The attack is one of the most brazen cyber espionage campaigns launched by Beijing so far. It is the latest evidence of a Chinese cyber espionage war against western businesses that has expanded dramatically in recent months.
During a four-day period from November 28 to December 1 last year, any visitor to the Forbes website would have been infected by the Chinese attack, according to the cyber security company iSight Partners.
The company said it detected the intrusion on some of its clients’ networks, among them a top-tier US arms manufacturer.
It blamed a Chinese hacking group known as Codoso.
A spokesperson for Forbes said the vulnerability had now been closed.
The news came on the same day that Twitter’s chief financial officer had his Twitter account hacked, underlining how few are immune to cyber criminals and safe from vulnerabilities online.
Anthony Noto, a former Goldman Sachs banker who joined the company last year, had his “@anthonynoto” account compromised.
It sent out tweets directed at individuals with tag line such as “This is too funny of you” and links to spam.
Twitter has since shut down the account and removed the compromised tweets.
It said there was no indication any account information was accessed.
Forbes launched an investigation immediately after discovering files on its system had been tampered with and had subsequently found there was “no indication of additional or ongoing compromise”, they added.
Visitors to Forbes during the period it was compromised who have not subsequently cleaned or scanned their systems are still likely to be infected, however, and might be being spied on by the Chinese group.
The attack is the latest evidence of a Chinese cyber espionage war against western businesses that has expanded dramatically in recent months and left many governments struggling to stem the threat.
Chinese authorities have consistently denied they sponsor such attacks, but western security agencies insist Beijing is involved.
As well as online espionage attempts from state-backed groups, security officials are also having to grapple with a deluge of blunter, damaging attacks that have grown in scale against the backdrop of an increase in geopolitical tensions in the past 12 months.
Earlier on Tuesday, hackers sympathetic to the Islamic State of Iraq and the Levant, the brutal jihadi insurgency also known as Isis that has taken over much of eastern Syria and western Iraq, took over Newsweek’s Twitter account, broadcasting threats to the family of US President Barack Obama.
iSight said the hackers used two so-called “zero day” exploits — previously unknown loopholes in widely used software — to crack security systems such as firewalls and antivirus software and indiscriminately infect readers of the business news site.
“It’s one of the most brazen [attacks] we have seen in terms of what it targeted,” said Patrick McBride, vice-president at iSight.
“It’s probably one of the most popular websites we have ever seen leveraged for an attack like this. Using [Forbes] gave them a tremendous amount of options after they had got their initial foothold [in visitors’ systems].”
Visitors to Forbes who worked for defence companies and banks were those who were subsequently targeted most, Mr McBride said.
“An attacker would choose to use a major publisher because it is a legitimate website that earns the trust of users who visit on a regular basis with confidence,” said Oren Falkowitz, a former NSA employee who runs Area 1 Security, another cyber security firm.
“What they want is a platform with a large audience so they can get the users that they want in that pool and then be very discriminating about who they want to go to the next stage with.”
The attack was launched through Forbes’ “thought for the day” pop-up screen that welcomes visitors to the site and is run using Adobe software.
Codoso, the Chinese hacking group, was able to exploit the pop-up because of a loophole they had discovered in Adobe’s software.
A second loophole then enabled them to bypass security on Microsoft operating systems that would ordinarily have blocked the attack.
iSight said they were confident the attack was state-backed.
Codoso is one of the more prominent and well-resourced hacking groups in China and has been followed by western security analysts and cyber security agencies for years.
In 2010 the group performed a similar attack on the Nobel Prize website after the honour was awarded to a leading Chinese dissident Liu Xiaobo.
Software exploits identical to those used to target Forbes have also been used to infiltrate websites associated with the Hong Kong protests and the restive Uighur minority population in western China in recent weeks, iSight said.
Adobe found and closed the loophole on December 9.
Microsoft released a patch to fix the loophole in its software on Tuesday.
After using a vulnerability in a website — often called a watering hole because it lures the victims — cyber criminals will select which companies that visit the site they want to target and use other vulnerabilities to access their networks, said Chris Eng, vice-president of research at cyber security company Veracode.
“Once they have control, they will target certain people, see who they are connected to, what information is on their system, what might they siphon off as interesting data,” he said.
The Chinese have long been interested in hacking to steal intellectual property from western companies and defence contractors, and banks have often been prime targets, he said.
No comments:
Post a Comment