vendredi 5 septembre 2014

Bravo: Israeli firm busts 13-year-long Europe hack attack

Un grand bravo..  Depuis 13 ans des hackers volent des informations auprès d'entreprises européennes.  C'est fini.  Grâce à la société israélienne CyberIntel. "CyberIntel is about three years old, and has clients around the world. They include governments, armies, large banks, and other major institutions. “Our system is protecting thousands of endpoints in these organizations, recording discovery and prevention of globally headlined attacks while providing the deepest threat protection available,” said Ben-Naim [photo], while declining to name any of the company’s clients."

Times of Israel.  Since 2002, hackers used same system to steal data from European companies. That’s all over, thanks to CyberIntel

One of the biggest and certainly longest-living professional hacking operations in the world is history — thanks to an Israeli company that discovered that thieves have been using a single system to break into computers for more than a decade.

Israeli cyber-security firm CyberIntel said Wednesday that it has broken the “Harkonnen Operation,” which attacked government servers, banks, and large corporations in Germany, Switzerland, and Austria, using over 800 phony front companies — all with the same IP address — using unique malware to siphon secret and sensitive data off the servers.

The most shocking part, said CyberIntel CEO Koby Ben-Naim: “This scam has been going for more than a decade, since 2002.”

Working from its Tel Aviv offices in conjunction with a partner in the UK, CyberIntel discovered the scam in August, after the company was invited in June by a German client to investigate a security breach it could not identify. “They knew they had been attacked, but couldn’t figure out how,” said Ben-Naim. That’s because the Trojan horse that delivered the malware was unsigned, meaning that it had not been identified by anti-virus experts.


“Usually malware is mass-distributed in a particular package, and once it’s identified as malware, anti-virus companies are able to update their systems to detect and eliminate it on client’s computers,” said Ben-Naim.

The unique twist was that the rogue Trojan horse application used to deliver the malware was different in each attack, said Ben-Naim, so no one “connected the dots” between one attack and the next. The only clue — and the one CyberIntel used to confirm its suspicions that the scam was much bigger than anyone realized — was the fact that the Trojans and the malware were all delivered from a narrow band of IP addresses, indicating a relationship among them.

In fact, the malware came from a phony company in the UK, which delivered the poisonous programs via e-mail and documents that surreptitiously installed the bad code on victims’ servers. CyberIntel traced the malware to the UK address — but checking out the DNS information on its owner, discovered that it was being used by no fewer than 833 companies. Not only was the IP address the same — so was the contact information.

Why would employees of the German company click on the links that enable the hackers to do their dirty work? To make the scam look even more legitimate, the hackers purchased digital security certificates for the phony firms. Thanks to the certificates, the hacker fronts were considered legitimate, so no one bothered checking them out, said Ben-Naim — and that’s one reason the scam was able to go on for so long.

The digital certificate part of the operation was a stroke of hacker genius, said Ben-Naim, but it also indicates that whoever was behind the scam had deep pockets. “They invested about $150,000 to make this work, so clearly we are talking about professionals.” It emerged that there were two sets of professionals, said Ben-Naim. “The hackers were hired hands, working for some other entity, which was interested in a wide variety of material.”

In the past month, CyberIntel has been in touch with 300 current and former victims, who discovered digital clues indicating that the hackers stole sensitive documents — studies on biological warfare and nuclear physics, as well as plans for key (and top-secret) infrastructure, along with the “usual” bank account and credit card data.

It had all the trappings of a coordinated, methodical attack by a large, wealthy, and cyber-savvy organization — perhaps a government — but Ben-Naim said he wouldn’t necessarily go that far. “I prefer not to speculate on whether we are talking about a government program,” he said. “If anything, it feels to me more like an organized crime operation.”

Most surprising, said Ben-Naim, was how Internet regulators in the UK did not notice that over 800 shell companies were using the same IP addresses and contact information. “This was not necessarily the most sophisticated attack, because there were so many clues that something unusual was going on,” he said. “I think it would be legitimate to ask some questions about the process involved here.” SUITE.

Aucun commentaire :