Tuesday, August 16, 2011

Shady RAT

Our computer networks, banking, commerce, entertainment and government, have been infiltrated

While we've been watching our economy crumble and Europe burn, McAfee has announced the discovery of a gigantic and scary computer hack, dubbed Shady RAT. For the past five years, it has been penetrating financial and government systems, stealing information and propagating itself.

Contrary to the attacks we are used to hearing about, this operation is stealthy and does no harm.  The perpetrators don't want chaos, they want constant undetected access to private data and government secrets.  The details released to the public remain sketchy, and China is the prime suspect.

I've pinged a few of my friends who work in computer security. Obviously, they couldn't reveal anything classified, but they told me what they legally could and steered me to some publicly available information. Friend #1 focuses on the technical details, while Friend #2 explains the international intelligence intrigue aspect.

Here's network security expert #1, explaining what Shady RAT is:
In summary, entire web servers are compromised first then used to infect users who visit the MANY websites these web servers host so it can reach out to standard web browsers on a desktop PC or laptop, mobile phones browsing those sites and even VPN's connecting in.

Companies that have the right security can detect these kinds of things going on if they care but many are still turning a blind eye to them. Remember the words in the original Shady RAT report? Those that know they’ve been compromised and those that don’t yet know OR I add don't care enough yet because they won't allow little incidents to hurt the business......"
How does it happen?
The hacker communities are able to constantly exploit software vulnerabilities at the code level because companies refuse to do the right thing in producing 100% safe and secure software. Web pages on the Internet have become a primary medium for hackers to get malicious code onto a persons PC via the web browser. This is accomplished by mixing executable code with static content like html. If a person visits the a bad website their browser can become infected in seconds. The ever increasing clueless user base creates a huge target and makes it easy to pull in victims.

Email is also a primary threat vector because a single spear phishing attack can create a backdoor on a persons PC with an easy outgoing connection controlled from the Internet. A spear phishing attack is a favorite technique because it is so effective. The hacker community has been able to find the successful mix of human ignorance and software weaknesses and the primary motive is of course money.
Here's what network security expert #2 said, addressing the international intrigue...
Remember that huge snowball fight we had at the barracks at Holloman? That's what cyber warfare has turned out to be. A few guys tossing at each other, then whole squadrons in a toss-fest (Asia, Europe, Israel, Russia, and America), then all ganging up on the Security Police dorms (USA), until a beefy NCO comes out to tell us to knock it off or go to jail (NSA, FBI, and CyberCom).

Wayne Madsen has written about the massive private data breaches that have been going on for the last several years. He fingers the NSA, his former employer. I'm not entirely convinced.
He told me he could not talk about shady RAT, but he closed with this...
Suffice it to say there are many players in this game and intrusions that do not have a monetary motive belong to governments. That's my guess. Follow the national interest in each penetration and you can finger a potential perp.
Bottom line: Just as you wouldn't wander into a strange neighborhood, stay away from strange links and don't open e-mails from strangers, delete them.  And your on-line banking may not be as safe as you thought. Finally, why did a private company find this, and not the federal government's billion dollar bureaucracy?

McAfee - Shady Rat White Paper
Security Through Obscurity
What is Night Dragon?

35 comments:

jez said...

I'm not saying something like this isn't happening (I always assumed it was), but McAfee has a reputation for blowing this kind of thing out of all proportion (which of course in its business interest to do).

Adopted a degree of paranoia at all times while online, and get on with your life. is my advice.

I choose to trust my bank's internet services. It's not like it's not computers on a network when I personally visit a branch, is it? You've got to accept the risk, or keep your money under the mattress.

Silverfiddle said...

I'm not trying to scare people away from on-line banking. You are correct in that your information is on a computer network even if you don't do on-line banking.

You are also right about being prudent. Caveat emptor.

Bunkerville said...

While Microsoft make Billions of Bucks off of us, they do little to tackle the vulnerabilites they expose us all to. One has to give Steve Jobs crcdit. Apple Viruss and Malware are few and far between. I dread any new updates for servers and operating systems. They are untried, and buggy with many programs, and they do not give a hoot.

