Presentation on theme: "CHINESE HACKERS. Where do they come from? In 2007 private security firm Mandiant was hired by the New York Times to trace cyber-attacks on their network."— Presentation transcript:
Where do they come from? In 2007 private security firm Mandiant was hired by the New York Times to trace cyber-attacks on their network - they discovered an astronomical number coming from a twelve story building on the outskirts of Shanghai that’s operated by the People’s Liberation Army (PLA), Unit 61398. http://www.youtube.com/watch?v=PsAPTEN-oW4
Who’s the PLA? "The PLA is the world's largest military force, with approximately 3 million members, and has the world's largest (active) standing army, with approximately 2.25 million members. The PLA comprises five main service branches, consisting of the PLA Ground Force, PLA Navy (PLAN), PLA Air Force (PLAAF), Second Artillery Corps (strategic missile force), and the PLA Reserve Force."
What types of intellectual property are they after?
How do they do it? Human engineering is used to steal credentials and e-mail addresses. Hundreds of Chinese spies are living and working in the U.S. Gmail accounts are used for spear-phishing e-mail attacks - bounces and non-delivery receipts. Trojan horses are installed as a result. Windows remote desktop used to take over computer systems (turn this off if you’re not using it). Lightbolt tool - embedded certificate allows access to secured webpages. Ftp used to transfer malware from Shanghai servers to compromised machines. Ghost rat and Webc2 head command and control server allows the actor complete control of host windows system. HTRAN used to transfer files. Telnet used to list compromised e-mail messages.
A brief history highlighting Chinese Hacking in the U.S. 9/2007: The Chinese military is accused of hacking in to the Pentagon computer network serving Defense Secretary Robert Gates, resulting in the network being offline for several days while it is repaired. 11/2008: Chinese Hackers penetrated the White House Computer network and stole e-mails between government officials. The more secure network containing classified material was not compromised. The type of attack used was known as spear phishing where specific individuals were targeted, then e-mailed from what appeared to be a familiar person or organization. "We are getting very targeted Chinese attacks so it stretches credulity that these are not directed by government-related organizations," said the official. 6/2009: Operation Aurora originating from Beijing by a group dubbed "Elderwood" attempts to gain access to the source code for several financial, high tech, security and defense contractor companies. The group is associated with the PLA, the world's largest military force. 11/2009: Highly skilled hackers in China have been stealing information from Western oil and gas companies since at least November 2009, according to a white paper from McAfee. 1/2010: Three U.S. oil companies were targeted in a coordinated hack that sought valuable information about new discoveries of oil deposits and other data, according to a new report in the Christian Science Monitor. 9/2012: Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent. "The incident is the latest reminder of problems that can occur when corporate computer systems at critical networks are connected to sensitive control systems that were never designed with security in mind.“ 2/2013: Mandiant, a private information security firm, identifies a probable Chinese military unit based in Shanghai, known as unit 61398, as the source of attacks against 141 companies spanning 20 major industries. Chinese government officials deny knowledge of any such cyber- warfare unit. 2/2013: Obama in his State of the Union address - "We know hackers steal people's identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets," Obama said during the State of the Union address. "Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems," he said. The president stressed the urgency of swift action. "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," he said. 3/2013: "The Pentagon’s Cyber Command will create 13 offensive teams by the fall of 2015 to help defend the nation against major computer attacks from abroad, Gen. Keith Alexander testified to Congress on Tuesday, a rare acknowledgment of the military’s ability to use cyberweapons."