Chinese hackers who breached Google reportedly targeted classified data

The Chinese hackers who breached Google's corporate servers 41 months ago gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government, according to a published report.

The revelation came in an article published Monday by The Washington Post, and it heightens concerns about the December, 2009 hack. When Google disclosed it a few weeks later, the company said only that the operatives accessed Google "intellectual property"—which most people took to mean software source code—and Gmail accounts of human rights activists.

Citing officials who agreed to speak on the condition that they not be named, Washington Post reporter Ellen Nakashima said the assets compromised in the attack also included a database storing years' worth of information about US surveillance targets. The goal, according to Monday's report, appears to be unearthing the identities of Chinese intelligence operatives in the US who were being tracked by American law enforcement agencies.

Read 7 remaining paragraphs | Comments

Spammers Make Memorial Day Memorable

Memorial Day is celebrated on May 27 and it is a day for memorializing the men and women who have died in military service for the United States. It is a common practice for cybercriminals to take advantage of events and holidays. This year, various spam messages related to Memorial Day have begun flowing into the Symantec Probe Network. We have observed that most of the spam samples encourage users to take advantage of clearance sales on cars and trucks. Clicking the URL will automatically redirect the user to a website containing some bogus offer.
 

Spammers Memorial 1 edit.png

Figure 1: Memorial Day financial spam
 

A variety of subject lines have been observed related to the clearance sale spam attacks for Memorial Day:

  • Subject: Memorial Day Auto Special On Every New Truck
  • Subject: Memorial Day Celebration - Half Off xxx Vehicles
  • Subject: Memorial Day Special, All Auto Models On-Sale
  • Subject: Memorial Day Savings on all new vehicles
  • Subject: Memorial Day xxx Clearance Sale
  • Subject: Huge new car Memorial Day Clearance!

Other spam samples have encouraged users to take advantage of bogus offers on weight loss and pharmaceutical products. After clicking the URL, users are taken to a web page where the fake products are sold. Users should be wary of spam attacks offering deals like these.
 

Spammers Memorial 2 edit.png

Figure 2: Memorial Day weight loss spam
 

Spammers Memorial 3 edit.png

Figure 3: Fake pharmaceutical web page for Memorial Day
 

Symantec advises our readers to be cautious when handling unsolicited or unexpected emails. We, at Symantec, are constantly monitoring spam attacks to ensure that readers are kept up-to-date with information on the latest threats.

Think your Skype messages get end-to-end encryption? Think again

If you think the private messages you send over Skype are protected by end-to-end encryption, think again. The Microsoft-owned service regularly scans message contents for signs of fraud, and company managers may log the results indefinitely, Ars has confirmed. And this can only happen if Microsoft can convert the messages into human-readable form at will.

With the help of independent privacy and security researcher Ashkan Soltani, Ars used Skype to send four Web links that were created solely for purposes of this article. Two of them were never clicked on, but the other two—one beginning in HTTP link and the other HTTPS—were accessed by a machine at 65.52.100.214, an IP address belonging to Microsoft. For those interested in the technical details, the log line looked like this:

'65.52.100.214 - - [16/May/2013 11:30:10] "HEAD /index.html?test_never_clicked HTTP/1.1" 200 -'

The results—which were similar but not identical to those reported last week by The H Security—prove conclusively that Microsoft not only has ability to peer at the plaintext sent from one Skype user to another, but that the company regularly flexes that monitoring muscle.

Read 9 remaining paragraphs | Comments

Chinese army hackers return from vacation, renew attacks on US

After being publicly exposed in February as the source of a long list of cyberattacks on US companies and media organizations, the Chinese People's Liberation Army's (PLA) Unit 61396 largely pulled back from the networks the unit had infiltrated. But now, the New York Times reports, the hackers are back in action using new techniques to go after many of the same corporate and government targets they had infiltrated before.

The revived attacks come despite (or perhaps because of) the direct accusations leveled against China's military in a Pentagon report to Congress earlier this month. The White House approved "naming and shaming" the PLA unit in hopes that it would cause the Chinese government to take action. The move was part of an escalation of diplomatic pressure that began in March, when White House National Security Advisor Tom Donilon first publicly mentioned the Obama Administration's appeal to the Chinese government to "engage with us in a constructive dialogue" on cyber security.

"In 2012, numerous computer systems around the world, including those owned by the US government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military," the Pentagon report stated. "These intrusions were focused on exfiltrating information. China is using its computer network exploitation (CNE) capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support US national defense programs."

Read 1 remaining paragraphs | Comments