The Tangled Web Grows...

A virtually unnoticed news item from July 17, 2007 circulated through small groups of bloggers to not much notice. It was the same old story of hackers getting into government computers, including a database mainframe for the Department of Transportation. The full story appears below from the Reuters wires; the original story as I saw it on Yahoo! has been removed:

Hackers steal U.S. government, corporate data from PCs
By Jim Finkle
Tue Jul 17, 7:22 PM ET


BOSTON (Reuters) - Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings on advertisements and e-mail, a computer security firm said.

The victims include consulting firm Booz Allen, computer services company Unisys Corp, computer maker Hewlett- Packard Co and satellite network provider Hughes Network Systems, a unit of Hughes Communications Inc, said Mel Morris, chief executive of British Internet security provider Prevx Ltd.

Of the list, only Unisys acknowledged that viruses had been detected and removed from two PCs, saying no information had been leaked. A Department of Transportation spokeswoman said the agency could not find any indication of a breach and a spokeswoman for Hughes said she was unaware of any breaches.

The other parties either declined comment or did not respond to requests for comment.

Prevx said the malware it identified uses a program named NTOS.exe that probes PCs for confidential data, then sends it to a Web site hosted on Yahoo Inc. That site's owner is likely unaware it is being used by hackers, Morris said.

He believes the hackers have set up several "sister" Web sites that are collecting similar data from other squadrons of malware. It was not clear whether the hackers used any information stolen from more than 1,000 PCs.

The hackers only targeted a limited group of computers, which kept traffic down and allowed them to stay under the radar of security police, who tend to identify threats when activity reaches a certain level.

"What is most worrying is that this particular sample of malware wasn't recognized by existing antivirus software. It was able to slip through enterprise defenses," said Yankee Group security analyst Andrew Jaquith, who learned of the breach from Morris.

Security experts say such crimes occur frequently because hackers have access to software that allows them to build undetectable malware that security firms are unable to fight.

In this case, the malware had not been flagged as dangerous, although security firms put out updates identifying it as such on Monday night after Prevx sounded the alarm.

"The sophistication is really far out there. There is no way security companies are going to catch up," said Rick Wesson, chief executive of Support Intelligence, a San Francisco firm that helps companies and government agencies detect and fight attacks on their computer systems.

Wesson said his company is monitoring three other campaigns that are currently ongoing, but declined to discuss them, saying that could hamper counter-intelligence efforts.

WAKE-UP CALL

Many large organizations -- including government agencies -- do not use all the bells and whistles in their security software, security experts say.

For example, organizations can choose to only let employees run programs on a list of safe software, but most take the opposite approach, banning programs listed as dangerous.

Also, sensitive information on PCs is rarely encrypted. Doing so makes stolen information useless to hackers, but requires extra work by employees who access the data.

A researcher with a large security firm said the attack disclosed by Prevx is "a wake-up call."

"We try to strike a balance between usability and protection. It's a delicate balance. But organizations need to lean more toward the protection side than the usability side," said the researcher who declined to be identified.

What is unusual about the case publicized by Prevx, security experts say, is that the firm named the victims.

Prevx CEO Morris said he did so to bring attention to vulnerabilities in security systems protecting sensitive government data.

Hackers use security tools to help them determine whether their malware will be able to get past corporate and government defenses. For example, a Web site called virustotal.com lets users upload files to see if they are safe. Hackers use it to see if their malware will make it past security systems.

Morris said he had downloaded the data from the Web site used by the hackers and provided it to investigators from the FBI's Law Enforcement Online, or LEO, program.

An FBI spokesman declined comment.

(Additional reporting by Eric Auchard in San Francisco, John Crawley in Washington, Georgina Prodhan in Frankfurt.)

Considering the fairly recent admission by the government regarding the theft of a laptop belonging to the Department of Veteran's Affairs that contained the personal information of millions of veterans, at first, this article seemed like little more than a report on our government's continued carelessness with data in this Age of Information.

Belch.com says:

So what kind of information would be important within the DoT that hackers would want access to? Probably configuration information for the network so the attacker can gain wider access- but more importantly, access to security information about highways, bridges, railways, trucking and other critical infrastructure information.

But, then, a scant 15 days later, a bridge in Minnesota collapses. Coincidence? Maybe. But we'd all be delusional to simply write it off as such, especially considering that bridge plans were on the DOT database. And what is the FBI doing? Busting a Chinese software pirate, OF COURSE!

Once again, the web of deception and distraction grows and is revealed to us, and most of us simply don't notice. We're so distracted by what they want us to see that we can't see what's right there.