Chinese hackers attack Indian military websites, Tibetan sites & Japan's Aerospace

[JAYRAM]

Mar 31, 2012 at 02:04pm IST


New York: Indian military research bodies and Tibetan activists have been targeted by hackers based in China, with a former graduate student at a Chinese university emerging as a key figure responsible for the cyber breach, according to a report by a computer security firm.

In its 24 page report, Tokyo-based Trend Micro said the hacking campaign, dubbed 'Luckycat' targeted Indian military research institutions, entities in Japan as well as the Tibetan community.

The campaign, active since around June 2011, has been linked to 90 attacks against targets in Japan and India as well as Tibetan activists. In all, the Luckycat campaign managed to compromise 233 computers in systematic attacks.

Victims of the attack also include Indian shipping companies, Japan's aerospace, energy and engineering companies and at least 30 computer systems of Tibetan advocacy groups.

Trend Micro said each malware attack involves a unique campaign code that can be used to track which victims were compromised by which malware attack.

"This illustrates that the attackers are both very aggressive and continually target their intended victims. These are not smash-and-grab attacks but constitute a "campaign" comprising a series of ongoing attacks over time,' it said in its report.

Trend Micro tracked elements of the cyber attack campaign to hackers based in China.

The Luckycat campaign attacked a diverse set of targets using a variety of malware, some of which have been linked to other cyber-espionage campaigns.

The attackers behind this campaign maintain a diverse set of command-and-control infrastructure and leverages anonymity tools to obfuscate their operations, the report said.

It cited the example of a hacking attack on India's ballistic missile defence programme.

In this, a malicious document containing information on the programme was used to lure potential victims into opening it.

This document contained malicious code that exploited a vulnerability in computer software enabling the hackers to penetrate the compromised computer.

Similarly, Tibetan advocates received e-mails about self-immolation while victims in Japan received emails asking them to open attachments that had information about the country's earthquake and nuclear disaster.

A different campaign known as the 'ShadowNet', too has a history of targeting Tibetan activists as well as the Indian government.

The Luckycat attacks are technically similar to those of the Shadow Network, a spy operation which since 2009 has targeted the government of India and the Dalai Lama's personal e-mails.

The Shadow Network attacks are believed to be the handiwork of hackers who studied in China's Sichuan Province at the University of Electronic Science and Technology, which also receives government financing for computer network defence research.

The People's Liberation Army has an online reconnaissance bureau in the city.

"Cyber-espionage campaigns often focus on specific industries or communities of interest in addition to a geographic focus.

Different positions of visibility often yield additional sets of targets pursued by the same threat actors," Trend Micro said.

The New York Times said the attacks were connected to an online alias, the owner of which is Gu Kaiyuan, a former graduate student at China's Sichuan University, which receives government financing for its research in computer network defence.

Gu is believed to work at Tencent, China's leading Internet portal company and he may have recruited students to work on the university s research involving computer attacks and defence.

According to online records, Gu wrote numerous articles about hacking under the names of "scuhkr" and Gu Kaiyuan. When contacted by the Times about the attacks, Gu said, "I have nothing to say."

The attacks are not linked directly to Chinese government-employed hackers but security experts and other researchers say the techniques and the victims point to a state-sponsored campaign.

"The fact they targeted Tibetan activists is a strong indicator of official Chinese government involvement," expert in computer security James Lewis said in the New York Times report.

"A private Chinese hacker may go after economic data but not a political organisation."

The Times report said security researchers believe that the Chinese government may use people not affiliated with the government in hacking operations.

Chinese hacker attack Indian websites - Tech News - IBNLive

 

[JAYRAM]

Chinese grad hacks Indian military, Tibetan sites
The New York Times, Hindustan Times
San Francisco, March 31, 2012

A breach of computers belonging to companies in Japan and India and to Tibetan activists has been linked to a former graduate student at a Chinese university - putting a face on the persistent espionage by Chinese hackers against foreign firms and groups.


The attacks were connected to an online alias, according to a report to be released on Friday by Trend Micro, a Tokyo-basedcomputer security firm.

