How we trace the hackers behind a cyber attack

The place for technology related posts.

Moderator: Moderators

Post Reply
User avatar
Sabre
DCAWD Founding Member
Posts: 21432
Joined: Wed Aug 11, 2004 8:00 pm
Location: Springfield, VA
Contact:
Contact Sabre

How we trace the hackers behind a cyber attack

Post by Sabre »

The Conversation
The Chinese military has been imputed for the recent cyber attack on the Australian Bureau of Meteorology (BOM).

The Chinese government has, of course, denied its involvement. And it does seem somewhat convenient that it is being blamed for this latest high profile breach.

It is therefore a legitimate question to ask what evidence there may be to implicate China in this particular incident.

Unit 61398

Much of what we know about the Chinese military involvement in hacking has come from work done by security firms like Mandiant, which first detailed what it knew about the activities of the Chinese People’s Liberation Army’s infamous Unit 61398.

Mandiant analysed the activities of this cyber espionage unit which, according to Mandiant, had hacked 141 companies over a seven year period, targeting any intellectual property it could find.

During that time, Unit 61398 stole hundreds of terabytes of data, sometimes doing so over a period of years. Mandiant had put together a profile of this unit, which employs hundreds of staff with a range of technical and linguistic skills. It was even able to identify specific individuals within the unit and the work responsibilities each of them had.

The United States district court of Pennsylvania was also able to charge five members of this unit relating to the hacking of US companies.

Building a profile that identifies a particular hacking group involves looking at the source of attacks or figuring out the origin of the machines that operate as command and control. In the case of Mandiant’s analysis of Unit 61398, all of the attacks that it reviewed originated from Shanghai.

The analysis of identifying a specific “threat group” involves creating a “digital fingerprint” of the hackers and using that to distinguish one group from all the others. This process looks at the methods and tools the hackers use to get into systems, what information they choose to take and the care they exercise to disable alarms and remove any evidence.
Interesting read...
Sabre (Julian)
Image
92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
Top
Post Reply

Return to “Nerd Stuff”