Shell, Rolls Royce reportedly hacked by Chinese spies

Jeremy Kirk
InfoWorld
Website: http://www.infoworld.com

San Francisco - Britain's domestic intelligence agency is warning that cybercrime perpetrated by China is on the rise following hacking attacks against Rolls-Royce and Royal Dutch Shell.

The agency, known as MI5, recently sent letters to some 300 banks, accounting and legal firms warning that "state organizations" of China were plying their networks for information, according to the Times of London on Monday.

The U.K. government refused on Monday to confirm the letters. However, the reported correspondence comes just a month after the U.K.'s top domestic intelligence officer warned of "high levels" of covert activity by at least 20 foreign intelligence agencies, with Russia and China as the most active.

"A number of countries continue to devote considerable time and energy trying to steal our sensitive technology on civilian and military projects, and trying to obtain political and economic intelligence at our expense," said Jonathan Evans, director general of MI5, in Manchester, U.K., on Nov. 5.

"They do not only use traditional methods to collect intelligence but increasingly deploy sophisticated technical attacks, using the Internet to penetrate computer networks," he said.

The Times, quoting an unnamed source, reported that Rolls-Royce's network was infected with a Trojan horse program by Chinese hackers that sent information back to a remote server. Dutch Shell uncovered a Chinese spying ring in Houston, aimed at pilfering confidential pricing information for the oil giant's operations in Africa, the paper said, citing "security sources."

Representatives for both companies contacted in London on Monday did not return calls for comment.

The rise in hacking originating in China and Russia has been well-documented by security researchers. But its been harder to distinguish between state-sponsored hackers and those just operating in the same geographic region, said Graham Cluley, senior technology consultant for security firm Sophos PLC.

Some 30 percent of the malicious software created is written by Chinese, Cluley said. But about 17 percent of those programs are designed to steal the passwords of users who play online games rather than intended for industrial espionage, he said.

"It's not all James Bond," Cluley said.

Hackers are also tough to trace since they can often control networks of other computers, called botnets, which can be used to carry out commands and attacks.

Botnet investigations are time-intensive and difficult for law enforcement since the computers are often in different countries, requiring international legal cooperation.

Spying to gain an advantage over a commercial competitor is nothing new, and it's hard to definitively blame China for it, said Peter Sommer, who teaches information systems security at the London School of Economics and also wrote "The Industrial Espionage Handbook."

The job of an industrial spy has also become a lot easier with the advent of the Internet, Sommer said. About 90 of intelligence collected by agents is "open source," or already public information.

"You no longer have to get into buildings and try and meet people," Sommer said.

Public Web sites of companies are rife with e-mail addresses of employees who can be "spear-phished," or sent e-mail with a malicious software such as a keystroke logger. The hacker uses social-engineering tricks in order to get the worker to open the attachment, opening up access to a company's network.

McAfee: Vista Likely a Hacker Target in 2008

Jennifer LeClaire
News Factor Network
Website: http://www.newsfactor.com

Windows Vista is being relegated to the doghouse again this week for being slower than XP, and security experts are warning that Vista might face more serious malware in the upcoming year.

New tests show that Windows XP, coupled with the forthcoming Service Pack 3, performs twice as well as Vista with SP1. Devil Mountain Software discovered that a preview version of SP3 for Windows XP offered a 10 percent performance boost. The software development firm said that performance gains with SP1 for Vista were negligible.

However, slower speed is one issue, security is another. Considering the probability that more businesses will begin migrating to Vista in 2008, security analysts say that the security of Microsoft's latest operating system might be a larger problem than performance.

Vista Migration Mixed with Danger?

The release of Service Pack 1 for Windows Vista is likely to accelerate the adoption rate of Redmond's latest operating system and have a corresponding impact on the bottom lines of malware writers, who have largely continued to target Microsoft's earlier operating systems. According to McAfee, if professional malware authors begin to see an impact on their businesses as Vista becomes more popular, they might expand their efforts to find holes in the new operating system.

