http://blog.wired.com/27bstroke6/2008/05/commerce-depart.html
By Kim Zetter
Threat Level
Wired.com
May 30, 2008
Fellow Threat Leveler Kevin Poulsen effectively took the wind out of
sources in a recent National Journal story who suggested that the
Chinese were to blame for the 2003 northeast blackout. The Journal cited
information gleaned secondhand from unnamed intelligence sources to
proffer the speculation.
But at least one bit of other information in the article has been
pursued by the Associated Press . . . though to inconclusive results.
That information pertains to an unnamed source who told the Journal that
Commerce Secretary Carlos M. Gutierrez was the target of cyberespionage
in China during a visit there last December for trade talks.
The Journal cites an unnamed computer security expert who says spyware
was discovered on "devices" used by Gutierrez and other Commerce
officials during the China trip, but isn't specific about the equipment
that was targeted and seems careful to say that the unnamed expert has
firsthand knowledge of the kind of spyware discovered, rather than
saying he has firsthand knowledge of their actual discovery on Commerce
equipment.
During a trip to Beijing in December 2007, spyware programs designed
to clandestinely remove information from personal computers and
other electronic equipment were discovered on devices used by
Commerce Secretary Carlos Gutierrez and possibly other members of a
U.S. trade delegation, according to a computer-security expert with
firsthand knowledge of the spyware used. . . . According to the
computer-security expert, the spyware programs were designed to open
communications channels to an outside system, and to download the
contents of the infected devices at regular intervals. The source
said that the computer codes were identical to those found in the
laptop computers and other devices of several senior executives of
U.S. corporations who also had their electronics "slurped" while
on business in China.
An Associated Press story written by Ted Bridis confirms that U.S.
authorities are suspicious that Gutierrez might have been targeted and
have launched an investigation, but it doesn't mention spyware in
relation to the investigation. The piece mentions that Gutierrez may
have left his laptop unattended at some point during his China trip and
there's concern that the Chinese copied its contents to try to access
the Commerce Department's network, presumably to uncover proprietary
information about U.S. technologies as well as to gain information it
could leverage against the U.S. in trade talks.
The piece doesn't say why authorities suspect the laptop was
compromised, although it mentions that since Gutierrez returned from
China, the U.S. Computer Emergency Readiness Team of forensic experts
has rushed to the Commerce Department a number of times to respond to
serious attempts at data break-ins. A spokesman for the Department of
Homeland Security notes, however, that "there's nothing to substantiate
an actual compromise at this time"; and that although US-CERT workers
visited the Commerce Department eight times since December, none of
those visits related to laptops or the secretary's trip to China.
The AP piece does mention spyware, though not in relation to Gutierrez.
It recounts a story told during a speech last December by senior U.S.
intelligence official Joel F. Brenner. Brenner said an American
financial executive detected attempts to remotely implant monitoring
software on his PDA during a visit to Beijing. The unnamed executive
"counted five beacons popped into his PDA between the time he got
off his plane in Beijing and the time he got to his hotel room,"
according to Brenner's account. It's unclear if this executive is one of
the same senior U.S. executives mentioned by the unnamed Journal; source
in his account of U.S. businessmen who discovered spyware on their
computing devices while in China.
So is all of this part of a government effort to hype the China cyber
threat? Who knows.
The AP says that "Commerce Department break-ins have been so serious
that its Bureau of Industry and Security, which regulates exports of
sensitive technology that might be used in weapons, effectively
unplugged itself from the Internet."
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
Comments