Hackers Steal U.S. Government Corporate Data from PCs – AGAIN


Seems like a social engineering type attack again relying on human ignorance and stupidity. Based around some kind of malware reporting back to a central repository.

Remember kids if a deal is too good to be true…it isn’t.

Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings on advertisements and e-mail, a computer security firm said.

The victims include consulting firm Booz Allen, computer services company Unisys Corp, computer maker Hewlett- Packard Co and satellite network provider Hughes Network Systems, a unit of Hughes Communications Inc, said Mel Morris, chief executive of British Internet security provider Prevx Ltd.

Of the list, only Unisys acknowledged that viruses had been detected and removed from two PCs, saying no information had been leaked. A Department of Transportation spokeswoman said the agency could not find any indication of a breach and a spokeswoman for Hughes said she was unaware of any breaches.

They were fairly selective about their targets which meant they stayed under the radar for some time.

Prevx said the malware it identified uses a program named NTOS.exe that probes PCs for confidential data, then sends it to a Web site hosted on Yahoo Inc. That site’s owner is likely unaware it is being used by hackers, Morris said.

He believes the hackers have set up several “sister” Web sites that are collecting similar data from other squadrons of malware. It was not clear whether the hackers used any information stolen from more than 1,000 PCs.

The hackers only targeted a limited group of computers, which kept traffic down and allowed them to stay under the radar of security police, who tend to identify threats when activity reaches a certain level.

The fact is off the shelf AV solutions CANNOT detect custom malware, this has been known about for a long time but it’s never really sunken in to the brains of the people in charge.

A little bit of programming and a little bit of imagination and most companies can still be owned with a custom trojan.

Source: Reuters

Posted in: Hacking News

, , , ,


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


8 Responses to Hackers Steal U.S. Government Corporate Data from PCs – AGAIN

  1. Sandeep Nain July 30, 2007 at 12:38 pm #

    and what was the excuse this time??

    well no doubt hackers are becoming smarter every day… but a little more hardwork and security awareness whould have done the job…

  2. SN July 30, 2007 at 12:49 pm #

    Hackers might be becoming smarter .. but how about users? we dont live in a world where it is ok to be naive.

  3. backbone July 30, 2007 at 1:08 pm #

    A little bit of programming and a little bit of imagination and most companies can still be owned with a custom trojan.

    you are right Darknet… I bet even 29A (which is a VX group) would write an undetectable trojan for some cash =)

  4. TheRealDonQuixote July 30, 2007 at 10:32 pm #

    @BackBone
    You can find source codes and multiple variants for trojans, worms and other assorted malware and “hack tools” at VX Chaos File Server. Check in the “Unknown Malware” and “Uploads” sections for the naughty stuff that no one has even seen yet!! No cash needed.

    There is also, leetupload.com, but they haven’t been in the VX trading and collecting game nearly as long as Azag over at VXChaos. VXhavens is another hot spot for the l33t s**t.

  5. backbone July 30, 2007 at 10:40 pm #

    TheRealDonQuixote VXheavens is my favorite VX website, if you would have searched a bit the website you would have seen my tiny com virus there ;)

  6. Sandeep Nain July 30, 2007 at 11:39 pm #

    SN: Yes you are right, thats why some more hardwork and security awareness is needed to keep these smart hackers away…

    MPV: You are right… its not the first time US govt has been expposed… I hope they start keeping an eye on such vulnerabilities and start some (in)security awareness programme for their staff.

  7. Nobody_Holme August 1, 2007 at 3:41 pm #

    Does any US government agency have good security?
    I ask this because i’m actually worried how many people have access to serious military hardware…
    Anyway, theres no way you can scan for every possible script all the time, or thats all your servers will be doing, therefore almost anyone will be ownable (is that a word) with a custom script, in theory.

  8. moons August 1, 2007 at 4:09 pm #

    Ouch. Thats gotta be a pain. Contrary to it, i don’t think Department of Defense data or military ops would be so easy though. I’m sure they probably have good hierarchies for anyone trying to access. and probably even paranoid filters.