China blamed for EADS and ThyssenKrupp hack attacks

Filed Under: Data loss, Featured, Malware, Vulnerability

Two more major organisations have gone public about, what they claim, were attempts by Chinese hackers to infiltrate their networks and steal sensitive information.

EADS, the European Aeronautic Defense and Space company, and steelmaker ThyssenKrupp are said to have become the targets of hack attacks originating in China, according to Der Spiegel.

EADS - who makes the Eurofighter jet, as well as spy drones, surveillance satellites, and even rockets for French nuclear weapons - are said to have contacted the German government last year to warn them that the military contractor's computer network has been hacked.

Eurofighter

Officially, EADS have described the attack as "standard" and insisted that no harm has been done.

However, the attacks is against a backdrop created over the last few years of of other hacks against the defence industry including the likes of Lockheed Martin, L-3 Communications and Northrop Grumman.

And, of course, it's only 18 months since the then US Deputy Defense Secretary William Lynn claimed that a foreign intelligence agency was behind a hack attack that stole classified information about a top secret weapons system.

Meanwhile, ThyssenKrupp has also said to have confirmed that it was attacked by hackers - adding the detail that the attack occurred in the United States, and appeared to originate from a Chinese internet address.

According to Der Spiegel, the attacks against ThyssenKrupp were described as "massive" and of "a special quality", and the company was not sure of what (if any) information had been stolen by the hackers.

It is becoming increasingly clear that organisations need to defend themselves not only from the day-to-day financial-orientated cybercrime attacks which can impact anyone with a computer, but also from sophisticated targeted attacks that may be designed to spy and surreptitiously steal information.

BlueprintThe truth is that these hacking stories aren't really describing a technological problem. They're describing a human problem. It's remarkably easy to dupe someone into clicking on a link or opening an attachment in an email, and for their computer to become compromised.

You can reduce the chances of a targeted attack working by keeping your software (such as your PDF reader, your web browser, your word processor, as well as your operating system) up-to-date with the latest patches.

Furthermore, you should run a layered defence - that means not just running up-to-date anti-virus software, but also firewalls, email filtering technologies, vulnerability assessment, using DLP (data loss protection) technology and strong encryption to secure your most sensitive data.

Also, it's amazing how many people re-use passwords, and use the same weak password in multiple places. That means if you get hacked in one place, and your password is compromised, it may also unlock accounts elsewhere on the net. It's shocking how many people don't use different passwords for different places.

All of these methods can reduce your chances of suffering from a targeted attack.

But ultimately, there's no 100% technological solution as human beings can still make bad decisions. And that's why it's important to train users about threats, and warn them to be suspicious of unsolicited links and attachments and to always report suspicious activity.

, , , , ,

You might like

8 Responses to China blamed for EADS and ThyssenKrupp hack attacks

  1. gmd · 554 days ago

    Block chinese access to the internet in the same way they block chinese citizens from accessing western content. It would not be our loss:-P

  2. Richard · 554 days ago

    Are there any firewalls that do an automatic whois lookup on an IP address, and block those originating from China? Of course, that wouldn't stop them using botnets or proxies based outside of China, but to counter this a firewall could also block IP's found to be members of a botnet, and/or do a quick port scan to see if there are any open ports indicating some kind of proxy server/botnet running on them.

    • Scott · 547 days ago

      Their are sites such as iblocklist which run ip listings based on countries. A person can import those lists into various IP filtering programs and choose whether to block an entire IP range.

      As mentioned earlier, this would not block proxies, botnets, or VPNs used to reroute an attack from outside China, but it would greatly help to reduce the direct connection and callback attempts of malware directly to machines in China.

  3. Andy · 553 days ago

    So... responsibility for two recent attacks can be levelled at... at... erm... a country that's home to 20-plus percent of the world's population

    This is a STORY?

    FAIL

  4. Nigel · 553 days ago

    "The truth is that these hacking stories aren't really describing a technological problem. They're describing a human problem."

    That's a bullseye, Graham. Technological problems do exist, but widespread stupidity about secure use of the Internet is probably the greatest aid to the bad guys' mischief. And I don't mean just plain ignorance (which is simply not knowing); I mean stupidity (irresponsible ignorance).

    Stupidity is a more intractable problem than the ignorance itself. The solution to ignorance is education, but you can't educate people you can't reach. Whether people are simply unaware or apathetic about their own ignorance, or they deliberately protect it (…alas, I know some who do) doesn't change the harm they do as part of the problem. In either case, their behavior is irresponsible if it causes harm to others. That is definitely a human problem.

  5. Steven · 553 days ago

    I was search for information one day, then suddenly I changed the subject - I found something from a list that looked interesting, I found that people use proxy servers and virual networks, that live in this country, to pretend to be from overseas, to pretend to be from China or Russia other places, to hide their real location - for laughs.

    For example: One person was from North Carolina pretending to be from China and other countries, his comments on twitter were about how funny it was that people believed he was there in China, Russia, and Iran,. then later about funny that it was Ireland when appearing in london.

  6. It seems surprising how such incidents are now being reported, one after another.

    Annoying it is, maybe outright damaging. If these claims can be substantiated, China is ahead of Europe and the U.S. in Cyber tech.
    This is surprising, as the West follows a completely different education system, as well as remuneration levels of top paid cyber security professionals.
    What I have learned from a decade of China operations. China has the resources of recruiting top quality graduates from the best universities within China. And yes, those studied in Jinghua and Fudan and their scores are phenomenal.
    I saw IT experts operating from a cubicle that measures 4 ft x 4 ft, and those were multilingual, all of them graduates of China most prestigious Jinghua University.
    No student in he West comes even close to the tough studying system Chinese students have to cope with.
    And if High geared Western security experts who earn 6 digit salaries can not cope with a hacker who gets paid 800 bucks a month then something is wrong with our system.
    Crying like babies won't help. Knowledge and more dedication will.

  7. Geir · 553 days ago

    The west should also start hitting back, but without hacking back. Stop doing business with China or at least restrict it severely for each time they are caught. Inventing western companies which outsource so their inventions can be be produced cheap in China are plain stupid. Soon after they have nothing to sell as it is all stolen, copied and produced by the Chinese which no longer need the inventing company. There are so many stories about this already that I almost can't believe companies are still outsourcing critical ideas to be produced in China.

    Another thing is why Locked Martin and their likes don't have hermetically closed intranets with no access to internet at all and no way to put in (infected) memory sticks to their systems. Why "MUST" VERY critical top secrets and critical infrastructure at all be accessible from internet? There are alternative ways of doing safe communications between units. This habbit of "must-have-internet access" seem to me very stupid and suicidal in the long run, especially if a real grand scale cyberwar should happen.

    Soon even cars is going to be controlled via internet. Just wait until car viruses and attacks for certain will start to happen soon after these type of cars enters the market. No brakes, dead engines etc. etc. To me all this looks incredible stupid. If we think longer in the future and say that even the military vehicles can be serviced via internet (will they be so stupid?). Then a smart cyber war enemy can turn them all to non-working trash with just a keystroke. But really, I don't think it will go that far (with the military), but I do think it will be relevant for most the internet "dependent" civil cars we know are about to arrive soon. They can all be turned to non-working trash if the enemy is smart enough.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.