Anonymous said...

The government didn't find it because their IT security teams work towards other more clandestine goals. They don't have the time, money, or inclination to go poring over thousands of websites operated by private companies and what not.

Having worked in the intelligence field, specifically some NSA type stuff, I can confidently claim that there's a lot more worrisome crap out there than what these hackers are doing.

Always On Watch said...

I've chosen to avoid using online banking. Who needs another headache when something goes wrong?

I recently went through a mess with credit card fraud. The company caught the attempt, but I had to close out the account and notify the few merchants who automatically debited every month. A pain in the ass to get all that done!

Z said...

"Finally, why did a private company find this, and not the federal government's billion dollar bureaucracy?"
Good question...

a little off topic advice: I stopped using my Debit Card. A bank account can be cleaned out, a credit card has a limit and covers that.

I'm tired of getting emails all day with "Pass this to everyone.." REALLY? And pass computer problems? No, thanks. And a lot are conservative emails hoping to wake people up to what's going on; sometimes I wonder about that; legit, or hacker fodder?

Anonymous said...

A great piece of investigative work, Silver. I for one am glad you have the contacts that you do. Living outside of the country, I have no choice except to use on-line banking. Although my account balance is always humiliatingly small, to me it is everything in the world. I try not to think about what could happen.

Jersey McJones said...

The way Shady Rat was discovered - because of the sloppy maintenance of the server - belies the notion that it was a sophisticated state-run operation. It may be coming from a Chinese server, but probably not from the Chinese gov't.

JMJ

Anonymous said...

Disquieting, but in no way surprising.

Is anyone here familiar with a book called The Puzzle Palace? It's been out for at least twenty years, so the information is out of date, but it describes in chilling detail the myriad ways government has at its disposal to track you, monitor you, photograph you in your most private moments from thousands of feet in the air through the roof of your house -- or any place you choose to park your carcass. And they can listen to every word you say -- even from blocks away and around corners.

God help you if you should become "a person of interest" in a federal investigation!

Anonymous said...

It occurred to me not too long after I got into this game that the internet is actually a trap.

We love and it, and use it compulsively, because it's inexpensive, easy to use, satisfies our need for recognition when we can see our words come instantly into print knowing that hundreds, maybe thousands, will read them before long. And then it's so easy to find information. If our memory's a wee bit sketchy, we can check our facts and figures instantly without moving our butts, return to our writing and appear far better informed and intelligent than we really are. What fun!

BUT

Did you ever stop to realize that everything we do on the internet is instantly made public? There is no privacy whatsoever.

Now Jack Camwell may be right in saying government doesn't bother to look at most of the billions of words and images that get tossed into cyberspace every day, but the point it THEY CAN, IF THEY WANT TO.

Look what happened to Anthony Weiner, if you don't believe me.

The internet is like one of those TWO-WAY MIRRORS the police use when questioning suspects. The target of the investigation may think he alone with a police detective when in fact other investigators and possible witnesses are observing the interview in secret.

Can you not see that the internet may very well be the instrument through which Orwell's BIG BROTHER may be watching YOU?

You'd better watch out
You'd better not lie
You'd better not pout
I'm telling you why

Tyrants now have come to your town

They know with whom you're sleeping
They know when you're every ache
They know when you've been bad or good,
So be good for Heaven's sake!


Not so amusing, when it's the government and not Santa Claus who's coming to town, is it?

POWER & CONTROL always has and always will be the name of the game.

Watch your step!

~ FreeThinke

Anonymous said...

Jersey,

If naiveté were a terminal disease, you'd have already been pushing up daisies many years ago.

~ FreeThinke

jez said...

"Did you ever stop to realize that everything we do on the internet is instantly made public?"

On a public blog or newsgroup, yes of course. It's the equivalent of nailing a poster to a wall, except with search engines.

An email, less so. Think of an unencrypted email as you would a postcard.

Silverfiddle said...

Internet anonymity is also a fiction, btw...

