Monday, May 26, 2014

How China Hacked America

From Ars technica:
In 2008, according to the indictment, the hackers sent e-mails to 19 senior employees at aluminum-maker Alcoa in Pennsylvania. The account of the sender impersonated a member of the company's board of directors. The message included malware in an attachment "disguised as an agenda for Alcoa's annual board meeting." The attack led to the theft of more than 2,900 e-mail messages and 863 attachments, "including internal messages among Alcoa senior managers" discussing a Chinese acquisition, according to the indictment.

In 2010, a sole employee of United States Steel was targeted with a spear-phishing e-mail. The attack provided "hostnames and descriptions for more than 1,700 servers, including servers that controlled physical access to the company's facilities and mobile device access to the company's networks." And in 2012, a spear-phishing attack allowed the hackers to access "network credentials for virtually every employee" at Allegheny Technologies, which has some 9,500 full-time workers in the aerospace, defense and "specialty materials solutions" sectors.

The indictment also said that the Chinese military gained access to Westinghouse secrets to build nuclear power plants and hijacked e-mails from its chief executive officer in 2010. Between 2010 and 2012, the Chinese military was accused of stealing a total of at least 1.4 gigabytes of data, "the equivalent of roughly 700,000 pages of e-mail messages and attachments, from Westinghouse's computers." (Read more.)

No comments: