Friday, June 19, 2015

Chinese HACKERS_ CONFIRMED: Chinese government hackers linked to historic hack of US security clearance info

BUSINESS INSIDER AUSTRALIA

CONFIRMED: Chinese government hackers linked to historic hack of US security clearance info

Joseph Menn

Today at 4:56 AM

Photo:

The Chinese hacking group suspected of stealing sensitive information about millions of current and former U.S. government employees has a different mission and organizational structure than the military hackers who have been accused of other U.S. data breaches, according to people familiar with the matter.

While the Chinese People’s Liberation Army typically goes after defence and trade secrets, this hacking group has repeatedly accessed data that could be useful to Chinese counter-intelligence and internal stability, said two people close to the U.S. investigation.

Washington has not publicly accused Beijing of orchestrating the data breach at the U.S. Office of Personnel Management (OPM), and China has dismissed as “irresponsible and unscientific” any suggestion that it was behind the attack.

Sources told Reuters that the hackers employed a rare tool to take remote control of computers, dubbed Sakula, that was also used in the data breach at U.S. health insurer Anthem Inc last year.

The Anthem attack, in turn, has been tied to a group that security researchers said is affiliated with China’s Ministry of State Security, which is focused on government stability, counter-intelligence and dissidents. The ministry could not immediately be reached for comment.

In addition, U.S. investigators believe the hackers registered the deceptively named OPM-Learning.org website to try to capture employee names and passwords, in the same way that Anthem, formerly known as Wellpoint, was subverted with spurious websites such as We11point.com, which used the number “1” instead of the letter “l”.

Both the Anthem and OPM breaches used malicious software electronically signed as safe with a certificate stolen from DTOPTOOLZ Co, a Korean software company, the people close to the inquiry said. DTOPTOOLZ said it had no involvement in the data breaches.

The FBI did not respond to requests for comment. People familiar with its investigation said Sakula had only been seen in use by a small number of Chinese hacking teams.

“Chinese law prohibits hacking attacks and other such behaviours which damage Internet security,” China’s Foreign Ministry said in a statement. “The Chinese government takes resolute strong measures against any kind of hacking attack. We oppose baseless insinuations against China.”



U.S. Department of Homeland Security employees work during a guided media tour inside the National Cybersecurity and Communications Integration Center in Arlington, Virginia June 26, 2014.
Picture taken June 26, 2014.

MANY UNKNOWNS

Most of the biggest U.S. cyber attacks blamed on China have been attributed, with varying degrees of certitude, to elements of the Chinese army. In the most dramatic case two years ago, the U.S. Justice Department indicted five PLA officers for alleged economic espionage.

Far less is known about the OPM hackers, and security researchers have differing views about the size of the group and what other attacks it is responsible for.

People close to the OPM investigation said the same group was behind Anthem and other insurance breaches. But they are not yet sure which part of the Chinese government is responsible.

“We are seeing a group that is only targeting personal information,” said Laura Gigante, manager of threat intelligence at FireEye Inc, which has worked on a number of the high-profile network intrusions.

Photo: Chinese Foreign Minister Wang Yi and U.S. Secretary of State John Kerry shake hands prior to meetings at the Ministry of Foreign Affairs in Beijing, China, May 16, 2015.

CrowdStrike and other security companies, however, say the Anthem hackers also engaged in stealing defence and industry trade secrets. CrowdStrike calls the group “Deep Panda,” EMC Corp’s RSA security division dubs it “Shell Crew,” and other firms have picked different names.

The OPM breach gave hackers access to U.S. government job applicants’ security clearance forms detailing past drug use, love affairs, and foreign contacts that officials fear could be used for blackmail or recruiting.

In contrast to hacking outfits associated with the Chinese army, “Deep Panda” appears to be affiliated with the Ministry of State Security, said CrowdStrike co-founder Dmitri Alperovitch.

Information about U.S. spies in China would logically be a top priority for the ministry, Alperovitch said, adding that “Deep Panda’s” tools and techniques have also been used to monitor democracy protesters in Hong Kong.

An executive at one of the first companies to connect the Anthem and OPM compromises, ThreatConnect, said the disagreements about the boundaries of “Deep Panda” could reflect a different structure than that in top-down military units.

“We think it’s likely a cohort of Chinese actors, a bunch of mini-groups that are handled by one main benefactor,” said Rich Barger, co-founder of ThreatConnect, adding that the group could get software tools and other resources from a common supplier.

“We think this series of activity over time is a little more distributed, and that is why there is not a broad consensus as to the beginning and end of this group.”

(The story corrects third paragraph to remove erroneous reference to Department of Homeland Security)


***

Chân thành cám ơn Quý Anh Chị ghé thăm "conbenho Nguyễn Hoài Trang Blog".
Xin được lắng nghe ý kiến chia sẻ của Quý Anh Chị 
trực tiếp tại Diễn Đàn Paltalk
: 
1Latdo Tapdoan Vietgian CSVN Phanquoc Bannuoc . 
Kính chúc Sức Khỏe Quý Anh Chị . 



conbenho
Tiểu Muội quantu
Nguyễn Hoài Trang
20062015

___________

Cộng sản Việt Nam là TỘI ÁC
Bao che, dung dưỡng TỘI ÁC là ĐỒNG LÕA với TỘI ÁC

No comments: