countries for primacy - it's an old story. And now, nobody is more powerful than the United States.Full story, here.
Logistics information literally is the bread and butter of the military. Track the supply lines of materiel and personnel and you'll know where troops are headed. Disrupt that supply line, and you will have created a barrier to getting there quickly. Amateurs study tactics, professionals study logistics, goes the Pentagon cliché. Yet great chunks of logistics information flow across the unclassified Defense Department system, the Nonsecure Internet Protocol Router Network, or NIPRNet. The Pentagon maintains a separate network for secret information, but the NIPRNet is its daily workhorse.
The world's largest network once was one built from flagstone-paved roads extending 53,000 miles in Roman antiquity. The roads were designed as a tool for policing an empire, and also for trade and communications. Unfortunately for the Romans, barbarians found them equally useful for their own purposes - attacking legionnaires - and eventually the Roman Empire was no more.
Last November, I wrote about, US Military Hacked, Sober Worm Goes Worldwide, What Next?
"The Chinese (who seem to be behind the most recent attack on the military) have been suspected of selling technology (including nuclear) to governments, who might be dangerous to world peace. All one has to do is read the story of AQ Khan, who developed nuclear weapons for Pakistan and admitted selling secrets to North Korea, Libya and Iran. There is a lot of speculation that he obtained a lot of his knowledge from the Chinese, who were caught stealing nuclear secrets from us during the Clinton Administration, Online NewsHour: Spies Among Us -- June 9, 1999."
There is also a lot of other evidence that the Chinese are heavily involved in cyber-espionage activities. The FBI Computer Crime Survey stated that China was responsible for 23.9% of the cyber attacks in their survey.
Of course, the United States is still the number one source, but one has to consider that the internet is heavily censored in China. This would lead a logical person to come to the conclusion that certain activities are being tolerated by those, who censor it.
In fact, some have dubbed it the "Great Firewall of China."
Another factor to consider is organized criminal activity of Chinese origin:
Chinese Criminal Enterprises - US Department of State
One of the activities, they are actively involved in is "illegal immigration," which could provide a conduit for planting spies in the industrial and financial sectors.
Patrick Devenny of FrontPage.com recently wrote a story, where he quoted Sun Tzu from the Art of War:
Foreknowledge cannot be gotten from ghosts and spirits, cannot be had by analogy, cannot be found out by calculation. It must be obtained from people, people who know the conditions of the enemy.
In his article, he writes:
Daily, we read of the threat from Terrorism. While this isn't an issue to be ignored, we can't afford to ignore what seems to be an ongoing and calculated threat from China.The list of additional recent Chinese espionage cases is long and disturbing. It includes, among others, the theft of Blackhawk helicopter engines and optical devices by a South Korean man arrested last year. A Chinese-American couple in Wisconsin was arrested in 2004 for sending over $500,000 worth of computer parts to the Chinese government that can be used to improve missile guidance systems.
Statements from officials such as Szady hint that cases like these are just a small sample of the overall secret Chinese war against America. Indeed, in the words of one unnamed senior FBI source, “the Chinese are stealing us blind, the 10 year technological advantage we had is vanishing.”
AND there could be more ominous implications. One of the biggest threats today is the possibility of Iran becoming a nuclear power.
Guess who has been providing them with technology that could have stolen from us-China (courtesy of NTI).
Subscribe to:
Posts (Atom)
