Google has reportedly stopped censoring Chinese search results for its Google.cn property, in response to what it said earlier this week were targeted attacks against its corporate infrastructure aimed at Chinese dissident groups. But a security research firm claims the attack that hit Google was part of a larger, unusually sophisticated assault aimed at stealing source code from Google and at least 30 other Silicon Valley firms, banks and defense contractors.
Also, Google switches to “always on” encryption for all Gmail users. And some pundits see ulterior motives in Google’s Chinese hacking disclosure. More after the jump.
The earthquakes that have wrought so much devastation and death in Haiti this week are moving many to donate to various relief efforts. But security experts and the FBI are warning people to be on the lookout for ghoulish criminals scams that invariably spring up in the wake of such natural disasters in a bid to siphon funds from charitable organizations.
I have written a great deal about how organized cyber gangs in Eastern Europe drained tens of millions of dollars from the bank accounts of small- to mid-sized businesses last year. But new evidence indicates one of the gangs chiefly responsible for these attacks managed to hack directly into a U.S. bank last year and siphon off tens of thousands of dollars.
On July 30, 2009, at least five individuals across the United States each received an electronic transfer of funds for roughly $9,000, along with instructions to pull the cash out of their account and wire the funds in chunks of less than $3,000 via Western Union and Moneygram to three different individuals in Ukraine and Moldova.
The recipients had all been hired through work-at-home job offers via popular job search Web sites, and were told they would be acting as agents for an international finance company. The recruits were told that their job was to help their employers expedite money transfers for international customers that were — for some overly complicated reason or another — not otherwise able to move payments overseas in a timely enough manner.
The money was sent to these five U.S. recruits by an organized ring of computer thieves in Eastern Europe that specializes in hacking into business bank accounts. The attackers likely infiltrated the bank the same way they broke into the accounts of dozens of small businesses last year: By spamming out e-mails that spoofed a variety of trusted entities, from the IRS, to the Social Security Administration and UPS, urging recipients to download an attached password-stealing virus disguised as a tax form, benefits claim or a shipping label, for example. Recipients who opened the poisoned attachments infected their PCs, and the thieves struck gold whenever they managed to infect a PC belonging to someone with access to the company’s bank accounts online.
Microsoft and Adobe Systems each issued security updates on Tuesday. Redmond released a single patch to plug a flaw that’s not terribly scary, unless you happen to be running Windows 2000. Adobe’s patch bundle, however, covers at least eight critical security flaws, including one that hackers have been exploiting in targeted attacks of late.
In a huge disclosure today, Google said a sophisticated and targeted cyber attack against its corporate infrastructure late last year was aimed at accessing the Gmail accounts of Chinese human rights activists. As a result of the incident, the company says it will no longer censor search results on behalf of the Chinese government, and that it may in fact cease operations in the country altogether.
In a posting to its Official Google Blog, the company said that in mid-December a “highly sophisticated and targeted attack” against its internal systems “resulted in the theft of intellectual property from Google.” The search engine giant said that the attack also struck at least 20 other large companies from a wide range of businesses, and that it is currently in the process of notifying those companies.
Google said it has evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.
“Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves,” the company said. “We have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.”
As a result of the attacks, Google says it is no longer willing to continue censoring Google.cn search results. From the Google announcement:
“We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that ‘we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.’
A periodic pointer to some of the more interesting and newsworthy security news stories. In no particular order:
Proof-of-concept for Mac OS X systems Released
Possible Malicious Apps for Google’s Android Phone
Online Gaming Exec. Sentenced to 33 Months
‘Massive Cybercrime Conspiracy’
Read after the jump for summaries and links to more information.
January promises to be a busy month for Web server and database administrators alike: A security research firm in Russia says it plans to release information about a slew of previously undocumented vulnerabilities in several widely-used commercial software products.
When you write about complex subjects such as security for a mainstream publication like The Washington Post — as I did for so many years until very recently — you sort of have to assume that a non-trivial number of your readers don’t have the strongest grasp of technology and security issues. But I’m curious how krebsonsecurity.com readers would describe their level of comfort with computers and the steps it takes to remain safe online.
The FBI is investigating the theft of nearly a half million dollars from tiny Duanesburg Central School District in upstate New York, after cyber thieves tried to loot roughly $3.8 million from district online bank accounts last month.
On Friday, Dec. 18, thieves tried to electronically transfer $1.86 million from the district’s account at NBT Bank to an overseas account. The following Monday, the attackers attempted to move another $1.19 million to multiple overseas location. It wasn’t until the next day, when transfers totaling $758,758.70 were flagged by a bank representative as suspicious, that the two previous unauthorized transactions were discovered, school officials said.
As of today, Duanesburg and its bank have succeeded in recovering $2.55 million of the stolen funds, but the school district is still out $497,000.
In early 2008, while federal investigators were busy investigating disgraced financier Robert Allen Stanford for his part in an alleged $8 billion fraudulent investment scheme, Eastern European hackers were quietly hoovering up tens of thousands customer financial records from the Bank of Antigua, an institution formerly owned by the Stanford Group.
According to a fraud investigator with first-hand knowledge of the break-in, the hackers responsible infiltrated a component of the Stanford Group’s network by exploiting vulnerabilities in the company’s Web servers and databases. On the condition of anonymity, the investigator shared with this author files recovered from the breach, which were stored in plain text for at least several weeks on a Web site controlled by the attackers. This source said he forwarded the same information on to the FBI shortly after discovering it in early 2008.
Once inside of Stanford’s network, the unidentified hackers appear to have swiped the credentials from an internal network administrator, and soon had downloaded the user names and password hashes for more than 1,000 employees of Stanford Financial, Stanford Group, Stanford Trust, and Stanford International Bank Ltd.
Among the purloined files is a listing of what appear to be ownership and balance information for tens of thousands of customer accounts at Bank of Antigua. Each listing includes the account number, owner’s name, address, balance, and accrued interest.
Mr. Stanford is set to go on trial this month for allegations that he led a $8 billion fraud scheme. In addition, federal authorities reportedly have been investigating whether Stanford was involved in laundering drug money for Mexico’s notorious Gulf Cartel.