America is up in arms about Chinese Military hackers breaking into American companies, universities and government organizations in pursuit of technical data, trade secrets and information to give them any sort of advantage.
At a news conference in Beijing (February 20 2013), the ministry suggested that the allegations were destructive and challenged the study, which was produced by Mandiant, an American computer security company. The report identified P.L.A. Unit 61398 in Shanghai as one of the most aggressive computer hacking operations in the world.
If you haven’t been around the block long enough, then you know this has been going on since countries have had independent flags. Today the digital world means all these systems, and information in them, represent some form of power over an opponent. From military advantages, to economic advantages. Imagine having information on upcoming mergers, or knowledge of a groundbreaking discovery? What sort of financial advantage does that have from knowing first?
We do it…. it’s why many former intelligence personnel go work at Wall Street when they finish working for government. (look it up)
My History and Run In’s With Bad Guys
As the Information Systems Director at Millimeter Wave Products Inc. I wear many hats. I am the person in charge of our web presence, digital marketing, and internal IT systems as a whole. Because we are involved in technology that is considered “hi tech” and has applications in military systems, communication systems and more, we have become a target. As our company has grown on the global stage and become a dominant supply, research and knowledge base of mm wave technology, these “bad guys” essentially target many things. The best thing you can do if you are involved in a similar industry or face the same problem, is invest time in brushing up on basic security protocols of defense. I also would recommend you take the time and visit places like AntiOnline.com and learn more about I.T. security in general. It’s a very helpful place to learn the good and the bad of computer security.
What exactly do “Bad guys” want?
In my first run in at MIWV.com. They wanted first to hijack our internet presence and positioning. Essentially they wanted to remain under the radar and redirect our website from search engine queries. I wrote a more detailed report if the incident here.
Another trend I notice is our actual network server attacks. Working with a security firm, we sit and watch as they come and attempt to “break in” to our network. In many cases we let them…..WHAT!…you’re probably asking why would you let them break in?
For one, systems like Windows Server is a swiss cheese OS. What I mean by that is most of the time they are mis-configured, and when they are configured properly, still have open holes (zero days) that allow crackers to penetrate the system. You know those annoying Microsoft updates you always put off, some of them are security patches that plug up vulnerabilities.
This is the cat and mouse game played daily. Crackers trying to discover vulnerabilities and security companies plugging them up.
It gets interesting when a government or well funded group invests time, money and resources to target and attack systems. By recruiting the best, brightest and even craziest, these teams come to life that can essentially probe and penetrate any system. Here is where China is leading the way in digital espionage? From this snapshot, we get daily visits of bad guys essentially “jiggling the door” to see if there is a potential opening on our web server. This is only a fraction of the list, and only represents our web server.
(sorry China, but your country represents about 95% of all web/network probes and intrusion attempts.)…a close second behind the is the U.S. Govt.
Why does China lead the way?
There growth in the global market, there desire to rise in financial power, and there growing military to project power regionally, and one day globally has lead them to invest in where the world is going. They understand and recognize information is vital in the information age.
As a country, and government initiative, they’ve commitment to produce extremely bright engineering, computer and science professionals. Mix that with there population size, and you have a formidable “digital” force that is getting really good at what they do.
(btw…if you really don’t think we engage in these practices, you are naive. In my other posts I show how you can detects the NSA’s carnivore program, or understand Router flaws that allows traffic to bypass firewalls and know anti-virus detection. I did such a good job at MIWV that the FBI had to resort to an old school method of looking into our affairs…actually send a representative to talk to us hahahahaha!)
What Can Yo Do to Combat?
Security is not about deploying the one solution that will stop someone. Ask any security professional and they will tell you there is no such thing as impenetrable. It’s more about having layers of security in place to combat someone that wants information. Some layers are more sophisticated than others.
With that said, I want to discuss one that may be fun in the process. I deploy this today at Millimeter Wave Inc. Earlier I mentioned that crackers want information, trade secrets, research data, drawings etc… and that is what our company has. We posses ongoing research, machining data, machine programs, and vital data in the research and development of mm wave technology.
To the regular world, they say okay, so what they wanted drawings of a product. To a competitor, or broker of information This is extremely valuable data. Imagine being able to download data about your competitor, their client database of customers, or technical data on a product they created that is a best seller in the industry.
Since I’ve actively seen them come in (even after we placed security layers in place) I decided to take aggressive action in protecting our computers.
What I noticed
I noticed that when these crackers came into our network, they would target certain machines on return visits. The ones they suspected would contain vital mm wave based information were there targets. They would come in at night, and attempt to access targeted directories that looked like a treasure trove of information. Unknowing to them, this “HoneyPot” of information was data placed by me on purpose. I wanted them to download these files.
Why Would I Do That?
While the files looked like a treasure trove, it was purposely place by me and in many cases, the data has been changed. This essentially is what a HoneyPot is, it’s a computer or information purposely placed there, so you can bait them into that area.
Because these files of data I placed are massive, it takes them hours, and hours to download them. When they come back, new “fake” data is there, and they repeat the cycle. It’s one of those layers of security in place I deploy.
How this helps?
In the case of research data. Imagine your a company that has vital data and specifications on building a rocket for example. If your competitor does not want to spend the years in research, they will attempt to steal that information If you let them steal what they think is good information, they will then use that and create a product that will ultimately fail…. because it was based on false data.
Hackers/Crackers will never go away. But what you can do is understand what their motive is, and create some misinformation campaigns as part of your overall security umbrella in the event that they do steal data.
As the world of information and technology turns, new hack techniques will come into place. Deploying a HoneyPot can give you and your organization another layer of security, and keep your competitors chasing their tails in a circle.