The owner of the alias is Gu Kaiyuan, a ex-graduate student at Sichuan University, China, which receives government financing for its research in computer network defense.

Gu is now an employee at Tencent, China's leading Internet portal company. According to the report, he may have recruited students to work on the university's research involving computer attacks and defense. Experts say the techniques and the victims point to a state-sponsored campaign. http://www.hindustantimes.com/Images/Popup/2012/3/31_03_12-metro19.jpg

"The fact they targeted Tibetan activists is a strong indicator of official Chinese government involvement," said James A Lewis of the Center for Strategic and International Studies in Washington. "A private Chinese hacker may go after economic data but not a political organisation."

The Trend Micro report describes systematic attacks on at least 233 personal computers. The victims include Indian military research organisations and shipping companies; Japanese aerospace, energy and engineering companies; and at least 30 computer systems of Tibetan advocacy groups. The espionage has been going on for at least 10 months and is continuing. Trend Micro did not release the names of the victims.

In the report, the researchers detailed how they had traced the attacks to an e-mail address used to register one of the command-and-control servers that directed the attacks.

The person who used the alias, "scuhkr" - possibly shorthand for Sichuan University hacker - wrote articles about hacking, which were posted to online hacking forums. The New York Times traced that alias to Gu. Gu studied at Sichuan University from 2003 to 2006.

The attacks are technically similar to a spy operation known as the Shadow Network, which since 2009 has targeted the Indian government and also pilfered a year's worth of the Dalai Lama's personal e-mails. Security researchers suggest that the Chinese government may use people not affiliated with the government in hacking operations - what security professionals call a campaign.

Chinese grad hacks Indian military, Tibetan sites - Hindustan Times

 

[JAYRAM]

Chinese hackers attack Indian military websites

PTI New York, March 31, 2012 | UPDATED 15:20 IST

Tweet

Indian military research bodies and Tibetan activists have been targeted by hackers based in China, with a former graduate student at a Chinese university emerging as a key figure responsible for the cyber breach, according to a report by a computer security firm.

In its 24 page report, Tokyo-based Trend Micro said the hacking campaign, dubbed 'Luckycat' targeted Indian military research institutions, entities in Japan as well as the Tibetan community.

The campaign, active since around June 2011, has been linked to 90 attacks against targets in Japan and India as well as Tibetan activists. In all, the Luckycat campaign managed to compromise 233 computers in systematic attacks.

Victims of the attack also include Indian shipping companies, Japan's aerospace, energy and engineering companies and at least 30 computer systems of Tibetan advocacy groups.

Trend Micro said each malware attack involves a unique campaign code that can be used to track which victims were compromised by which malware attack.

"This illustrates that the attackers are both very aggressive and continually target their intended victims.

These are not smash-and-grab attacks but constitute a "campaign" comprising a series of ongoing attacks over time,' it said in its report.

Trend Micro tracked elements of the cyber attack campaign to hackers based in China.

The Luckycat campaign attacked a diverse set of targets using a variety of malware, some of which have been linked to other cyber-espionage campaigns.

The attackers behind this campaign maintain a diverse set of command-and-control infrastructure and leverages anonymity tools to obfuscate their operations, the report said.

It cited the example of a hacking attack on India's ballistic missile defence programme.

In this, a malicious document containing information on the programme was used to lure potential victims into opening it.

This document contained malicious code that exploited a vulnerability in computer software enabling the hackers to penetrate the compromised computer.

Similarly, Tibetan advocates received e-mails about self-immolation while victims in Japan received emails asking them to open attachments that had information about the country's earthquake and nuclear disaster.

A different campaign known as the 'ShadowNet', too has a history of targeting Tibetan activists as well as the Indian government.

The Luckycat attacks are technically similar to those of the Shadow Network, a spy operation which since 2009 has targeted the government of India and the Dalai Lama's personal e-mails.

The Shadow Network attacks are believed to be the handiwork of hackers who studied in China's Sichuan Province at the University of Electronic Science and Technology, which also receives government financing for computer network defence research.

