Massive Cyber Spy Ring Discovered

Researchers from two major universities have uncovered what they believe is a worldwide cyber spy ring proliferated by the Chinese government.  Researchers from the University of Toronto found that very complex and powerful rootkit malware was installed on machines worldwide from embassies, international organizations and other government officials.

The Christian Science Monitor is reporting…

Thirty percent of the targeted computers could be considered “high-value” targets. No US government computers were compromised; however, the cyber spies broke into a NATO computer for half a day.

Researchers were called in to investigate by the Dalai Lama when it was believed that Tibetan e-mail communications were being intercepted.  What was initially a very focused investigation quickly blew up into a major worldwide discovery.

It is important to report, because all evidence points towards China, doesn’t mean it is orchestrated by them.   Dan Colarusso writes, “The investigation, which doesn’t point at the Chinese government specifically.”

“This could well be the C.I.A. or the Russians. It’s a murky realm that we’re lifting the lid on.” said Ronald J. Deibert, a member of the research group and an associate professor of political science at the University of Toronto.

Don’t get worried about a ‘mega-uber-dooper secret un-stoppable malware infection’.  This isn’t a complex attack by any means.  It is social engineering at its best.  Social engineering was made famous by hacker Kevin Mitnick.

Forensics by Deibert and his team found that the attack originally started on a message board.  A monk had been engaging in a normal conversation where a hacker targeted him based on his e-mail address domain.  A hacker sent him an infected PDF and Word document to start the attack.  The hacker then began intercepting his communications and began targeting upper echelon targets on his e-mail contact list.  His attack continued scaling up until major ‘high value’ targets were infected.

It is true that your network is only secure as your weakest link, and no your router or OS is not your weakest link.  Your weakest link is likely the people who have access to the network already and divulge information much too easily.  It is still important to defend from random attacks simply based on holes and vulnerabilities, but just as important if not more to educate users of your network on good practices to stop social engineering attacks.