Thursday, August 21, 2014

China cyber concern


The story on the stolen bank accounts of MH370 passengers made the headline and the couple involved were charged in court yesterday.

It involved a bank officer inside HSBC and her Pakistani husband. The money was channeled to fictitious names of foreigners including a fictitious Chinese national name in a Chinese bank abroad. It was relevent enough for CNN to report [read here].

Less that 15 hours ago,  local and international media were reporting of Chinese hackers getting into the computers of MH370 Malaysian investigators.

Below news from Singapore's Straits Times:

Hackers target information on MH370 probe: Report

PUBLISHED ON AUG 20, 2014 11:21 AM

A file photo taken on March 18, 2013 shows a Malaysia Airlines Boeing 737 plane flying over the Sukarno-Hatta airport in Tangerang. -- PHOTO: AFP

KUALA LUMPUR (THE STAR/ASIA NEWS NETWORK) - The computers of high-ranking officials in agencies involved in the MH370 investigation were hacked and classified information was stolen.

The stolen information was allegedly being sent to a computer in China before CyberSecurity Malaysia - a Ministry of Science, Technology and Innovation agency - had the transmissions blocked and the infected machines shut down.

The national cyber security specialist agency revealed that sophisticated malicious software (malware), disguised as a news article reporting that the missing Boeing 777 had been found, was emailed to the officials on March 9, a day after the Malaysia Airlines (MAS) plane vanished during its flight from Kuala Lumpur to Beijing.

Attached to the email was an executable file that was made to look like a PDF document, which released the malware when a user clicked on it.

A source told The Star that officials in the Department of Civil Aviation, the National Security Council and MAS were among those targeted by the hackers.

"We received reports from the administration of the agencies telling us that their network was congested with email going out of their servers," said CyberSecurity Malaysia chief executive Dr Amirudin Abdul Wahab.

"Those email contained confidential data from the officials' computers including the minutes of meetings and classified documents. Some of these were related to the MH370 investigation."

About 30 computers were infected by the malware, CyberSecurity Malaysia said. It discovered that the malware was sending the information to an IP address in China and asked the Internet service provider in that region to block it.

An IP (Internet Protocol) address is a unique numerical label assigned to each device on a computer network.

"This was well-crafted malware that antivirus programs couldn't detect. It was a very sophisticated attack,'' Amirudin said.

The agency and police are working with Interpol on the incident.

CyberSecurity Malaysia suspects the motivation for the hacking was the MH370 investigations.

"At that time, there were some people accusing the Government of not releasing crucial information,'' Amirudin said. "But everything on the investigation had been disclosed."

Flight MH370 with 239 on board went missing on March 8 about 45 minutes after take-off.

Expert: Spearphishing needs a lot of planning and work

Spearphishing attacks such as the ones that targeted the Civil Aviation Department and the National Security Council require a lot of planning and work, said a cyber security expert.

These point to either a very skilled attacker or group of hackers who have the know-how to spoof an email address to make it appear as if the message is coming from a familiar sender, said Dhillon Kannabhiran.

He is chief executive of Hack In The Box which organises the annual HITBSecConf series of network security conferences.

He said that sensitive and confidential documents should always be encrypted as an added layer of security against hackers.

How sophisticated an attack was, Kannabhiran said, depended on which version of the Microsoft Windows operating system was on the victim's computer and how up to date the system security was.


---------------------------

In the light of Chinese electronic products, especially smartphones and peripheral products like chips flooding the market, this should be of national security concern.

However, Malaysians including our media are not so alarmed. Quite sure there will be excuses such as what is stopping the Americans and Israelis from doing the same. If they are caught, we should be alarmed too. For now, two incident of cyber security infringements in a row involves China.

The thought of someone in Beijing is monitoring our Internet usage and secret fetish favourite websites emanating from our Hua Wei broadband is really scary. Makes one feel vulnerable. Government, industry players and business people must be concerned and feel scared.

Really really scared because it could eventually affect your rice bowl.

6 comments:

Paranoid said...

While Malaysia is sleeping on national security, most western companies operating here already have commercial security policies that forbid purchase of China products.

They will not buy Lenovo laptops (they will insist on using Dell), no fixed line subscription to TM (they will insist on Time Engineering) and no mobile subscription to Celcom (they will insist on Maxis). This is because Lenovo is Chinese product, and Telekom M'sia and Celcom use Huawei hardware.

Anonymous said...

Well there's also news about some Russian hackers compromising billions of email accounts recently.

Anonymous said...

Use sandbox, virtual machine or Tails OS. I prefer Tails over the other two.

Anonymous said...

hello, it's NOT Am Bank!

HSBC bank officer Nur Shila Kanan, 33, is facing 12 charges after allegedly transferring money between the passengers' accounts, Assistant Commissioner Izany Abdul Ghany of the Kuala Lumpur Commercial Crime Investigation Department told CNN.

The said...

You think American products are safe? Ask Snowden.

saloi said...

What's ur processor? Intel and AMD hv backdoors system which allow data to be send even with pc turn off

My Say