p2p news / p2pnet: Chinese hackers have attacked Britain’s parliament using the Microsoft WMF exploit.

“MessageLabs, the e-mail-filtering provider for the U.K. government, told ZDNet UK that targeted e-mails were sent to various individuals within government departments in an attempt to take control of their computers,” says ZDNet UK. “The attack definitely came from China – we know that because we log the IP addresses,” the story has Mark Toshack, manager of antivirus operations at MessageLabs, saying.

“It is a Chinese hacker gang,” he stated. “I don’t know if it is the Chinese government, and I don’t know if it’s the Chinese government paying a hacker gang.”

The attack happened over the Christmas holidays,”before Microsoft’s official patch was available,” says ZDNet. “The hackers tried to send e-mails that used a social-engineering technique to lure people into opening an attachment containing the WMF/Setabortproc Trojan horse.

It was individually tailored and sent to 70 people in the government, MessageLabs said. But, “the Commons’ IT security staff immediately alerted (NISCC), a powerful organisation linked to MI5 that is responsible for protecting the UK’s critical information systems. Security experts set up an exercise to monitor the attacks, and immediately realised the hackers were well resourced.”

These weren’t “normal hackers,” said the Guardian Unlimited in the original report of the incident. A source close to the NISCC (the UK’s National Infrastructure Security Co-ordination Centre) is quoted as saying. “The degree of sophistication was extremely high. They were very clever programmers.”

Privately, UK civil servants familiar with NISCC’s investigation agree that the attacks on the UK and US are coming from China, says the Guardian Unlimited. “This almost certainly means some state sanction or involvement – perhaps even a ’shopping list’ of requirements.”

Some of the attacks have been aimed at parts of the UK government dealing with human rights issues – “a very odd target,” according to one UK security source, it says.

Finland’s F-Secure recently said it believed the owners of most vulnerable Windows machines still haven’t installed the patch and, “We also believe this vulnerability will continue to be used by various different attackers for months, possibly years,” remarked company research director Mikko Hyppönen.

Also See:
ZDNet UK – British parliament attacked using WMF exploit, January 23, 2006
Guardian Unlimited – Smash and grab, the hi-tech way, January 19, 2006
possibly years – Microsoft WMF hole still lethal, January 16, 2006

=====================

If you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent website blocking outside of China.

Download it here and feel free to copy the zip and host it yourself so others can download it.

This entry was posted on Monday, January 23rd, 2006 at 2:12 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2919 times