Wednesday, January 25, 2012

Chinese Cyber Attack

I didn't watch the State of the Union.
I hear it was a waste of time.
Same old Washington rhetoric.

What caught my eye today was this report:
China-based Cyber Attack Targets DoD Access Cards

Basically, a computer hacking virus was discovered and traced back to its origination in China (based on Chinese characters found within the virus’ coding). How it works is that members of the military receive an official looking email that has a PDF file attached to it. The virus in the PDF file records keystrokes and collects the military person's identification number which is associated with a Common Access Card (called “CAC cards”) and is used when he logs into a government computer. This allows the hackers a way to gain access to government computers.

The virus is called "Sykipot" and government officials are reportedly investigating it. Alien Vault has tracked the virus for three months.

Apparently, the only way to protect against this Sykipot virus is for service members not to open the PDF attachment. The hackers often disguise their poisoned email attachments, such as this PDF file, to seem like they are some sort of official government correspondence.

The really sad thing is that people are claiming that much of a Department of Defense "secure" computer is actually manufactured in China, as well as other countries. If that's the case then we have some real problems to deal with. We ought to be making our own computer equipment and components. That would at least give us some assurance that there are no built-in back doors, "Trojan horses" or other clever software tactics to compromise our nation's data security.

Hmmm... you didn't hear anything about that in the State of the Union Address.