A cybersecurity consulting firm has documented the existence of a China-based espionage operation that has infiltrated the
computer systems of at least 22 organizations in the government and private sectors in the U.S., Europe and Asia.
But the biggest surprise was how the compromised entities reacted when notified of the breach by e-mails, which were followed
up by phone calls.
“Not a single company actually responded. No one said ‘thank you,’ no one said give me more information, how did you do this,
nothing,” Adam Vincent, chief executive of Cyber Squared, said Tuesday. “Either we notified the wrong people or people didn’t
care. I’m not sure which.”
Cyber Squared won’t disclose the names of the organizations that seemed to ignore what the firm found to be a sophisticated
attack, most likely sanctioned or sponsored by some entity within China.
The victims included U.S. public policy think tanks, North American technology companies, European food safety, environmental
and maritime organizations, East Asian economic policy and diplomacy groups, and international mining organizations and law
firms. What was stolen from these organizations is not known.
The reason Cyber Squared believes the attacks were state sanctioned or sponsored is because all the victims were tied to Chinese
strategic interests. For example, one organization was involved with efforts in the U.S. government to sell F-16 fighter jets
to Taiwan, an action China opposed. Another was involved with efforts in the United Nations to minimize greenhouse gas emissions
within the international maritime industry.
In many ways, the operation was a classic example of what the security industry calls an advanced persistent threat, which
means the attackers studied each organization closely in order to tailor the attack to specific people. The cyber criminals
constantly updated the malware used in order to hide from antivirus software and other security technology found on most organizations’
networks.
Cyber Squared was introduced to the espionage operation in September 2011, when an organization connected to the Taiwan discussions
received e-mail with an address that closely resembled the name of a senior executive. The missive, sent from a popular U.S.
Web mail service, contained a link to a Web site that directed the victim to download a malicious file. The e-mail was sent
within 32 hours after Congress received a bill that would authorize the jet sale to Taiwan.
The simplicity of the original e-mail and malware masked a highly sophisticated operation that would subsequently download
software tools and file-stealing applications that could spread through a corporate network in secrecy, Vincent said. Attackers
often wait to launch their best malware after they’ve infiltrated a system. “They’re not going to bring their A-game, if they
only need C-players.”
While Cyber Squared could only identify 22 organizations, it believes dozens more have been compromised by the cyber criminals,
who are capable of managing spy operations in each compromised organization at the same time “like moving pieces on a chessboard,”
Vincent said.
Union heavyweight Paul Howes has renewed his attack on China’s trading practices, calling for an inquiry into allegations of cyber espionage.
The AWU national secretary says Australian manufacturers and food producers are being forced to compete on an uneven playing field.
He says China is engaging in “possibly illegal” practices by undervaluing its currency, dumping products onto international markets and even spying on competitors.
“Other countries, most particularly China, have again been flouting their WTO obligations in regards to intellectual property theft and hacking,” Mr Howes said in his keynote address to a national convention of Australian vegetable growers in Hobart.
“China has been accused of using industrial espionage as part of economic policy by stealing company secrets to attack foreign competitors.
“A strong government response to this would involve a full-scale inquiry into allegations of cyber espionage, and lodging a case with the World Trade Organisation.”
Mr Howes has previously criticised the devaluation of the yuan and said on Friday it could be as much as 40 per cent below its market value.
He said that was contributing to an overvaluation of the Australian dollar which was hurting sectors of the economy.
“By refusing to remove to a freely floating currency the Chinese are flouting the world’s rules in order to give themselves a significant trade advantage,” he said.
“China must take its new role as an emerging power in the world seriously and adopt the rules that successfully allowed it to emerge as an economic powerhouse.”
Mr Howes said Australia could only take advantage of the huge growth expected in Asia if it avoided “Dutch disease”, an influx of money into the mining sector alone.
“The danger … is that in the meantime we allow industries such as manufacturing, food and vegetable production to drift,” he said.
“It’s all well and good to talk about becoming the food bowl of Asia but we must take decisive action now to prepare ourselves.”
If you have a Mac Pro system and have updated to Apple’s recently released OS X 10.7.4 update, you may find an apparent warning window appear whenever you reboot your system. The warning looks like a standard information dialog box window that contains a picture of a Mac Pro system from the side, but the rest of the window contains no information of value.
Instead of a hint at what the warning could be about, the window simply states “keyApplicationTitle” in the area where the referenced application name might be, “keyWarningOptimalInfo” where the information or warning description text might be, and instead of an OK button the only button in the window contains the text “keyOKButton.”
(Credit:Â VicB01 / Apple Discussions)
This window appears at boot-up for some Mac Pro users who have upgraded to OS X 10.7.4.
These components are clearly the code structure that Apple uses to insert the appropriate text strings into the window, but it appears either a syntax error or some similar oversight has caused the string association to misfire, and instead put the object titles into the window. Clicking the OK button seems to close the window with no apparent change to the system; however, the intent of the warning is lost to those who are experiencing it.
This error is reminiscent of the one that appeared with the previous OS X 10.7.3 update, where users were finding interface elements being replaced with odd green and pink patterns, with red question marks and orange “CUI” text. While not as widespread as the one in OS X 10.7.3, this one evokes similar confusion in its that users cannot figure out what their systems are trying to tell them.
Simple tests like booting to Safe Mode show no change in the behavior of this error, so those who experience it can either tolerate it or try reinstalling the OS X 10.7.4 Combo update, and perform simple maintenance procedures like running a permissions fix on the boot drive, or at the very worst reinstalling OS X followed by again applying the combo updater, though these steps are not guaranteed to work.
Hopefully Apple will clarify the situation soon, but until then Mac Pro users with this issue may have to dismiss the bizarre warning window every time they boot their systems.
A scientist indicted in U.S. District Court for allegedly emailing trade secrets from a Utah drug company to his brother-in-law in India has pleaded guilty to one count of unlawful access to a protected computer.
The case against Prabhu Mohapatra, 42, of North Logan, marks the first time an industrial espionage case has been filed against a Utah defendant, according to the FBI.
In exchange for Mohapatra’s plea, 25 other charges were dismissed, including those related to the theft of trade secrets.
He faces up to five years in prison when he is sentenced Aug. 28 by Judge Clark Waddoups.
A senior scientist at Logan’s Frontier Scientific Inc., Mohapatra admitted accessing a company computer to obtain the chemical recipe for Meso-tetraphenylporphine, according to court documents.
He then sent the recipe to his brother-in-law, who was employed by a competing company, according to the initial indictment.
Mohapatra, who worked at Frontier Scientific from 2009 to 2011, was caught after a co-worker noticed suspicious behavior and reported it to management, court documents state.
The Canadian military has evacuated staff from the Halifax naval intelligence facility where a sailor accused of espionage was working before his arrest.
The Department of National Defence said authorities are conducting a security sweep of HMCS Trinity to see whether this confidential communication centre has been compromised.
Sub-Lieutenant Jeffrey Paul Delisle was charged Jan. 16 under Canada’s Security of Information Act and faces the possibility of life in prison if convicted.
Experts are scanning Trinity, a naval communications and surveillance centre, for evidence of espionage or mechanisms designed to leak information to outsiders.
“The place is being investigated …. [for] software, hardware, bugs, the works,” a military official said.
Trinity staff have been temporarily moved a few kilometres away.
“As part of a normal and prudent business contingency plan, personnel belonging to elements of HMCS Trinity have been relocated to 12 Wing Shearwater for an undetermined period of time as a security precaution,” said Captain Karina Holder, spokeswoman for the Canadian Forces Provost Marshal, who commands the military police.
