The original article is from
http://www.economist.com
Written by G.F. | SEATTLE
If you want to read more, please refer to the link above.
ON FEBRUARY 19th Mandiant, a security firm, released a report
alleging that hackers from a Chinese military outfit known as Unit
61398 were probably behind attacks against more than a hundred companies
and government agencies around the world. Without delving into the
geopolitics of the the incident, involvement in which the Chinese
authorities vehemently deny (and which we write about here), Babbage decided to examine what is known about the hackers' methods.
In fact, Mandiant's detailed account of a group it dubs APT1 (after the
term Advanced Persistent Threat) will not strike internet-security wonks
as particularly Earth-shattering. It reveals the use of well-known
techniques coupled with publicly available software—though some
proprietary software, apparently perfected over many years, was also
used. What has turned heads is the duration of the attacks and the range
of the group's "ecosystem" of remote-control software. This combination
allowed the hackers to siphon terabytes, or trillions of bytes, of data
from their victims.
APT1 tried hard to retrieve password-related information, often using
common cracking tools. Before being stored a password is usually fed
into an algorithm called a hash function. This converts it into an
obscure string of symbols, or a "hash", that offers no clue as to the
original input. The function is irreversible, so you cannot work back
from a hash to the password. You can, however, run different words
through a hash function and compare the resulting hash with the one
stored. Many such "brute-force" attacks use large dictionaries of common
and less common passwords. As a number of companies discovered last year,
poor passwords make for easy pickings. Some clever tools actually let
an attacker log into a system using the encrypted form of a password,
dispensing with the need to crack it.
For all their sophistication, however, the hackers could display
incredible insouciance. For example, APT1 registered domain names for
some of its systems and used either a Shanghai mailing address or
included an e-mail address tracked via a simple Google search to a
Shanghai-based organisation. Remote-access sessions using a Microsoft
tool nearly always originated from hacker machines using the simplified
Chinese keyboard layout. Backdoor software included "path" information,
revealing details about folder organisation on programmers' computers,
as well as the date software was written.
No comments:
Post a Comment