The focus on platform here is ridiculous; can someone explain how platform of attacker or target is extremely relevant? Since when did people fail to see that we have plenty of inter-platform tools and services, and plenty of tools for either platform built with the express purpose of interaction with the other? Just because you learned to code/operate on/for/with/from a *nix doesn't mean that teams of Chinese coders can't make a tool that gets the job done on/for/with/from a Windows box. Many people write many softwares of diverse purpose and use for many platforms. Platform is, as far as I can tell, moot in this discussion. Feel free to enlighten me. Consider the US's indignation over the targeting of civillian or corporate intellectual property and the shifting of reality from preconceived expectation. I have had it explained to me as a purely ideological difference between the US and China. Simply put: just because we might find it immoral for state-sponsored espionage to feed stolen IP into the private sector, doesn't mean that China will feel the same; to some, it is perceived as nationalistic, another way the government helps to strengthen the nation. For another example of this, an acquaintance once told me about the process of getting internationally standardized technologies approved for deployment in China; the process that was described to me involved giving China the standards-based spec that had been drafted and approved, being told that for deployment, they would have to improve upon it in a laundry list of ways to bring it some 5-10 years ahead of the spec, and THEN it would be allowed to be deployed. Whenever you have enough new players, or the game goes on long enough, the rules end up changing. On Thu, Feb 21, 2013 at 12:28 AM, calin.chiorean <calin.chiorean@secdisk.net> wrote:
::This all seems to be noobie stuff. There's nothing technically cool ::to see here
You mean the report or the activity?
You seem "upset" that they are using M$ only(target and source). They steal data!!! From whom to steal? From a guru that spend minimum 8 hours a day in from of *nix? Why to put so much effort to steal information from that guy, when there are thousands of people out there with vulnerable and easy to break M$.
They aren't looking to do something cool, but just a regular, plain old thief stuff. Targeting M$ users if easy, involve less resources and it's "business" profitable. You need to look at this action from business perspective.
IMO, why to spend hours to break something (like *nix systems) that you don't even know if it contains valuable information. This is more like sniffing around to find something useful and not targeting exact system.
Somebody here mentioned that this unit is not their top unit. I'm sure that it's not. Maybe it was meant to be found.
Cheers, Calin
---- On Thu, 21 Feb 2013 01:29:48 +0100 Scott Weeks wrote ----
--- Valdis.Kletnieks@vt.edu wrote: The scary part is that so many things got hacked by a bunch of people who made the totally noob mistake of launching all their attacks from the same place.... ------------------------------------------------
This all seems to be noobie stuff. There's nothing technically cool to see here. All they do is spear phishing and, once the link is clicked, put in a backdoor that uses commonly available tools. As I suspected earlier it's M$ against M$ only.
The downside is nontechnical folks in positions of power often have sensitive data on their computers, only know M$ and don't have the knowledge to don't click on that "bank" email.
Technically, it was 74 pages of yawn. Don't waste your time unless you're interested in how they found out where the attack was originating from and how they tied it to the .cn gov't.
scott
-- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
On 21-Feb-13 04:25, Kyle Creyts wrote:
For another example of this, an acquaintance once told me about the process of getting internationally standardized technologies approved for deployment in China; the process that was described to me involved giving China the standards-based spec that had been drafted and approved, being told that for deployment, they would have to improve upon it in a laundry list of ways to bring it some 5-10 years ahead of the spec, and THEN it would be allowed to be deployed.
My recent experience doing exactly this at $EMPLOYER doesn't match this story at all. The main problem, as with several other "second world" countries, is that the standards you must comply with are only in the local language and you must make your submission in the local language as well. However, if you have a local technical presence, you can often get software approval (or a formal notice of exemption--even for products that contain "dangerous" features like encryption) in a matter of days or even hours. If you don't, it can drag on for months. Hardware testing can be even worse because it must be performed in their labs and can cost tens of thousands of dollars, but at least that doesn't have to be repeated each time you publish a new version of code. In contrast, "first world" countries generally publish their standards in, and accept submissions in, English. They also tend not to care about software features, just hardware. The standards tend to be shared across countries (eg. EU/EFTA and US/Canada), or at least they accept test results from third-party labs that can test for all such countries at the same time. As a result, many vendors simply don't bother going past that group--or do it so infrequently that they don't gain the institutional knowledge of how to navigate the approval processes in the other group successfully and with minimal effort/cost. S -- Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
participants (2)
-
Kyle Creyts
-
Stephen Sprunk