The People's Liberation Army has an online reconnaissance bureau in the city.

"Cyber-espionage campaigns often focus on specific industries or communities of interest in addition to a geographic focus.

Different positions of visibility often yield additional sets of targets pursued by the same threat actors," Trend Micro said.

The New York Times said the attacks were connected to an online alias, the owner of which is Gu Kaiyuan, a former graduate student at China's Sichuan University, which receives government financing for its research in computer network defence.

Gu is believed to work at Tencent, China's leading Internet portal company and he may have recruited students to work on the university's research involving computer attacks and defence.

According to online records, Gu wrote numerous articles about hacking under the names of "scuhkr" and Gu Kaiyuan.

When contacted by the Times about the attacks, Gu said, "I have nothing to say."

The attacks are not linked directly to Chinese government-employed hackers but security experts and other researchers say the techniques and the victims point to a state-sponsored campaign.

"The fact they targeted Tibetan activists is a strong indicator of official Chinese government involvement," expert in computer security James Lewis said in the New York Times report.

"A private Chinese hacker may go after economic data but not a political organisation."

The Times report said security researchers believe that the Chinese government may use people not affiliated with the government in hacking operations.


Chinese hackers attack Indian military websites : Americas News - India Today

 

[JAYRAM]

Chinese Hackers Linked To Cyber-Espionage In Japan, India, Tibet


By Antone Gonsalves, CRN
March 30, 2012 6:22 PM ET

Chinese hackers have been linked to a cyber-espionage campaign that planted data-gathering malware in a total of 233 computers of Tibetan activists and military and industrial entities in Japan and India.

The so-called "Luckycat" campaign has been active since at least June 2011 and has been linked to 90 attacks that use malware tailored for each victim, security vendor Trend Micro said in a report released Friday.

"This illustrates that the attackers are both very aggressive and continually target their intended victims," the report said. "These are not smash-and-grab attacks, but constitute a campaign comprising a series of ongoing attacks over time."

The hackers targeted military research institutions and shipping companies in India; energy, engineering and aerospace entities in China and 30 computers of Tibetan activists. Trend Micro researchers traced the attacks to an e-mail address used to register a command-and-control server. They also mapped the address to a Chinese instant messaging screen name and from there to an online alias, "scuhkr."

The New York Times reported that it traced the alias to Gu Kaiyuan, a former graduate student at Sichuan University in Chengdu, China. The university receives government funding for computer network defense, the newspaper said. According to online records obtained by the Times, Gu is now apparently working for Tencent, a leading Internet portal company in China.

While studying at Sichuan University from 2003 to 2006, Gu wrote numerous articles about hacking under the alias "scuhkr," which is believed to stand for "Sichuan University hacker," according to the Times. The report found that "scuhkr" had recruited other university students for a network attack and defense research project at the university's Institute of Information Security in 2005.

The Times reached Gu at Tencent and asked him about the attacks. "I have nothing to say," he told the newspaper.

Security experts have said China will use people outside the government for hacking operations, which researchers call campaigns. Trend Micro found that malware used in Luckycat were also used in a campaign called "Shadownet," an indication that there may have been some collaboration. Shadownet has also targeted Tibetan activists and the Indian government.

In both campaigns, e-mails tailored to the recipients are used to get them to click on an attachment that then infects the computer with malware, taking advantage of vulnerabilities in Microsoft Office and Adobe software. Once the malware connects to the hackers' server, additional code is installed to establish control over the system.

In the Luckycat campaign, e-mails sent to Japanese targets took advantage of the confusion following last year's tsunami, the report said. E-mail sent to Indian military institutions contained information on the country's ballistic missile defense program, while messages sent to Tibetan activist used the theme of self-sacrifice.