Anonymous said...

It isn't paranoia when they really are out to get you -- or have all the machinery ready to set in motion for that purpose whenever they want to use it.

There's a website called Prison Planet that chronicles and catalogues endless details of how we're busily wrapping ourselves in endless snarls of red tape.

Beware those who would claim they only want to keep you SAFE.

"They that can give up essential liberties for a little temporary safety deserve neither liberty nor safety."

~ Franklin (1706-1790)

And the liberals, whose most fervent desire is to become our jailers, claim the Founders couldn't possibly have anticipated the needs of contemporary society. HAH!

~ FreeThinke

Jersey McJones said...

FT, grow up.

Guys, the internet is open forum, for all intents and purposes. It does not and never has guaranteed anonymity or infallible security.

I happen to be a pretty good skip-tracer, thanks to my old corporate collections days. I never use these skills unless someone asks me
and the reasons are ethical and legit.

Using only the internet, in the span of only an hour, just a few months ago, I tracked down a dead-beat dad who'd been missing for years, while the typically useless Red State of Florida claimed to be tracking him down all that time.

How'd I find him? He bought a piece of property in North Carolina a year ago (apparently unbeknownst to his girlfriend whom he'd apparently been using to shield his identity - another interesting story).

There's really no staying off the grid, if you want to live a semblance of normal, modern life. We live in a vast, complex, massive nation, and we are all interconnected. We humans are social animals and that interconnectedness is a natural and innate utility.

The internet, yet another of our many connections, is just what it is. It is neither bad or good, any more or less than the telephone or television, public or private postage, and so forth.

If you feel you must be completely off the grid, well, then live in the woods like a wolf.

Oh yeah - wolves live in packs too...

If you want the internet to remain an open and relatively safe medium, then support Net Nuetrality, the right of privacy, and open government.

If you are against those principles, then you're a moron and do not deserve any privacy at all.

JMJ

Anonymous said...

Unlike Winston Smith, our friend Jersey longs for Big Brother to come and see to it that Jersey will never be able to step off the grid should he ever change his mind. Prison, after all, does provide a kind of security one cannot get on the outside.

Hard core recidivists exhibit this mentality. They continually arrange to have themselves sent back to prison, because they can't stand the appalling weight freedom imposes on those unwilling to do what's necessary to maintain it. The same holds true for those who continually reenlist in the armed services with no hope of making a real career there.

It's easier to take orders than to have to decide for oneself what to do with one's time.

I guess that shows a lack of imagination and creativity. I would never dare say it showed stupidity.

Different strokes for different folks. Just don't involve me in any of your wet dreams, please.

~ FreeThinke

Anonymous said...

" A wise man fears and departs from evil, But a fool rages and is self-confident."

~ Prov 14:16

Submited by FreeThinke

Silverfiddle said...

"Net neutrality" Ha Ha...

It restricts the owners of the last mile, but not the government.

Did you see what the socialists of all parties in DC are trying to do? Making ISP keep records and logs of everything?

So much for the 4th Amendment.

Anonymous said...

A man may be a fool, and not know it.


A fool must now and then be right --- by chance. After all, even a broken clock tells the right time twice a day.

~ Submitted by FreeThinke

Anonymous said...

A prudent man forseeth the evil and hideth himself, but the simple pass on and are punished.

~ Prov 22:3

Yes, but unfortunately a lot of wiser individuals wind up getting punished because of the folly of the willfully imprudent and unwise.

Unfortunately, fools outnumber wise men a hundred to one. That's why Democrats keep getting elected to high office.

And wise men seeking power too often act the fool to win favor with the majority.

As Oscar Wilde said, "Whatever is popular is wrong."

~ FreeThinke

Anonymous said...

SilverFiddle said:

"Did you see what the socialists of all parties in DC are trying to do? Making ISP keep records and logs of everything?

"So much for the 4th Amendment!"


My friend, at the rate things are going these Control Freaks will soon make a move to have everyone who doesn't see things just their way lobomotized.

