StrategicRISK April edition

Page 16

NEWS FEATURE [ COVER STORY ]

Operation Shady RAT 71 compromised organisations

21

» of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that suddenly lose out to unscrupulous competitors in another part of the world.” McAfee recently uncovered a shocking high-level hacking campaign, dubbed Operation Shady RAT, which involved infiltrating computer systems from national government to global corporations and non-profit organisations, with more than 70 victims in 14 countries. From ‘secure servers’ the perpetrators lifted countless government secrets, e-mail archives, legal contracts and design schemes – see chart, right, showing which types of organisation were affected and where they were located. The most common weakness in most organisation’s IT security is lack of an understanding of who the attackers are. As a result, companies often don’t know how to target their defences. If, for example, you know that your competitors are desperate to get hold of the designs for a new product you’re about to launch, you know to bolster your defences around this key corporate asset. In an investigation into the Operation Shady RAT plot, which ran for five years, McAfee offered some explanations about how the intrusions typically worked. The standard procedure was for a ‘spear phishing’ email containing an exploit (a piece of software or code that takes advantage of a bug or other vulnerability) to be sent to an individual with the right level of access at the company. The exploit, when opened on an unpatched system, would trigger the download of the malicious implant software. That malware executed a backdoor communication channel to the command and control web server. Afterwards, live intruders jump onto the infected machines and move laterally around the organisation establishing more footholds via other infected machines.

Stolen emails published on WikiLeaks These types of electronic attacks are normally perpetrated by different agents than, say, online smear campaigns. Anonymous, one of the most famous ‘hacktivist’ groups, is a loosely co-ordinated global collective with shared ambitions and motivations. On their Twitter account (@AnonOps) members describe themselves as “fighters for internet freedom”, but this hides the full extent of the growing global movement. Anonymous has strong ties to WikiLeaks, as demonstrated by a recent intrusion into US intelligence company Stratfor’s private communications. Last year Anonymous announced that it had stolen the email correspondence of 100 of Stratfor’s employees. In February WikiLeaks began publishing the hacked emails, unmasking Stratfor’s network of secret sources that it relies on to publish intelligence insights for public and private sector clients. But Anonymous suffered a blow in March when 25 members of its Spanish wing were arrested when law enforcers swooped in Latin America and Europe. The suspects were involved in cyber attacks originating from Argentina, Chile, Colombia and Spain that targeted sites including Colombia’s defence ministry and presidency and Chile’s Endesa electricity company and national library. Two of the suspects were only 17. “We hope you understand that we are not hackers on steroids. We are activists and what happens in the world matters to us,” said one of the defendants. The extraordinary thing about Anonymous is the way it recruits a critical mass of sympathisers to participate in its online campaigns. At its heart Anonymous is a group of highly skilled hackers that revel in exposing what they see as moral outrages perpetrated by

14

USA 49

Government

13

Electronics/IT/ communications

13

Defence contractors

6

Real estate/ financial services

6

Heavy industry/ energy

12

Geographic locations of the targets

Non-profit

Indonesia, Vietnam, Denmark, Singapore, Hong Kong, Germany, India 4

3

2

1

Canada Taiwan Japan, South Korea, Switzerland, UK

organisations that represent the status quo. But if these highly skilled hackers fail to penetrate a victim’s security systems then Anonymous launches an online marketing campaign, using Facebook, Twitter and YouTube videos to encourage thousands of other activists to get involved. These aspiring hacktivists don’t necessarily need any technical skills, just a willingness to participate. By downloading relatively simple open source software, which can be launched via any web-enabled device (including mobile phones), the wider Anonymous community targets the victim’s website to bring it down with excessive traffic. This is exactly what happened during Operation Payback, which targeted the MasterCard and Visa websites when they stopped allowing payments to WikiLeaks. This demonstrates the power and influence that Anonymous now holds. Getting your corporate IT defences right is the first step in mitigating some of these threats (see Theory & Practice, page 34). But it’s also worth noting that old tricks work the best. The sturdiest IT security in the world is meaningless if a fraudster calls one of your employees and tricks them into giving up a security passcode. And putting customer experience before cyber security can be a mistake. South Korea’s largest consumer-finance firm, Hyundai Capital Services, learnt the hard way when hackers demanded a ransom to prevent the release of stolen, confidential data. Hyundai’s chief executive now recognises the full extent of the threat. “We are now slowing down the whole organisation. How things look and how they work is now secondary. Security is now first.” SR

Lulzsec members arrested THE FBI ARRESTED FIVE OF THE TOP members of the infamous hacking group Lulzsec in March, acting largely on evidence provided by one of the group’s founding members who had been working for the FBI for months. According to the FBI, the mole was 28-year-old father of two Hector Xavier Monsegur, an influential member of three hacker groups, Anonymous, Internet Feds and Lulzsec, which are allegedly responsible

for cyber attacks against various businesses and organisations throughout the world. Among other things, including bank fraud, the authorities claim that Monsegur was involved in cyber attacks, including the the and dissemination of confidential information as well as denial of service attacks against Visa, PayPal, MasterCard, Sony, Fox and the governments of Algeria, Yemen, Tunisia and Zimbabwe.

StrategicRISK [ APRIL 2012 ] www.strategic-risk.eu

12_14_NewsFeature_SRApr12.indd 14

16/03/2012 12:50


Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.