Chinese Take Out - phising for the PRC

Mods - article presented in full as this is a password/registration website.

[quote]Chinese Take Out
Nathan Vardi, 07.25.05

The Middle Kingdom isn’t just trying to buy American companies on the open market. It’s also stealing industrial secrets by taking over corporate computers.
China’s swipe at such U.S. assets as Unocal’s oil wells and Maytag’s trade name are very much in view. Less obvious: a far more insidious grab for industrial secrets. This electronic theft is taking place with the tacit okay, or at least the nonintervention, of the Beijing government.

The latest attack is a so-called Trojan horse, code used to swipe information from compromised PCs, named Myfip. It first emerged last August in the theft of PDF documents. At least 11 other versions of Myfip were widely circulated from September to April, seeking to gather sensitive documents, like CAD/CAM files used to store, say, mechanical designs, electronic circuit board schematics and layouts. Myfip is sent via spam and can navigate a corporate network once a user clicks on the attachment.

Details of such espionage came to light after Joseph Stewart, senior researcher at Myrtle Beach, S.C. security firm Lurhq, reverse engineered Myfip’s code in May on behalf of clients. He discovered it was sending stolen data to an Internet user in Tianjin, China’s third-largest city and the second-biggest hub for manufacturing, particularly electronics. Some Internet protocol addresses were linked to an Internet domain name registered to someone called Si Wen in Tianjin. The thieves were so flippant about law enforcement that they didn’t even bother to conceal the origin of their mailings, a common practice for international hackers. “This seems to be an attempt at intellectual property theft,” says Stewart. He believes Myfip is just the start of a wave of China-sponsored cybercrime that will seek out vital trade secrets. “Nothing suggests that Chinese authorities are vigilantly prosecuting those who are attacking foreign interests,” says John Watters, chief of Idefense, the Reston, Va. intelligence firm. “They turn a blind eye to it as long as it doesn’t oppose national interests.”

“This is a serious, huge issue,” says David Jevans, chairman of the Antiphishing Working Group, a consortium of banks, software vendors and law enforcement agencies that keeps an eye on identity theft. “The risk of losing credit card numbers can be managed, but there are some things you can’t ever afford to have compromised.”

There have already been large-scale attacks in Britain. Last month the U.K.'s National Infrastructure Security Co-ordination Centre issued a major call for vigilance, noting 17 targeted Trojan horse attacks sent by e-mail that “appear to be covert gathering and transmitting of commercially or economically valuable information” from British companies and the government. The attacks have been going on for a “significant period of time with a recent increase in sophistication.” It seems the IP addresses used to send the e-mails and control the malicious code are linked to the Far East; at least one Trojan in play, Netthief, has been traced to a Chinese source.

Israel, too, has had its share of such cyberspying, stemming from a case dubbed the Trojan Affair. In May, Michael Haephrati, a computer consultant, was detained in London and is now awaiting an extradition hearing for allegedly selling a rogue program to Israeli private investigators who used it to spy on their clients’ competitors. Eighteen Israeli executives have reportedly been arrested for trying to steal information from rivals; the victims include Israeli affiliates of Hewlett-Packard and Ace Hardware. Police suspect that cell phone carriers, an importer of Volvos and a mineral water supplier, among others, spied on the competition. Israel’s central bank governor warned that the scandal might scare off foreign investors.

Catching crooks is a matter of luck. The Israeli case came to light only because Haephrati’s former mother-in-law, a writer and radio psychologist, suspected him and notified police after passages from her then-unpublished book–L For Lies, in which a Haephrati-like character is a crime suspect–suddenly surfaced on the Web. Myfip, like some phishing attempts, still requires clicking on an attachment, tough for technology to prevent. One tip-off: clumsy English instructions like “Plain table please you download.” Once the Myfip gang gets grammatical, watch out. … estid=6326[/quote]

Crap. Great.

Looks like teaching people the rudiments of computer security is necessary for more than just keeping credit cards out of the hands of Russian mafiosi.

…in other news, ALWAYS be wary of your ex-mother-in-law :slight_smile:

Some further info on this. And this technologies use in current terrorist activities around the world.

[quote]INFORMATION WARFARE: Chinese Worms Go For The Goodies
July 26, 2005: Online crime is becoming big business, and most of the practitioners are coming out of Russia (and Eastern Europe) and China. The Russian hackers are going after money, protected by powerful Russian criminal gangs and police who are having a hard time keeping up with the technology. The Chinese are going after commercial and government secrets, and are trying to be quiet about it.

The Russians are behind the most serious credit card and banking scams, as well as money laundering. China is apparently behind the sudden surge of malware that sneaks into PCs and tries to steal passwords and documents. One family of Internet worms,