Guard against Titan Rain hackers

Opinion by Ira Winkler

OCTOBER 20, 2005 (COMPUTERWORLD) - At the moment, there's a dirty little secret that only a few people in the information security world seem to be privileged to know about, or at least take seriously. Computers around the world are systematically being victimized by rampant hacking. This hacking is not only widespread, but is being executed so flawlessly that the attackers compromise a system, steal everything of value and completely erase their tracks within 20 minutes.

When you read this, it almost sounds like the plot of a cheesy science fiction novel, where some evil uberhacker is seeking world domination, while a good uberhacker applies all his super brain power to save the world. Sadly, this isn't science fiction, and we don't typically have uberhackers on our side.

Talk of these hacks is going on within the intelligence and defense communities in the U.S. and around the world. The attacks were even given a code name, Titan Rain, within the U.S. government. The attackers appear to be targeting systems with military and secret information of any type. They are also targeting the related technologies.

But I'm not just talking about government systems. There are a variety of industries that support the government. For example, automobile companies make tanks and other military equipment. Food service companies supply military rations. Oil companies provide fuel to the government. Companies with personal information on federal employees can be exploited to identify undercover operatives.

That also brings up other potential targets, as the attackers are necessarily limiting their sites on apparent military systems. Oil companies know where potentially valuable oil reserves might be. Telecommunications companies have details about satellite communications and new technologies for improving communications reliability and bandwidth. Any organization with intellectual property worth protecting is a potential victim of these attackers.

I only present the above facts to demonstrate that most companies can expect to fall victim to the attackers. Way too many companies believe that they have nothing to fear or nothing of value that sophisticated attackers would want. The fact of the matter is that these attackers are extremely indiscriminate in whom they compromise.

The critical issue is the identity of the attackers. The source of the attacks will tell you how much you have to be worried about. Initially, the attacks were traced to China, which told investigators very little. There are so many poorly secured computers in China that many hackers use China-based systems as relay points for their attacks. So despite the fact that all attacks went through China, there was little evidence to conclude that China was responsible. That was until Shawn Carpenter, a security analyst at Sandia National Laboratories, decided to pursue the attacks after being told to drop them by his superiors.

Using computer forensics techniques and hacking into the offending systems, Carpenter was able to use the compromised systems against themselves and find the actual origin of the attacks. Doing things that official government agents could not, he determined that the root of the attacks was China. He set up the attack systems to report back to him what the attackers were doing and also performed analysis of the attacks. Based on the volume of the attacks, he determined that there were anywhere from six to 10 people hacking around the clock.

Given the skill and the size of the operation, there could be only two sources of the attack: the Chinese intelligence agencies or the Chinese triads (a.k.a., the Chinese Mafia). As I describe in my book, Spies Among Us (Wiley, 2005), China as a government vacuums up whatever information it can for potential value. Chinese triads examine whatever they can get for profit potential, whether it's to extort money or to sell to the highest bidder. Even worse for non-Chinese entities, the Chinese government cooperates and exchanges information with the triads.

The information is used against its victims in a variety of ways. Many companies, both high- and low-tech, find themselves competing against Chinese companies that somehow seemed to invent the exact same products or technologies, but that don't seem to care about recovering research and development costs. Companies operating in Southeast Asia seem to be one step behind the Chinese triads and end up paying a great deal more for their operations than they would have expected.

Companies that aren't directly involved are still enablers for the attacks, allowing the Chinese hackers to compromise other organizations and national security.

Despite the level of sophistication of the attacks, most of them are completely preventable. That includes the attacks on the government and contractor systems. They are exploiting some vulnerabilities that are unknown to the general security community. However, they only resort to those when all else fails, and that isn't very frequently.

Generally, though, even the "unpreventable" attacks could be prevented in some ways. For example, unnecessary services on a computer can't be exploited if they aren't running. Firewalls don't have to let unnecessary traffic through. There are many things organizations can do to protect themselves by adding defense in depth.

Given the current diplomatic situation between the U.S. and China, Titan Rain attacks will continue to proliferate in the foreseeable future. It's essentially a vacuum of cyberspace by the Chinese. Unfortunately, we are relying on uberhackers, like Shawn Carpenter, who are few and far between, to protect us.

It's up to CIOs and other IT managers to ensure that their companies practice good systems-hardening procedures, along with applying defense in depth throughout their entire organization. While people may think of Titan Rain as just applying to organizations with high-tech or national security interests, the fact is that since every organization faces the same wide threat landscape, you can't ignore basic security practices.

The sad fact is that if you're hit by the Titan Rain hackers, you'll likely never know about it. Even worse, though, is that you are more likely to be hit by other attackers who will cause blatant damage to your systems and business. The good news is these attackers are less talented and can more easily be stopped by basic security measures.

Ira Winkler is president of the Internet Security Advisors Group. He is a former National Security Agency analyst and the author of Spies Among Us (Wiley, 2005).

Comments

Post a Comment

Popular posts from this blog

Hello Kitty: The Funny, The Weird, And The Horrifying

Image
Source: Hello Kitty: The Funny, The Weird, And The Horrifying Thanks to the marketing skills of Japanese company Sanrio, Hello Kitty’s cute-cat character has been going strong for 35 years and has become an internationally-recognized brand. One of the most diverse and unpredictable places in the entire universe, the world of Hello Kitty encompasses a vast collection of strange products that dazzle the mind and serve as material for an extensive list of noteworthy weirdness. Since there are thousands of Hello Kitty products in just about every category imaginable, it’s difficult to find the weirdest of the weird. Furthermore, many Hello Kitty pictures floating around the Internet are actually photoshopped fakes, so it takes some time to figure out what’s real and what’s not. Still, I managed to scrape together this list of examples that appear to be legitimate products. So, hold on to your seats and get ready to be entertained, disturbed, and maybe even sexually abused
Read more

The Most Enlightening Speech: What's Better Than...

Manila, Philippines -- This speech was delivered during the commencement exercises of the UP* graduating class of 2003 by Mr. Butch Jimenez, the youngest commencement speaker in the university's history. He once dreamed of doing so, and it came true!!! :-) Students wished they had a pencil or paper to jot down notes during the speech; some even wished they had a tape recorder. Some members of the faculty found his speech practical, refreshing, and funny! * UP = University of the Philippines Butch Jimenez, head of PLDT's media and strategic communications department, delivered this speech at the UP Diliman Class 2003 commencement exercise. ---------------------------------------------------------------------- What's better than...? By Butch Jimenez Better than being negative As college students, you're just about to set sail into the real world. As you prepare for the battleground of life, you'll hear many speeches, read tons of books and get miles of advice telling
Read more

Dr Lee Wei Ling - Why I choose to remain single

Sun, Apr 05, 2009 - The Straits Times My parents have a loving relationship, but I knew I could not live my life around a husband By Lee Wei Ling My father became prime minister in 1959, when I was just four years old. Inevitably, most people know me as Lee Kuan Yew’s daughter. My every move, every word, is scrutinised and sometimes subject to criticism. One friend said I lived in a glass house. After my father’s recent comment on my lack of culinary skills, another observed: ‘You live in a house without any walls.’ Fortunately, I am not easily embarrassed. As long as my conscience is clear, what other people say of me does not bother me. Indeed, I am open about my life since the more I try to conceal from the public, the wilder the speculation becomes. My father said of my mother two weeks ago: ‘My wife was…not a traditional wife. She was educated, a professional woman… We had Ah Mahs, reliable, professional, dependable. (My wife) came back every lunchtime to have lunch with the
Read more