Hackers Steal U.S. Government Corporate Data from PCs – AGAIN


Seems like a social engineering type attack again relying on human ignorance and stupidity. Based around some kind of malware reporting back to a central repository.

Remember kids if a deal is too good to be true…it isn’t.

Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings on advertisements and e-mail, a computer security firm said.

The victims include consulting firm Booz Allen, computer services company Unisys Corp, computer maker Hewlett- Packard Co and satellite network provider Hughes Network Systems, a unit of Hughes Communications Inc, said Mel Morris, chief executive of British Internet security provider Prevx Ltd.

Of the list, only Unisys acknowledged that viruses had been detected and removed from two PCs, saying no information had been leaked. A Department of Transportation spokeswoman said the agency could not find any indication of a breach and a spokeswoman for Hughes said she was unaware of any breaches.

They were fairly selective about their targets which meant they stayed under the radar for some time.

Prevx said the malware it identified uses a program named NTOS.exe that probes PCs for confidential data, then sends it to a Web site hosted on Yahoo Inc. That site’s owner is likely unaware it is being used by hackers, Morris said.

He believes the hackers have set up several “sister” Web sites that are collecting similar data from other squadrons of malware. It was not clear whether the hackers used any information stolen from more than 1,000 PCs.

The hackers only targeted a limited group of computers, which kept traffic down and allowed them to stay under the radar of security police, who tend to identify threats when activity reaches a certain level.

The fact is off the shelf AV solutions CANNOT detect custom malware, this has been known about for a long time but it’s never really sunken in to the brains of the people in charge.

A little bit of programming and a little bit of imagination and most companies can still be owned with a custom trojan.

Source: Reuters

Posted in: Hacking News

, , , ,


Latest Posts:


RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.


8 Responses to Hackers Steal U.S. Government Corporate Data from PCs – AGAIN

  1. Sandeep Nain July 30, 2007 at 12:38 pm #

    and what was the excuse this time??

    well no doubt hackers are becoming smarter every day… but a little more hardwork and security awareness whould have done the job…

  2. SN July 30, 2007 at 12:49 pm #

    Hackers might be becoming smarter .. but how about users? we dont live in a world where it is ok to be naive.

  3. backbone July 30, 2007 at 1:08 pm #

    A little bit of programming and a little bit of imagination and most companies can still be owned with a custom trojan.

    you are right Darknet… I bet even 29A (which is a VX group) would write an undetectable trojan for some cash =)

  4. TheRealDonQuixote July 30, 2007 at 10:32 pm #

    @BackBone
    You can find source codes and multiple variants for trojans, worms and other assorted malware and “hack tools” at VX Chaos File Server. Check in the “Unknown Malware” and “Uploads” sections for the naughty stuff that no one has even seen yet!! No cash needed.

    There is also, leetupload.com, but they haven’t been in the VX trading and collecting game nearly as long as Azag over at VXChaos. VXhavens is another hot spot for the l33t s**t.

  5. backbone July 30, 2007 at 10:40 pm #

    TheRealDonQuixote VXheavens is my favorite VX website, if you would have searched a bit the website you would have seen my tiny com virus there ;)

  6. Sandeep Nain July 30, 2007 at 11:39 pm #

    SN: Yes you are right, thats why some more hardwork and security awareness is needed to keep these smart hackers away…

    MPV: You are right… its not the first time US govt has been expposed… I hope they start keeping an eye on such vulnerabilities and start some (in)security awareness programme for their staff.

  7. Nobody_Holme August 1, 2007 at 3:41 pm #

    Does any US government agency have good security?
    I ask this because i’m actually worried how many people have access to serious military hardware…
    Anyway, theres no way you can scan for every possible script all the time, or thats all your servers will be doing, therefore almost anyone will be ownable (is that a word) with a custom script, in theory.

  8. moons August 1, 2007 at 4:09 pm #

    Ouch. Thats gotta be a pain. Contrary to it, i don’t think Department of Defense data or military ops would be so easy though. I’m sure they probably have good hierarchies for anyone trying to access. and probably even paranoid filters.