Security vendor Symantec uncovered the campaign two weeks ago, naming it Luckycat after the login name of one of the other attackers, according to the Times. Without knowing about Symantec's work, Trend Micro released a far more detailed report.


http://www.crn.com/news/security/23...;jsessionid=+vulligdUitfBDeMVmb+ZQ**.ecappj01

 

[JAYRAM]

Former student from China hacked Indian Military Research Firms: Report

Nicole Perlroth, The New York Times, Updated: March 30, 2012 12:32 IST

Nart Villeneuve of Trend Micro said the
attacks were part of a continuous campaign
in which hackers "are busy and stay busy."

San Francisco: A breach of computers belonging to companies in Japan and India and to Tibetan activists has been linked to a former graduate student at a Chinese university - putting a face on the persistent espionage by Chinese hackers against foreign companies and groups.

The attacks were connected to an online alias, according to a report to be released on Friday by Trend Micro, a computer security firm with headquarters in Tokyo.

The owner of the alias, according to online records, is Gu Kaiyuan, a former graduate student at Sichuan University, in Chengdu, China, which receives government financing for its research in computer network defense.

Mr. Gu is now apparently an employee at Tencent, China's leading Internet portal company, also according to online records. According to the report, he may have recruited students to work on the university's research involving computer attacks and defense.

The researchers did not link the attacks directly to government-employed hackers. But security experts and other researchers say the techniques and the victims point to a state-sponsored campaign.

"The fact they targeted Tibetan activists is a strong indicator of official Chinese government involvement," said James A. Lewis, a former diplomat and expert in computer security who is a director and senior fellow at the Center for Strategic and International Studies in Washington. "A private Chinese hacker may go after economic data but not a political organization."

Neither the Chinese embassy in Washington nor the Chinese consulate in New York answered requests for comment.

The Trend Micro report describes systematic attacks on at least 233 personal computers. The victims include Indian military research organizations and shipping companies; aerospace, energy and engineering companies in Japan; and at least 30 computer systems of Tibetan advocacy groups, according to both the report and interviews with experts connected to the research. The espionage has been going on for at least 10 months and is continuing, the report says.

In the report, the researchers detailed how they had traced the attacks to an e-mail address used to register one of the command-and-control servers that directed the attacks. They mapped that address to a QQ number - China's equivalent of an online instant messaging screen name - and from there to an online alias.

The person who used the alias, "scuhkr" - the researchers said in an interview that it could be shorthand for Sichuan University hacker - wrote articles about hacking, which were posted to online hacking forums and, in one case, recruited students to a computer network and defense research program at Sichuan University's Institute of Information Security in 2005, the report said.

The New York Times traced that alias to Mr. Gu. According to online records, Mr. Gu studied at Sichuan University from 2003 to 2006, when he wrote numerous articles about hacking under the names of "scuhkr" and Gu Kaiyuan. Those included a master's thesis about computer attacks and prevention strategies. The Times connected Mr. Gu to Tencent first through an online university forum, which listed where students found jobs, and then through a call to Tencent.

Reached at Tencent and asked about the attacks, Mr. Gu said, "I have nothing to say."

Tencent, which is a privately managed and stock market-listed Internet company, did not respond to several later inquiries seeking comment.

The attacks are technically similar to a spy operation known as the Shadow Network, which since 2009 has targeted the government of India and also pilfered a year's worth of the Dalai Lama's personal e-mails. Trend Micro's researchers found that the command-and-control servers directing the Shadow Network attacks also directed the espionage in its report.

The Shadow Network attacks were believed to be the work of hackers who studied in China's Sichuan Province at the University of Electronic Science and Technology, another university in Chengdu, that also receives government financing for computer network defense research. The People's Liberation Army has an online reconnaissance bureau in the city.

Some security researchers suggest that the Chinese government may use people not affiliated with the government in hacking operations - what security professionals call a campaign.

For example, earlier this year, Joe Stewart, a security expert at Dell SecureWorks, traced a campaign against the Vietnam government and oil exploration companies to an e-mail address that belonged to an Internet marketer in China.

"It suggested there may be a marketplace for freelance work - that this is not a 9-to-5 work environment," Mr. Stewart said. "It's a smart way to do business. If you are a country attacking a foreign government and you don't want it tied back, it would make sense to outsource the work to actors who can collect the data for you."

