When Google and Adobe voluntarily revealed in early 2010 that they had been breached by attackers out of China, as had Intel and more than 20 other U.S. companies, Credit card hacking suddenly seemed mild in comparison with the potential theft of Google's or Adobe's source code and intellectual property.
This brand of targeted attack, typically nation state-sponsored, was nothing new, however. The Defense Department and Defense contractor industry had long been battling ongoing attacks out of China that were all about spying for competitive gain. One source close to the so-called Operation Aurora investigation surrounding the Google hacks told Dark Reading in "Spear Phishing Attacks Out Of China Targeted Source Code, Intellectual Property" that this brand of targeted attack has actually been going on for about three years against U.S. companies and government agencies, involving some 10 different groups in China consisting of some 150,000 trained cyberattackers.
No -- this category of attack wasn't new, but it was now out of the shadows and in the news. And an old Defense term is now new again: the advanced persistent threat (APT) adversary.
5. Do as they say, but don't do as they do.
Super Bowl Sunday 2011 was a lousy day for the Pittsburgh Steelers, but it wasn't any better for HBGary founder Greg Hoglund. Hoglund learned just before kick-off that a targeted attack on HBGary Federal's systems had also led to the breach of his firm's (the two companies are separate entities) email servers. The hacktivist Anonymous group had infiltrated and dumped the contents of HBGary's and HBGary Federal's email messages and other sensitive information online, as well as commandeered HBGary Federal CEO Aaron Barr's Twitter account and potsed his Social Security number and address.
But by the time Hoglund was alerted that his servers had been hit, "they had been in the systems longer than that, after they had gotten everything they wanted," he said in an interview for the "Anonymous' Hacks Security Company, Researcher" piece.
But it wasn't until last month that HBGary issued an official statement to dispel misconceptions about the attacks, namely that the two companies are separate. "HBGary Inc. was a victim of circumstance, caught within the storm of a vengeful retribution attack against Mr. Barr for his claim that he had infiltrated the hacking group," the statement said.
The HBGary Federal and HBGary hacks were big news in that a security company had been seriously breached by a group of determined hackers. And in a very public, painful way, as the Anonymous group relentlessly posted email spools from both companies.
But that was just the beginning. While the buzz was all about speculating on Anonymous' next victim, security company Comodo 'fessed up that one of its resellers had been hacked, and nine Comodo-signed SSL certificates had been issued for fraudulent websites posing as domains for high-profile sites, including mail.google.com, www.google.com, login.skype.com, addons.mozilla.org. An Iranian hacker claimed responsibility for the attacks, and shared his story with Dark Reading and other publications.
But wait -- there's more. Just a few days later, security mainstay RSA announced that it had been the victim of a targeted, APT-type attack that exposed its SecurID authentication technology.
And all of this transpired within the first five months of this year. Imagine what the rest of the year will bring.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.