Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Companies Team Up, Take Down Chinese Hacking Group
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
10/29/2014 | 11:47:55 AM
Re: We Have Arrived at Gibson's Dystopia
Point taken. We can't go full speed ahead and ignore the potential risks..
User Rank: Ninja
10/29/2014 | 11:46:00 AM
Re: We Have Arrived at Gibson's Dystopia
Ah, but you'll note, @Marilyn Cohodas, that I also agree it's a step in the right direction and feel it's finally time we saw this happen - for clarification, what I'm getting at is: Now that we're here, what more can we do to prevent a good thing turning into a bad thing?  I'm that guy that wants to push and combat until the criminal elements are out of our electronic space, but caution and self-preservation are as important elements in this battle as the battle strategy itself :-)
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
10/29/2014 | 8:44:44 AM
Re: We Have Arrived at Gibson's Dystopia
Must respecfully disagree, @Christian Bryant. I think it's a big step in the right direction to see competing security companies collaborate to take down a common adversary. Sure there is potential for abuse. Nothing is perfect. But the best way to defeat the attackers is for the defenders to work in concert against them.
User Rank: Ninja
10/28/2014 | 7:49:06 PM
We Have Arrived at Gibson's Dystopia
Well, OK - maybe not to the extreme of William Gibson's novel Neuromancer, but I'm seeing the signs for sure.  Reading the Axiom report is interesting.  "Finally" is the word that comes to mind.  The report opens the Key Findings with the statement: 

"Axiom is responsible for directing highly sophisticated cyber espionage operations against numerous Fortune 500 companies, journalists, environmental groups, pro-democracy groups, software companies, academic institutions, and government agencies worldwide for at least the last six years. In our coordinated effort, we performed the first ever-private sponsored interdiction against a sophisticated state sponsored advanced threat group. Our efforts detected and cleaned 43,000 separate installations of Axiom tools, including 180 of their top tier implants."

Now, I don't read a ton of fiction - I'm happier with manuals and HOWTOS. But in reading this report, I can't help but wonder at what's next. Cyberwarfare is clearly here at the level of Nations and that is mildly disturbing. The fact that incredibly wealthy corporations have pulled together (like pseudo-governments) and (seemingly) taken the law into their own hands is either frightening or inspiring. I said "finally" earlier because I have always supported the idea of combative cyber security, though it is incredibly risky. But I am thinking of those who almost have to fight for themselves, the small business owner who stands to lose everything.

But here we have mega corporations re-defining the rules of cyber crime; sabotage and espianage are alive and well, reprisals are on the way. At what point before we are the recipients of computer technology pre-built with nasties at both at the hardware and software level? (And yes, for those who are catching on, I'm echoing James Turner from O'Reilly here.)

The report also notes:

"The breadth and scope of Axiom's operations served as motivation and justification for the approach adopted by the coalition of large scale data capture, analysis, and distribution of both data and analytical output to industry. In the intervening period, the coalition has received a substantial amount of information relating to the removal of these malware tools. To date, over 43,000 separate installations of Axiom-related tools have been removed from machines protected by Operation SMN partners, and 180 of those infections were examples of Hikit, the late-stage persistence and data exfiltration tool that represents the height of an Axiom victim's operational lifecycle."

Again, "finally" - the kind of language I like to read, but also again, how far?  It's similar to old-fashioned terrorism where we have to reach that point of "enough". but then the path we take to combat it may lead us down a dark road, and in some ways make the enemy stronger.

Maybe for now this is what we need.  But I am holding my breath a little for the backlash.  In the meantime, saddle up.  Tech just got a whole lot more serious, and we need to sharpen our skills all the more.



I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-09
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
PUBLISHED: 2022-05-08
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
PUBLISHED: 2022-05-08
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
PUBLISHED: 2022-05-08
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.