The Era of Microchip Implantation is already upon us in case you hadn't noticed. It started with our pets, but it will son spread to us -- for our "safety and protection," of course.

What was it we used to say jokingly?

Cheer up! Things could always get worse -- and sure enough they did get worse.

The joke's no longer funny.

~ FreeThinke

OD357 said...

It must be a generational thing. I see people under 40 willing to bare all on social networking sites. Me ? If I want to contact you I'll email you. If you email me and I can't confirm who you are, I delete it. Too many people are willing to give out information over the net way to easy and way to fast.

The reason McAfee found it, it their business. They make their living doing this. You rather trust the bunch that brought you the post office and Social Security office.

Bunkerville, I have nothing to do with Microsoft except as a customer, but Microsoft's digital crime unit along with the feds was instrumental for bringing down spammer Rustock this year. Symantec estimates that Rustock was responsible for 39 percent of the world's spam last year. Spambots that could have been used for information Phishing.

Your turn bro

Jersey McJones said...

Silver, to be against Net Nuetrality is to be a fuckin' idiot. Don't be a fuckin' idiot. You're above that. Leave that to FT. (Really, FT, do you think you're really that smart, that I'm really some blind leftist? Really? What a lousy judge of character you are.)

And Oh! But for the good ol' days when conservative/libertarians were actually all for Net Nuetrality! (Remember? No?) So much for being proud individuals. A few of your crooked heroes in Washington tell you to think otherwise, and sure enough, you're against what you once were for.

Baaaaaaaahhhh...

JMJ

Jersey McJones said...

FT, do you have any idea how many bits of information are flying around cyberspace? Do you have a clue?

No, of course we don't want the government treating cyberspace like the public roads.

They are not the same.

For each individual, as far as rights are concerned, the internet should be in essence proprietary for each and every use.

And so we do not want the government to control the internet, but then we certainly wouldn't hand over content-control to the private sector! They could just set it up as the government and they please and actually have a profit incentive to create exactly the situation you predict!

GET IT YET GUYS???

JMJ

Anonymous said...

This just in from a Republican activist friend in New Hampshire:

"I just got this private message from a friend on FB who I THINK lives in Texas... and now he seems to have disappeared because FB won't let me respond and I can't find him in my list of friends or otherwise.

It was sent just 3 hours ago.

DAMMIT. I will go without electricity if this happens to me!


=================

"The Power company was just here. The Tech had a Smart Meter under his arm.. He left with it too.

"I'm glad I was here to intercept him too. After leaving a door hanger out front he proceeded to the back yard where he was met by the dogs. I know this guy wasn't happy I told him no. He even got on the phone as soon as I closed the gate behind him.

"About 30 minutes later The technician's supervisor just showed up with the Sherriff. After explaining that they were only obligated to bring power to the house. He said the meter is the bridge and it's in our contract that they have the right to upgrade the equipment. If I refuse the power company will come out and shut everything down.

"The sad thing is, with the Sherriff there, he said he understood my privacy concerns, and even acknowledged that this is being directed by the Government. The Sherriff stayed until they were done.

"Big Brother’s here. Big Brother’s here, and there isn’t a God-damned thing we can do about it!"


=================

Tyranny advances on all fronts.

~ FreeThinke

Kid said...

"Finally, why did a private company find this, and not the federal government's billion dollar bureaucracy?"

Because there is nothing in it for them.

I work in IT, and my advice to anyone is never click on a link in an email. If it's from your bank, use your bookmark to get there or type the address in yourself. I have to wonder why actual banks even send out emails with links. It just encourages phishing. Some of the phishers can steal your username/password, then send you on to your bank's actual website.

That bank websites facilitate this functionality is absurd.

Anonymous said...

Jersey,

No I don't think you're stupid at all, but you lead with your chin nearly all the time, and the temptation to take a poke at your glass jaw is just too great sometimes. However, most of my "insults" are made tongue-in-cheek. I thought you were smart enough to see that, which -- in case you don't realize it --is a compliment.

What I wish you would see is that government is made up of fallible, individual people subject to all the ills that flesh is heir to -- and so are corporations.

