Massive Cyber Attacks Uncovered

More than 75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date, according to a northern Virginia security firm.

The attack, which began in late 2008 and was discovered last month, targeted proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries in 196 countries, according to Herndon-based NetWitness.

News of the attack follows reports last month that the computer networks at Google and more than 30 other large financial, energy, defense, technology and media firms had been compromised. Google said the attack on its system originated in China.

This latest attack does not appear to be linked to the Google intrusion, said Amit Yoran, NetWitness’s chief executive. But it is significant, he said, in its scale and in its apparent demonstration that the criminal groups’ sophistication in cyberattacks is approaching that of nation states such as China and Russia.

The attack also highlights the inability of the private sector — including industries that would be expected to employ the most sophisticated cyber defenses — to protect itself.

“The traditional security approaches of intrusion-detection systems and anti-virus software are by definition inadequate for these types of sophisticated threats,” Yoran said. “The things that we — industry — have been doing for the past 20 years are ineffective with attacks like this. That’s the story.”

The intrusion, first reported on the Wall Street Journal’s Web site, was detected Jan. 26 by NetWitness engineer Alex Cox. He discovered the intrusion, dubbed the Kneber bot, being run by a ring based in Eastern Europe operating through at least 20 command and control servers worldwide.

The hackers lured unsuspecting employees at targeted firms to download infected software from sites controlled by the hackers, or baited them into opening e-mails containing the infected attachments, Yoran said. The malicious software, or “bots,” enabled the attackers to commandeer users’ computers, scrape them for log-in credentials and passwords — including to online banking and social networking sites — and then exploit that data to hack into the systems of other users, Yoran said. The number of penetrated systems grew exponentially, he said.

“Because they’re using multiple bots and very sophisticated command and control methods, once they’re in the system, even if you whack the command and control servers, it’s difficult to rid them of the ability to control the users’ computers,” Yoran said.

The malware had the ability to target any information the attackers wanted, including file-sharing sites for sensitive corporate documents, according to NetWitness.

Login credentials have monetary value in the criminal underground, experts said. A damage assessment for the firms is underway, Yoran said. NetWitness has been working with firms to help them mitigate the damage.

Among the companies hit were Cardinal Health, located in Dublin, Ohio, and Merck, according to the Wall Street Journal. A spokesman for Cardinal said the firm removed the infected computers as soon as the breach was found.

Also affected were educational institutions, energy firms, financial companies and Internet service providers. Ten government agencies were penetrated, none in the national security area, NetWitness said.

The systems penetrated were mostly in the United States, Saudi Arabia, Egypt, Turkey and Mexico, the firm said.

China Inadvertently Creating Superbugs

China’s reckless use of antibiotics in the health system and agricultural production is unleashing an explosion of drug resistant superbugs that endanger global health, according to leading scientists.
Chinese doctors routinely hand out multiple doses of antibiotics for simple maladies like the sore throats and the country’s farmers excessive dependence on the drugs has tainted the food chain.

Studies in China show a “frightening” increase in antibiotic-resistant bacteria such as staphylococcus aureus bacteria, also know as MRSA . There are warnings that new strains of antibiotic-resistant bugs will spread quickly through international air travel and internation food sourcing.

“We have a lot of data from Chinese hospitals and it shows a very frightening picture of high-level antibiotic resistance,” said Dr Andreas Heddini of the Swedish Institute for Infectious Disease Control.

“Doctors are daily finding there is nothing they can do, even third and fourth-line antibiotics are not working.

“There is a real risk that globally we will return to a pre-antibiotic era of medicine, where we face a situation where a number of medical treatment options would no longer be there. What happens in China matters for the rest of the world.”

Particular alarm has been raised by resistance rates of MRSA in Chinese hospitals, which has more than doubled from 30 per cent to 70 per cent, according to Professor Xiao Yonghong of the Institute of Clinical Pharmacology at Beijing University.

