Change Your Passwords. Change Them OftenMonday, May 6, 2013 18:21
Just finished reading China’s Cyberspies Outwit Model for Bond’s Q , Bloomberg’s second piece on China and cyber security, and I was nearly dumbfounded by the fact that the firm at the center of the article didn’t understand (1) they were under threat and (2) did nothing to remove the threats when it was abundantily clear there was a problem.
A few passages to pick out:
QinetiQ treated a series of attacks over the next several months as isolated incidents. The hackers followed a more meticulous strategy: In the first 2 1/2 years, they gathered more than 13,000 internal passwords and raided servers that could give them detailed information about the company and how it was organized — data they would use to devastating effect.
[...]The hackers logged on through the company’s remote access system, just like any employee. It was a trick they were able to use only because QinetiQ didn’t employ two-factor authentication, a simple device that generates a unique code employees enter, along with their usual password, anytime they work from home.
[...]The security teams found evidence that the hackers had burrowed into almost every corner of QinetiQ’s U.S. operations, including production facilities and engineering labs in St. Louis, Pittsburgh, Long Beach, Mississippi, Huntsville, Alabama and Albuquerque, New Mexico, where QinetiQ engineers work on satellite-based espionage, among other projects.
[...]It began to dawn on the security teams that the hackers had established a near permanent presence in the defense contractor’s computers, mining new information almost as soon as it was written onto hard drives. “Oh yeah…they are f’d,” Wallisch wrote to Hoglund in September. (emphasis mine)
Oh yeah…they are f’d…
Having seen several of my own sites and servers attacked over the years, some very very cleaver and specific, the best advice I can given anyone who suspects they have a problem is immediate action. I honestly cannot stress this enough. This article is about a defense contractor, but hackers are not only focused on getting blue prints of the newest military gadgets. they are also looking at commercial secrets as well, and from all I have read, you don’t need to be a big firm to garner interest. You, or your firm, simply need to be interesting enough to a player with the money to spend on a team of university students in any number of countries.
Personally, I have always taken these threats seriously. Part of that was speaking to friends who managed servers, others who were a bit paranoid, and knowing that as someone who was involved early with the third sector I was always interesting to someone. I have had to run through offices and servers changing passwords, take sites offline, have tech support come in and clean databases of anything and everything suspect.
With that, I highly recommend you read the article, and I would recommend that you change your passwords often… and be a little more creative than this list.