The campaign detailed in the Trend Micro report was first documented two weeks ago by Symantec, a security firm based in Mountain View, Calif. It called the operation "Luckycat," after the login name of one of the other attackers, and issued its own report. But Trend Micro's report provides far more details. The two firms were unaware that they were both studying the same operation.

Trend Micro's researchers said they were first tipped off to the campaign three months ago when they received two malware samples from two separate computer attacks - one in Japan and another in Tibet - and found that they were both being directed from the same command-and-control servers. Over the next several months, they traced more than 90 different malware attacks back to those servers.

Each attack began, as is often the case, with an e-mail intended to lure victims into opening an attachment. Indian victims were sent an e-mail about India's ballistic missile defense program. Tibetan advocates received e-mails about self-immolation or, in one case, a job opening at the Tibet Fund, a nonprofit based in New York City. After Japan's earthquake and nuclear disaster, victims in Japan received an e-mail about radiation measurements.

Each e-mail contained an attachment that, when clicked, automatically created a backdoor from the victim's computer to the attackers' servers. To do this, the hackers exploited security holes in Microsoft Office and Adobe software. Almost immediately, they uploaded a directory of the victims' machines to their servers. If the files looked enticing, hackers installed a remote-access tool, or rat, which gave them real-time control of their target's machine. As long as a victim's computer was connected to the Internet, attackers had the ability to record their keystrokes and passwords, grab screenshots and even crawl from that machine to other computers in the victim's network.

Trend Micro's researchers would not identify the names of the victims in the attacks detailed in its report, but said that they had alerted the victims, and that many were working to remediate their systems.

A spokesman for India's Defense Ministry, Sitanshu Kar, said he was not aware of the report or of the attacks it described. Fumio Iwai, a deputy consul at the Japanese consulate in New York, declined to comment.

As of Thursday, the campaign's servers were still operating and computers continue to leak information.

"This was not an individual attack that started and stopped," said Nart Villeneuve, a researcher that helped lead Trend Micro's efforts. "It's a continuous campaign that has been going on for a long time. There are constant compromises going on all time. These guys are busy and stay busy."


Former student from China hacked Indian Military Research Firms: Report

 

[arya]

and what we can do again helpless

we dont have any policy thats same thing will be happen in war , they will attack us and we will remain helpless

 

[JAYRAM]

and what we can do again helpless

we dont have any policy thats same thing will be happen in war , they will attack us and we will remain helpless

Indian govt: We don't care!. If chinese hackers will give us some money, we can provide some good defence to our govt sites!

 

[JAYRAM]

China's Tencent employee attacks Indian websites - The Times of India

Chinese cybercrime campaign leads to one man - Technology & science - Security - msnbc.com


Luckycat hacking attacks by group based in China, says Trend Micro - Techworld.com

Chinese hacker attack Indian websites – 24x7 Bulletin | Update Yourself

 

[maomao]

Such policies can't be formulated by the people whose sole aim is to loot and plunder, and serve foreigners!

 

[arya]

Indian govt: We don't care!. If chinese hackers will give us some money, we can provide some good defence to our govt sites!

well its not about money , i hope you know they know your all data better then you.

 

[arya]

Such policies can't be formulated by the people whose sole aim is to loot and plunder, and serve foreigners!

will you pls explain??

 

[JAYRAM]

Japan is building a virus bomb aiming china

Japan Building Automatic Cyber Defense Virus

Japan steps it up a notch in the cyber war arena. Apparently the Japanese government has hired IT product giant Fujitsu to create a cyberweapon virus that will automatically seek out and destroy enemy viruses:

"The three-year project was launched in fiscal 2008 to research and test network security analysis equipment production. The Defense Ministry's Technical Research and Development Institute, which is in charge of weapons development, outsourced the project's development to a private company. Fujitsu Ltd. won the contract to develop the virus, as well as a system to monitor and analyze cyber-attacks for 178.5 million yen."

That's a cool 2.3 million to create an offensive cyber defense system that will not only detect an attack, but will backtrack and seek out the attacker, even when attackers bounce through several proxy systems. According to the article the "virus" will disable the incoming attack and record forensics data.

