Keeping an eye out for suspicious file extensions no longer works, either. The primitive days of mysterious and suspicious .exe, .rar, and .zip attachments have been replaced by attachments with reassuring but false file formats. The hackers from Unit 61398 "even went to the trouble of turning the executable's icon to an Adobe symbol to complete the ruse," Mandiant notes.
Mandiant's report, titled "APT1," refers to "advanced persistent threats" -- hacker groups of an institutional, well-resourced nature. Those who've followed APTs know they're nothing new.
A 2009 investigation by Infowar Monitor, a team of technologists at the University of Toronto and the SecDev Group, a Canadian consultancy, revealed an advanced cyber-spying operation called GhostNet. Researchers traced GhostNet's command-and-control center back to China. Hackers had infiltrated computers across 103 countries, from embassies to the offices of the Dalai Lama. In its report, Infowar Monitor declared GhostNet "capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras." The hackers used polished phishing emails to gain entry to those systems.
What's different with what's happening now is that the scope and target of APTs, bleeding beyond governmental espionage to commercial groups and even to individual reporters, highlight a messier, more complex, and dangerous hacker universe where individuals and institutional players fight with different political, economic, and social agendas.
Even the most advanced technology companies have been hit. In this one month alone, Twitter, Facebook, and Apple all announced their systems had been penetrated by hackers. Bloomberg's latest report says they belong to an Eastern European criminal group. Chinese hackers, while not the sole culprits, pose a bigger geostrategic threat: The same group of hackers targeting a Fortune 500 company may well go after the State Department or a lone activist the next day.
That pattern will likely continue because of one compelling fact: It's affordable. Frank Smyth is founder of Global Journalist Security, an organization working to equip reporters with complete security training, including a digital component. "No one should be surprised, because it doesn't take that much infrastructure. If you have a team of people in a room, you can create a lot of havoc," he says. "That's much cheaper than building a tank or a jet fighter."
SUBJECTS:
