Undiscovered hacking possibly for a decade
Blackberry Ltd. says it has discovered what it claims is Chinese-backed hacking of the world’s servers. Originally known as Research In Motion based in Waterloo Ontario, the company says its researchers have discovered how hackers have managed to infiltrate many of the worlds servers unnoticed for up to a decade.
Likely with an intended pejorative double-entendre, the 44-page report by BlackBerry, is called “Decade of the Rats”.(pdf).
The title refers (also) to a popular remote administration tool (NetWire-rat) that BlackBerry found to have striking code similarities to a remote access android trojan (RAT) that was discovered two years before the business tool came on to the commercial market, ‘raising questions about the origins of each’ says the report.
The report notes that ‘While Chinese IP (intellectual property) theft is now a story old enough for the history books, there continue to be new chapters to add with new lessons to learn for security teams and the organizations they serve.
The company says some five separate groups with ties to the Chinese government have been extracting vast quantities of information through Linux operating systems as well as Windows and Android systems. Linux is used to run the New York, London, and Tokyo stock exchanges, and major tech giants like Amazon, Yahoo, and Google also rely on it and indeed dominates the back-end infrastructure ofalmost all advanced supercomputers around the world, including computers used by many U.S. government agencies and the Department of Defense.
The report notes that ‘ While Chinese IP (intellectual property) theft is now a story old enough for the history books, there continue to be new chapters to add with new lessons to learn for security teams and the organizations they serve.
The five groups although apparently have different objectives and targets, the report says they share tools and tactics and so appear to be coordinated. One of the succesful methods used to escape cyber-security is through theft of adware certificates that prove a product’s authenticity and which are considered low security threats and then their disguised spyware can communicate through innocuous domain names on cloud servers.
BlackBerry says the hackers have been able to gather vast amounts of data and intellectual property, potentially worth billions.
- Security Week: i Arghire: Apr 8/20: Hackers Operating in the Interest of the Chinese Government Systematically Targeted Linux Servers, Windows Systems and Mobile Devices
- BlackBerry Blog: Decade of the RATs,Novel APT attacks
- Canadian Press (TMX Money): D. Paddon: Apr.8/20: Blackberry uncovers hacker tools that it says opened data servers for a decade
- BNN-Bloomberg: Apr.8/20 BlackBerry uncovers China-backed hacking campaign on Linux servers