Chinese Hackers Spear-Phishing for US Military Secrets

Saturday, April 23, 2011

Dan Dieterle


China’s digital onslaught on US systems is not new news. There have always been the lingering questions though if the attacks were from individual hacker groups or if they were state sponsored.

Recent Wikileaks documents seem to point to the latter. According to recent secret cables provided to Reuters, the attacks have been traced back to the military:

“Secret U.S. State Department cables, obtained by WikiLeaks and made available to Reuters by a third party, trace systems breaches — colorfully code-named “Byzantine Hades” by U.S. investigators — to the Chinese military. An April 2009 cable even pinpoints the attacks to a specific unit of China’s People’s Liberation Army.”

The majority of the attacks used by China have been via spear-phishing. But what exactly is spear-phishing?

Spear-Phishing is a form of social engineering. Hackers send specially crafted official looking e-mails to specific targets, with the hope that they will click on infected attachments or click on links that will take the unsuspecting surfer to malware sites.

The hackers or cyber criminals scan the web looking for employees of a specific target company to send the trap e-mail messages to. In this case, Chinese intelligence and hacker groups searched for military personnel or contractors:

“Two former national security officials involved in cyber-investigations told Reuters that Chinese intelligence and military units, and affiliated private hacker groups, actively engage in “target development” for spear-phish attacks by combing the Internet for details about U.S. government and commercial employees’ job descriptions, networks of associates, and even the way they sign their emails — such as U.S. military personnel’s use of “V/R,” which stands for “Very Respectfully” or “Virtual Regards.”"

And with all the United States current attempts to stop or even slow the attacks, China is actually stepping up its efforts. The social engineering attacks from China appeared to start in 2002 and according to Alan Paller, the Director of Research at SANS, “The attacks coming out of China are not only continuing, they are accelerating.”

But what could the Chinese hope to gain? Military secrets.

Along with terabytes of data that have been stolen, the Chinese also obtained military login credentials and blue prints to some of America’s hi-tech military equipment. According to InformationWeek this includes “the quiet electric drive used by U.S. submarines to help evade detection.”

It is much faster and cheaper for the Chinese to just steal the latest military technology through low cost hacking attacks than spending the millions it would cost to develop it themselves.

When you look at the Chinese stealth fighter, that reportedly made its second test flight today, you have to wonder how much of the technology was “borrowed” from the United States.

Cross-posted from CyberArms

Possibly Related Articles:
China malware Social Engineering Military Espionage spear-phishing
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.