You could follow the words "Chinese hackers break into" with almost anything - government agencies, the military, corporations, law firms, etc. and you'd be right.
Nonetheless, it remains disconcerting that we see these stories so often. This particular story was reported by SC Magazine and referenced a report from McAfee Labs. McAfee dubbed the intrusions "Night Dragon" which amused me because the report takes pains to say that all the data exfiltration from Beijing-based IP addresses occured on weekdays from 9-5 Beijing time, suggesting that the perpetrators were working professionals rather than rogue or casual hackers.
While there was no evidence that the intrusions were state-sponsored, I think most experts believe that state-sponsored hacks are an everyday fact of life in China. In this case, the attacks began in November of 2009 seeking proprietary information about oil and gas fields bids and operations. Targeted computers were in the U.S., Taiwan, the Netherlands, Greece and Kazakhstan. There may still be oil companies who have yet to discover that their data has been compromised.
Though none of the companies were disclosed by name, there appear to be 5-12 that were victims.
The hacks did not seem especially sophisticated. SQL injection hacks gave the hackers system-level access and remote-command access. After that, readily available tools were uploaded on the compromised servers, giving the hackers access to the company's intranet.
Password cracking tools helped them obtain usernames and passwords, permitting the hackers ever-deeper access to desktops and servers containing sensitive information. The hackers disabled IE proxy settings so the infected machines could communicate directly to the Internet. Remote admin tools then permitted the hackers to connect to the computers of company executives to secure access to e-mail and sensitive documents.
It's an old refrain, but if these attacks are not state-of-the-art, then why is the security so poor? Certainly one would think that oil companies would have sophisticated defense-in-depth strategies in place. Apparently not so.
E-mail: email@example.com Phone: 703-359-0700