I believe that ALL large scale organizations are potentially dangerous. Wherever the potential to abuse power exists, it WILL be abused.

Why you would trust government power any more than corporate power or any other kind of power I can't imagine.

Government is a MONOPOLY. Government holds ALL the cards ALL the time. Government literally holds the power of life and death over us. Government is potentially the greatest evil of all, because it has the largest capacity to become oppressive.

Corporations by themselves have less capacity to tyrannize than government. You can always go to another store, by anther brand, shop in another neighborhood, drive another car, move to another location, choose not to buy their product, divorce your spouse, go to a different amusement park, walk out of the theater, turn off the TV, the radio, the stereo, get away from the computer,etc., but you can't escape from government.

Government in cahoots with Industry and the Owners and Suppliers of Raw Materials -- which is the Oligarchy we suffer with today -- is a deadly combination.

Remarks posted all over the net each week must number in the trillions. Certainly no one is going to read them all, but certain key words automatically trigger further investigation. God help you or any one of us if we should become "a person of interest" in a government investigation.

MY point on this thread is to help others see that THE CAPACITY to TYRANNIZE ELECTRONICALLY ALREADY EXISTS. Sooner or later it WILL be used against us.

The nature of government is to grow ever larger and more powerful and to perpetuate itself by any means fair or foul. Government is not our friend. Neither is any other out-of-control power bloc.

~ FreeThinke

Finntann said...

"FT, do you have any idea how many bits of information are flying around cyberspace? Do you have a clue?"

It's not like they have to read every email you send... all they have to do is filter for bit patterns:


Deep Packet Inspection (DPI) (also called complete packet inspection and Information eXtraction - IX -) is a form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information.

"Predefined criteria, collecting statistical information"...you figure it out.

Cheers!

Finntann said...

To give you an idea of what I am talking about, I ran a trace route from my computer to the bbc news website.

The path from my computer to bbc news passes through 19 different computers on the way there, I'm not going to give you the IP addresses but this is the path:

Home
Local
Colorado Springs
Colorado Springs
Denver
Denver
Chicago
Chicago
Washington
Washington
Paris
Frankfurt
Frankfurt
Frankfurt
London
Frankfurt
Frankfurt
Frankfurt
Frankfurt
Cologne

Apparently BBC News is hosted on German servers.

Any one or all of those computers can be performing deep packet inspection of the data as it passes through.

Cheers!

Silverfiddle said...

Jersey: Spoken like a loyal statist tool. Mussolinis throughout history built their dictatorships on credulous naifs like you.

Kid: Thank you for the excellent advice

Silverfiddle said...

Finn: Your innerwebz communications go through Denver?

Denver sucks. Go around. Use E 470.

Finntann said...

Nah... tolls are too high, I tell all my innerwebz packets to take 225 instead.

Seriously though, it's the Washington routers that raise my eyebrows... FBI? NSA? LOL?

MathewK said...

I don't have much thanks to our loving government thieving and pilfering from me every month because they insist on 'caring' for me, so i suppose the thieves, cyber and otherwise don't care much for the little i have.

See, big socialist nannying government can reduce crime, they'll make sure you won't have shit to be stolen.

Anonymous said...

Hey, MK,

They can have all the SHIT they want -- just don't touch my gold, silver, diamonds, jewels, hand-carved mahogany antiques and oriental rugs, please.

Our SHIT is all they deserve -- and they're welcome to it.

Cheerio!

~ FreeThinke

Rob said...

I'm with OD - people expose themselves to an extent online that they'd never consider doing in person. The isolated feeling of the digital world lulls people into a very false sense of security. I'll bet you could easily chart a comparable growth in social networking with that of the rise of identity theft.

That said, lemme go out on a limb and take an opposing view. If the Internet is (presumably, according to common public beliefs) safe enough for banking, then why isn't it safe enough for voting? My money is a helluva lot more important and meaningful to me than any vote in any upcoming election, be it local or national.

Let's take it a step further - if the Internet is secure enough for online gambling, why not online voting?