'Nitro' : who hacked US chemical companies, and why?
http://www.crn.com/news/security/231...LQg**.ecappj02Chinese hackers tried to penetrate the computer systems of 48 chemical and military-related companies in a late summer cyber attack to steal design documents, formulas and manufacturing processes, a security firm reported Tuesday.
The attack ran from late July to mid-September and appeared to be aimed at collecting intellectual property for competitive advantage, reported Symantec, which code-named the attack Nitro, because of the chemical industry targets. Hackers went after 29 chemical companies and 19 other businesses that made advanced materials primarily used in military vehicles.
The attackers were the same Chinese group that targeted human rights organizations from late April to early May and the U.S. auto industry in late May. China and the U.S. have accused each other of industrial espionage for some time. China, which leads the world in the number of people online, is a hotbed for Internet crime, according to experts. The country has often been accused of cyber spying, which the government denies, while claiming to also be a target.
http://www.zdnet.com/blog/security/n...companies/9754Symantec said it traced the attacks back to a computer system that was a virtual private server (VPS) located in the United States.
However, the system was owned by a 20-something male located in the Hebei region in China. We internally have given him the pseudonym of Covert Grove based on a literal translation of his name. He attended a vocational school for a short period of time specializing in network security and has limited work experience, most recently maintaining multiple network domains of the vocational school.
Covert Grove claimed to have the U.S.-based VPS for the sole purpose of using the VPS to log into the QQ instant message system, a popular instant messaging system in China. By owning a VPS, he would have a static IP address. He claims this was the sole purpose of the VPS. And by having a static IP address, he could use a feature provided by QQ to restrict login access to particular IP addresses. The VPS cost was RMB200 (US$32) a month.
While possible, with an expense of RMB200 a month for such protection and the usage of a US-based VPS, the scenario seems suspicious. We were unable to recover any evidence the VPS was used by any other authorized or unauthorized users. Further, when prompted regarding hacking skills, Covert Grove immediately provided a contact that would perform ‘hacking for hire’. Whether this contact is merely an alias or a different individual has not been determined.
We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role. Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties.
http://www.alaskadispatch.com/articl...mical-industry"The question is: Who is 'they?' " writes James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), a Washington think tank, in an e-mail interview. "The Chinese government encourages economic espionage [for illicit acquisition of technology], but that does not mean it directs all economic espionage."
Reply With Quote
Bookmarks