Of course, the antivirus firm added, that doesn't mean older threats to Windows XP will disappear. It was several years after the Java vulnerability named in Microsoft Security Bulletin M503-011 was patched before exploits targeting that vulnerability fell off the list of McAfee Avert Labs top 10 threats to consumers. The old threats will persist, McAfee warned, but a new crop is on its way.

The National Vulnerability Database reported 10 Vista vulnerabilities in the first nine months after the OS was released. This compares with 16 XP vulnerabilities during the same length of time. The number of reported Windows XP vulnerabilities more than doubled in the following 12 months. If history repeats itself, McAfee cautioned, businesses can expect far more than 20 Windows Vista vulnerabilities to be reported in 2008.

2008: A Year of Security Challenges?

The way iSight Partners' Director of Global Response Ken Dunham sees it, 2008 is a significant year for Windows Vista. On the business side, he noted, 2008 marks the year when many corporations will start to consider Vista seriously.

Dunham also said that 2008 presents new opportunities for hackers who are looking for corporate assets to attack while companies migrate to Vista. "Vista contains many new important security updates but is not invulnerable to attack," Dunham argued. "Hackers are actively looking for ways to exploit Vista, Internet Explorer 7, and other new features for maximum profit."

Of course, Vista isn't the only software system facing security threats. McAfee said there's a target on Web 2.0, online gaming, and instant messaging. "Threats are increasingly moving to the Web and migrating to newer technologies such as VoIP and instant messaging," Jeff Green, senior vice president of McAfee Avert Labs, said in a statement.

"Professional and organized criminals continue to drive a lot of the malicious activity," Green said. "As they become increasingly sophisticated, it is more important than ever to be aware and secure when traversing the Web."

Google Purges Malware Sites Targeting Searchers

InformationWeek
Website: http://www.informationweek.com

In response to a concerted effort by cybercriminals to infect the computers of Google users with malware and make them unwitting partners in crime, Google apparently has purged tens of thousands of malicious Web pages from its index.

In a blog post on Monday, Alex Eckelberry, CEO of Sunbelt Software, noted that many search results on Google led to malicious Web pages that expose visitors to exploits that can compromise vulnerable systems.

"We're seeing a large amount of seeded search results which lead to malware sites," said Eckelberry. "These are using common, innocent terms -- one researcher landed on a malware site through searching for alternate firmware for a router."

Sunbelt published a list of search terms that returned malicious pages, the result of search engine optimization campaigns by cybercriminals to get their pages prominently ranked in Google -- Sunbelt refers to this as "SEO poisoning." The list includes hundreds of search strings containing the words "Microsoft Excel," along with a number of other popular technology-oriented terms, products, and companies.

On Tuesday, the SANS Institute said that the number of vulnerabilities in Microsoft Office had grown by 300% from 2006 to 2007, particularly in Excel.

A Microsoft spokesperson wasn't immediately available.

Sunbelt researcher Adam Thomas in a blog post attributes the thousands of pages to a bot net designed "to post spam links and relevant keywords into online forms (typically comment forms and bulletin board forums)," in order to place prominently in Google searches for those terms.

Those duped into visiting malicious Web pages from Google search results could, if their systems are vulnerable, acquire malware known as Scam.Iwin, which is designed to use the victim's computer to defraud Google and its advertisers. "With Scam.Iwin, the victim's computer is used to generate income for the attacker in a pay-per-click affiliate program by transmitting false clicks to the attacker's URLs without the user's knowledge," explained Thomas in a blog post. "The infected Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the Internet."

Google didn't respond to a request for comment.

But it appears Google has deleted the malicious pages from its index. "Google took action on these domains and you won't find them anymore in Google," said Eckelberry.

According to Trend Micro, cybercriminals have been planning for the holiday online shopping season for months.

"Since September, cybercriminals have been boosting their search engine rankings using a variety of methods such as 'comment spam' and 'blog spam' in preparation for the Christmas period," said Raimund Genes, CTO of Trend Micro, in an e-mailed statement. "With shoppers visiting these sites likely to purchase goods online after infection, their credit card details become a main target for cybercriminals looking for financial gains this season."

Eckelberry credits the cybercriminals responsible with being particularly crafty because they attempt to conceal their malicious Web pages from certain types of searches favored by malware researchers.

See original article on InformationWeek.com