Chinese hacker

Chinese hackerThere are Chinese take-out orders in PCs all over the world, but they’re not going through Seamless or any other food delivery service. These orders are aimed at cyber security vulnerabilities, and hackers are calling the shots.

The goals vary, but the orders of attack could very well be coming from your company’s computer network. And it doesn’t matter if your organization is small, large or somewhere in between.

Target famously got hacked not because of their own infosec lapse, but because an employee of an approved HVAC vendor clicked on a bad link.

Cate Machine and Welding, a small business in Wisconsin that works everything from jet fighter parts to a local farmer’s broken eyeglasses, found out that they were part of a China-based hacking operation, as you might expect, the weird way.

There was a virtual knock at the door from Area 1, a company which specializes in counter-exploits against hackers who use phishing attacks to create zombie armies of PCs pointed at concerted hacking efforts–referred to in the infosec world as botnets.

What’s a Botnet?

You know all those obvious phishing emails that you receive? That’s how it starts.

These are the emails from a friend who’s clearly been hacked featuring only a hyperlink or a sob story about being stuck somewhere far away without any money or identification. Sometimes they go for the curiosity gap with messages like, “Too cute,” “Adorbs” or  “I can’t believe what college kids call a bathing suit these days.”

As you probably know, those links are a no-fly zone–the assumption always being that they contain malware.

It’s crucial you make sure everyone who works for you knows that as well, because when that malware gets into your computer, it gets immediately deployed.

It may install a keystroke logger to grab your sensitive information, or it may simply be interested in recruiting your machine into service, which happens when that malicious code reaches out to its command-and-control server for instructions.

The server adds your computer to a network of other computers, effectively creating one giant super-computer.

How did they find you? Most likely the email that got you was sent from a zombie computer dedicated to sending the same phishing emails that “got” it or maybe you looked at an infected video. There are countless ways it can happen.

The problem is, now that your computer is part of the zombie army, it can be used to commit serious crimes.

It Matters

According to The New York Times, the infiltration of the Cates modest work computer was most likely perpetrated by members of the C0d0s0 group, the cyber mercenaries thought to be behind several high-profile hacks of recent years.

The most famous C0d0s0 attack was against, where they launched a pinpoint strike on an Adobe Flash vulnerability and stole information on specific targets–presumably business leaders with access to highly sensitive, and potentially lucrative, information.

The group has been more recently connected to attacks within the telecommunications, high tech, education, manufacturing, and legal services industries.

The idea that a small-business PC might be of interest to cutting-edge hackers may be a head scratcher at first, but it’s the same numbers game that stuffs the pockets of spam traffickers.

Bots are not easy to detect, and they’re really easy to get into a computer. To give you an idea of how a criminal attack might go down, think back to July 4, 2009 when a botnet-based distributed denial of service attack enlisting more than 200,000 computers attempted to block access to two fairly important sites: the Federal Trade Commission and the White House.

Hide? Surrender? Never.

The company that reached out to the Cates is at the vanguard of the problem. Area 1 was founded by three former NSA employees.

Initial results would seem to point to the possibility that they understand the engineering issues that can ferret out bots. They are focused on analyzing attacks and providing companies with a way to fight them.

According to a New York Times article about Area 1, the company discovers, “on average, 859 new targeting phishing sites a day.”

The motivations for the various hacks and exploits that groups like C0d0s0 carry out are many. Sometimes the goal is to repurpose confidential business information (aka stealing trade secrets, patent infringement or piracy), and sometimes these Chinese hacking labs have been hired to get the goods on the competition.

Doubtless C0d0s0 and other operations work on spec as well, taking information that will likely find a buyer and selling it to the highest bidder.

Know Your Traps

Kaspersky Labs provides an IP address searching tool that can tell you if your computer is associated with any known botnets.

If you are clean, the best tip I can give you is to try to stay that way.

Don’t ever open email from sources that look a little off to you. And don’t reply to them either.

Be circumspect with email even when it comes from a colleague. Spear phishing, where the hacker has figured out who might email you from within your organization, and spoofs their account, is a very common strategy for the more sophisticated groups out there.

Getting breached is a near certainty these days, and it doesn’t matter if you’re a small Wisconsin welding shop or a leading media company. Caution is the very best practice we’ve got.