Last year researchers found a new strain of MRSA in Chinese pigs imported into Hong Kong and called for urgent new studies into its potential to infect humans after an infection of the new strain was confirmed in Guangzhou, where many of the pigs were farmed. … Continue Reading

China’s Computer Equipment Threat

Suspicions about China slipping eavesdropping technology into computer exports have been around for years. But the recent spying attacks, attributed to China, on Google and other Internet companies have revived the hardware spying concerns. An IT World blogger suggests the gear can’t be trusted, noting that it wouldn’t be hard to add security holes to the firmware of Chinese-made USB memory sticks, computers, hard drives, and cameras. He also implies that running automatic checks for data of interest in the compromised gear would not be difficult.” The blog post mentions Ken Thompson’s admission in 1983 that he had put a backdoor into the Unix C compiler; he laid out the details in the 1983 Turing Award lecture, Reflections On Trusting Trust: “The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.”

NSA, Google team Up

The world’s largest Internet search company and the world’s most powerful electronic surveillance organization are teaming up in the name of cybersecurity.

Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.

Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google’s policies or laws that protect the privacy of Americans’ online communications. The sources said the deal does not mean the NSA will be viewing users’ searches or e-mail accounts or that Google will be sharing proprietary data.

The partnership strikes at the core of one of the most sensitive issues for the government and private industry in the evolving world of cybersecurity: how to balance privacy and national security interests. On Tuesday, Director of National Intelligence Dennis C. Blair called the Google attacks, which the company acknowledged in January, a “wake-up call.” Cyberspace cannot be protected, he said, without a “collaborative effort that incorporates both the U.S. private sector and our international partners.”

But achieving collaboration is not easy, in part because private companies do not trust the government to keep their secrets and in part because of concerns that collaboration can lead to continuous government monitoring of private communications. Privacy advocates, concerned about a repeat of the NSA’s warrantless interception of Americans’ phone calls and e-mails after the Sept. 11, 2001, terrorist attacks, say information-sharing must be limited and closely overseen.

“The critical question is: At what level will the American public be comfortable with Google sharing information with NSA?” said Ellen McCarthy, president of the Intelligence and National Security Alliance, an organization of current and former intelligence and national security officials that seeks ways to foster greater sharing of information between government and industry.

On Jan. 12, Google took the rare step of announcing publicly that its systems had been hacked in a series of intrusions beginning in December.

The intrusions, industry experts said, targeted Google source code — the programming language underlying Google applications — and extended to more than 30 other large tech, defense, energy, financial and media companies. The Gmail accounts of human rights activists in Europe, China and the United States were also compromised.

So significant was the attack that Google threatened to shutter its business operation in China if the government did not agree to let the firm operate an uncensored search engine there. That issue is still unresolved.

Google approached the NSA shortly after the attacks, sources said, but the deal is taking weeks to hammer out, reflecting the sensitivity of the partnership. Any agreement would mark the first time that Google has entered a formal information-sharing relationship with the NSA, sources said. In 2008, the firm stated that it had not cooperated with the NSA in its Terrorist Surveillance Program.

Sources familiar with the new initiative said the focus is not figuring out who was behind the recent cyberattacks — doing so is a nearly impossible task after the fact — but building a better defense of Google’s networks, or what its technicians call “information assurance.”

One senior defense official, while not confirming or denying any agreement the NSA might have with any firm, said: “If a company came to the table and asked for help, I would ask them . . . ‘What do you know about what transpired in your system? What deficiencies do you think they took advantage of? Tell me a little bit about what it was they did.’ ” Sources said the NSA is reaching out to other government agencies that play key roles in the U.S. effort to defend cyberspace and might be able to help in the Google investigation.

Read the Rest

How China Treats Drug Addiction

FU LIXIN, emotionally exhausted from caring for her sick mother, needed a little pick-me-up. A friend offered her a “special cigarette” – one laced with methamphetamine – and she happily inhaled. The next day, three policemen showed up at her door. “They asked me to urinate in a cup,” Fu said. “My friend had been arrested and turned me in. It was a drug test. I failed on the spot.”

Although she said it was her first time smoking the drug,

Fu, 41, was sent to one of China’s compulsory drug rehabilitation centers. The minimum stay is two years, and life is an unremitting gauntlet of physical abuse and forced labour without any drug treatment, according to former inmates and substance abuse professionals. “It was a hell I’m still trying to recover from,” she said.

According to the United Nations, up to half a million Chinese citizens are held at these centers at any given time. Detentions are meted out by the police without trial.

Now international human rights activists are stepping up opposition to these centers. … Continue Reading