The defensive program almost acts like a human immune system tracking down and weeding out invading viruses. Systems like these are needed when facing the latest advanced threats.

Actually computer scientists and engineers are currently studying the human immune system to try to replicate it for computer defense.

Though automated cyber defense systems are classified, from what public data is available the US has had this capability for at least a couple of years now. US computer security company Rsignia comes to mind immediately. Rsignia creates cutting edge security devices used by the US government and in the US-CERT Einstein program.

We covered Rsignia's Cyberscope automated offensive cyber weapon system back in 2010.

Cyberscope has the ability to detect and automatically counterattack incoming threats. It has several options that it can use in response. For example it can simply shut the attacking stream down or intercept the data that it being ex-filtrated, manipulate it, and feed it back to the attack. Or better yet, it can even infect the proxy machines used and turn them into bots to counter attack the infiltrator.

These were the capabilities openly discussed in mid-2010, who knows how far the US has advanced since.

Japan Building Automatic Cyber Defense Virus � CYBER ARMS – Computer Security

 

[JAYRAM]

Japanese government building defensive computer virus; Skynet incoming?

By Jason Kennedy on January 4, 2012 at 12:05 pm

In a move that proves that Godzilla isn't the only worldwide threat to emerge from Japan, the Japanese Defense Ministry has been working with Fujitsu since 2008 to develop a defensive, weaponized computer virus capable of tracing the path of a cyber attack to its source in order to shut it down, disabling every system it comes across along the way.

With the ability to disable the attacking program on its own and drill to the source of the attack, the implications for widespread damage across the internet are massive. In theory this virus could attack and disable servers and PCs connected to the internet across the globe if pointed at the right target and using an exploit that was considered "zero day." That's the worst kind of doomsday scenario, and the likelihood of every other electronically savvy world power already working on similar virtual weapon platforms for "defense" is pretty high, but this is still alarming news.

The theory of the system is that security equipment detects an attack on a network that it is actively defending. The virus is launched as a defensive measure, and it immediately begins to unravel the attack, disabling middleman machines along the way as it works its way back to the source (pictured right).

The problem becomes obvious almost immediately. The "springboard" computers that are shut down by the virus on the way to the source are likely personal PCs or corporate machines that are being used without the knowledge of their owners. There's also the issue of the affected machines being in another country, which could open the floodgates of international incidents or worse.

What if the code for this virus was open-sourced, say, for security review? Government entities that throw millions of dollars into electronic warfare applications can build some seriously sophisticated worms, as we've seen with high-profile breaches of US corporations by China and Iran's uranium enrichment plants by (allegedly) the US and Israel. Even Google hasn't been immune to the war being raged over the internet, with its own breach of hundreds of Gmail accounts back in June. While Google and others have been unable to prove without a doubt that a government is behind the attacks, it's clear that immense resources are being channeled into the internet as a theater for attacks.

To speculate a possible, admittedly far-fetched scenario, let's say the Japanese government open-sourced this virus or it was leaked to the internet. Months later a virus could be released that targeted machines using a particular internet protocol that it was told was an offending virus or attack; say, XMPP. XMPP (Extensible Messaging and Presence Protocol) isn't actually a virus, it's an open chat standard used by many clients (including Facebook chat) to connect people. But if this virus was told to seek and disable any machines utilizing XMPP"¦ well, you get the idea. Facebook has millions of active users at any given time, and XMPP is a popular protocol for business communication, too (Skype uses it). If the virus was let loose with a zero day vulnerability payload it could wrack up a devastating path of destruction across the internet.

The threat of the latest and greatest virus being unleashed upon the internet is always a concern. The big question is whether governments should be spending their money and research on a virus, defensive or not. Let's not forget that Skynet started as a defense program built by Cyberdyne Systems for the US. We all know how that "Global Digital Defense Network" ended up.

Japanese government building defensive computer virus; Skynet incoming? | ExtremeTech

..............................................................

