Home > Global Security, Identity & Access Management, Identity Theft, InfoSec > Not all that comes from China will be Gold!

Not all that comes from China will be Gold!

Here is a blog post from HuntBI associate, Jeffrey Stutzman, CISSP.  His post makes me wonder how many corporate networks will be infiltrated by malware when Olympics visitors come home and plug back in. -sh

What happens in Vegas stays in Vegas right?

What happens in China won’t necessarily stay in China.

What do I mean by that? In the Navy there was a sea story. It went something like this…

We pulled into <name your favorite port>.  When we pulled in, the Captain came over the 1MC (the general shipboard loudspeaker system) and gave us a country brief. He told us to be careful. He told us that if we got into a fight, to win, and to be careful with the women- always. Sexually transmitted diseases ran wild in many of the ‘sailor ports’. The story I remember talked about how the hospital corpsman onboard the ship would use a Sharpie to put the name of the sailor on the pair of syringes used to rid us of whatever we picked up.  The syringes were then stuck into a dartboard in the Chief’s Mess. As the story goes, the dartboard was always full.

So here’s the deal….

Chinese cyber spies WILL steal your stuff! When you get to China and use your computers to access the Internet, you will be monitored, and will almost assuredly download, or be pushed, software that will execute on your computer. This software will sit quietly on your computer, will not be detected by anti-virus or intrusion detection/prevention software, and will likely ‘phone home’ –send your data back to intelligence collectors in China. When you return home, that software will likely spread automatically to other computers that you connect to or communicate with via email or through the web.  You will be infected. Be ready for it.

The problem? Antivirus vendors don’t have the syringes to fix you.  It’s a sad state, but the protections currently loaded on your computers are designed to protect from the common threats –those that infect everybody. When a specific group of users are targeted –Olympic visitors for example, or maybe Olympic visitors staying at a specific hotel, or maybe Olympic visitors who work for or represent certain governments or industries, the methods of infection are not always the same. Smart intelligence collection operators won’t use the same tools on everyone. You know why? They don’t WANT antivirus and intrusion prevention vendors to be able to keep up! Even if they are successful 10% of the time, the number of journalists, politicians, and business people entertaining others will easily afford the cyber spies small pieces of information that they can combine with other small pieces of information to eventually put together the pieces of the puzzle –the BIG piece of information.

You should expect this. It shouldn’t come as a surprise.

A recent interview on CNN disclosed publically (finally!) that over 3500 Chinese front companies exist in the US today solely for the purpose of collecting intelligence.  It reported that cyber attacks on the Pentagon (and likely all of DoD) have increased 55% since 2007.  References to other Chinese cyber attacks and information gathering run in the thousands on the Internet.  A quick Google search for the words “Titan Rain”, the term coined by US Government officials to describe the coordinated information warfare being waged from Chinese sources, yields over four million hits.

Thousands (millions?) of influential people – business managers, politicians, journalists, you name it, have headed to China for the 2008 Summer Games.  Don’t be a victim. Don’t allow your home/work networks to be victimized.

Here’s what you can do:

             Think like a spy…

o             Leave your computer(s) at home. If you have to have one, take a clean one (one used only for surfing the web and sending emails).

o             Use anonymous, encrypted email. The best spies never use computers to relay details of their exploits. If you must use a computer, create two anonymous accounts on an encrypted service such as Hushmail; an encrypted, web-based email service that scrambles your email.  Use one account to send, and the other to receive. If you must send data to your company from China, give the second account to the intended recipient before leaving the country.  Do not send the account and credentials by email. Kill, or abandon those accounts after you return.

o             Do not under any circumstances divulge your identity in email, even when using encrypted communications. This is a sure-fire way to give others those “small pieces of information” that can later be used to target you when you return home.

o             Never use HTML formatted email. All communications should be formatted as text only. Graphics and other fancy things that make your email sexy also make it very easy to hide viruses and Trojans in your email –those pieces of software that will later be used to send data back to China once you return home.

o             Do not send email directly to a work address.  Use the anonymous service. Software may get embedded in your outbound communications. That software will spread once opened by your intended recipient. 

o             When you do return home, expect to receive more junk e-mail. Spam, phishing, or spearphishing (targeted phishing) are easy ways to get you back into the collection network by embedding malicious software into HTML formatted messages.

o             Never forward or respond directly to emails received. If you need to respond to something, start with a fresh email, and format it in text only.

o             When you return home, do not, under any circumstances, plug these computers into ANY network without first having it professionally cleaned and reloaded with a fresh version of Windows, or your operating system of choice. 

Be safe. Be smart. I really don’t want to hear your IT guy bragging about the number of syringes in his dartboard!

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: