US Homeland Security Attacked by Chinese Cyber Crooks

Cybercriminals from China have assigned a novel virtual weapon which targets the department of homeland security (DHS), the defense department, and various US agencies and business, security researchers said by security firm alien vault.

Researchers at alien vault said that they have exposed a new type of malevolent software named sykipot which aimed smart cards which are utilized by government employees to have an access to limited servers and network. In 2006, hints of sykipot malware were detected in cyber attacks, and in December 2011, it has been exploiting zero-day vulnerabilities in adobe reader. However, it is for the first time that this software has attacked smart cards said by alien vault's researchers.

The administration employs smart cards to add-on to employee passwords, which were confirmed simple to snap. Hackers eradicate the last obstacle between them and the government's main susceptible data by cracking smart cards. The most updated sykipot virus tells how these cybercriminals are attacking smart cards, and points out who they are following.

The security firm said this latest strain is aimed at smart card reader created by Activldentity, a company that provides authentication software to several high- profile agencies and business around the world.

According to alien vault research, modus operation is simple, hackers send email with eye catching media to the victim with a wicked attachment or a link to senior employees of the department of defense, DHS, US Coast guard, US Treasury department and other Federal agencies and businesses like BNP Paribas, Monsanto, and Air France.

For example key DoD receives an email in which the researchers refer to as "drone campaign" included attachments with content related to U.S unmanned fight air vehicles (UCAVs) with the intention of stealing document related to the pentagon's drone strategy.

In another way, the attackers file the certificates on the victim's machine (including the smart cards) and then snatch the pin through the keylogger. Then they use recommendations to log into machine that are accessible through smart cards.

China has posted the most risk to the U.S National security, said by the experts. However, many other countries India, Pakistan, Iran and Russia are active in cyber-spy operations.

Related article: US Passes Baton to Asia in Spam Relay

» SPAMfighter News - 1/21/2012