 

[JAYRAM]

Govt working on defensive cyberweapon / Virus can trace, disable sources of cyber-attacks : National : DAILY YOMIURI ONLINE (The Daily Yomiuri)

 

[nrj]

Govt websites are low-value targets. They do not host any sensitive information online anymore. However, mailservers usually fall pray to these tactics eventually leaking out confidential communication.

Americans have funded DARPA with huge monies to develop new-gen encryption algorithm. Indians need something on that line unless ofcourse they are moving their confidential communication out of chai-samosa session, which is usually immune to eavesdropping.

Major problem that arose in recent days is smartphone-hacking of diplomats visiting PRC. Every US Govt official visiting China is directed by NSA to pull battery out of their Blackberrys as soon as they enter chinese airspace.

 

[JAYRAM]

Report details successful China-based cyber-espionage

Online security company Trend Micro releases report uncovering ongoing campaign of infiltrating industrial sites in Japan and India and also targeting Tibetan activists.


by Martin LaMonica March 30, 2012 7:14 AM PDT

Hackers based in China have carried out 90 attacks on targets in Japan, India, and Tibetan activists in a cyber-espionage campaign started last year, according to a report.

Trend Micro today released an analysis of the Luckycat campaign, which it traced back to a command-and-control center in China. The attacks are part of an organized effort, rather than random hacks, and have compromised 233 computers, according to the report.

The New York Times today reported the attacks can be traced back to a specific individual, a former graduate student in China who may have recruited others to work on the Luckycat campaign.

The attackers targeted a number of Japanese and Indian industrial sites working in aerospace, enginery, engineering, shipping, and military research.

Computers were infected with malware by enticing e-mail recipients to open attachments, according to the Times article.

Trend Micro said the attacks have been "extremely successful" and were designed to establish an ongoing presence to monitor targeted sites.

The operators behind Luckycat also provided infrastructure for other attacks, including the ShadowNet campaign, Trend Micro said.


Report details successful China-based cyber-espionage | Security - CNET News

 

[JAYRAM]

A virus for cyberdefense? Japan has something cooking

Fujitsu is said to be working on an active-defense virus amid growing cyberattacks against Japan--which also has a law forbidding the creation of computer viruses.

by Tim Hornyak January 4, 2012 10:52 AM PST

For several years, Japan has been developing a computer virus that can track, identify, and disable cyberthreats, according to a story in the Yomiuri Shimbun newspaper.

Fujitsu reportedly is working on the cyberweapon for Japan's Defense Ministry under a 178.5 million yen ($2.32 million) project initiated in fiscal 2008 by the ministry's Technical Research and Development Institute.

The system "can identify not only the immediate source of attack, but also all 'springboard' computers used to transmit the virus," the Yomiuri reported, citing anonymous sources.

"Test runs in closed networks have helped the ministry to confirm the cyberweapon's functionality and compile data on cyber-attack patterns."

But whether Fujitsu's "active defense" virus would work in the real world is a big question. Security experts have said it would rarely be effective due to the layered nature of server deployment. Furthermore, innocent third parties could be mistaken for the attackers.

Japan suffered a series of cyberattacks last fall, with targets including major defense contractor Mitsubishi Heavy Industries, the Japanese parliament, and diplomatic missions overseas.

Even Fujitsu was attacked, with denial-of-service hits knocking out some of its cloud-computing services for local governments.

Japanese media have blamed Chinese hackers in some cases, and called for stronger government protection.

The criminal code in Japan prohibits the creation of computer viruses, but a government panel on information security policy is set to discuss cyberweapons in context of their legality as a defense.

Fujitsu, for its part, hasn't said anything about the virus project.

A virus for cyberdefense? Japan has something cooking | Security - CNET News

 

[JAYRAM]

well its not about money , i hope you know they know your all data better then you.

Ha Ha... Our babu's may not even have knowledge about how computer works... You have to watch Loksabha or Rajyasabha TV sometimes..

 

[SLASH]

I'm sure we must be attacking their sites too...

 

[Ray]

Nothing surprising.