Computer and Library Learning (Archived)

No doubt many of you have heard about McAfee Inc.’s report on cyber attacks entitled Revealed: Operation Shady Rat, reporting that a single hacking group had penetrated some 72 companies and organizations (including government ones) around the world since 2006. (RAT is an acronym referring to Remote Access Tool.) McAfee produced its report based on gaining access to a command-and-control server that gathered data from the affected computers and noted the intrusions. McAfee did not specifically identify most of the organizations by name, excepting the International Olympic Committee, the World Anti-Doping Agency, the United Nations, and the Association of Southeast Asian Nations (ASEAN) Secretariat. The World Anti-Doping Agency issued its own statement expressing doubt that its computers had been hacked. Governments affected included Canada, the United States, Taiwan, India, Vietnam and South Korea. Two unidentified Canadian government agencies were attacked, one for a 6 month duration beginning in October 2009 and the other for a one month duration in January 2010. The Canadian government announced its 2-year plan to streamline its information systems from 300 to under 20, reduce the number of the current 3,000 electronic networks used by government agencies, and create a centralized email program.

The method of entry was spear phishing that generally uses fraudulent email messages supposedly from legitimate sources to trick someone to reveal confidential information such as usernames and passwords in order to gain access to computer systems. The comments of McAfee’s competitors have been interesting. A Sophos spokesperson agreed that there is awareness that hackers target organizations with malware to obtain remote access to computers and their data. However; the McAfee report did not specify what information was taken from the affected organizations and how many workstations were affected. A Symantec spokesperson confirmed the phishing approach and noted that if an email attachment is opened, an unpatched system would be vulnerable to the installation of a Trojan that circumvents an organization’s own security protection. Trojans downloaded HTML pages and images from remote websites that contained encrypted or hidden commands that enabled them to establish contact with the command and control server. Symantec further questioned the sophistication of these recurring attacks and encouraged computer users to ensure that their anti-virus protection is working and updated regularly and use IPS signatures to ward off attacks, email filtering, and up-to-date security patches. Increased computer user awareness and education can help to reduce susceptibility to social engineering ruses.