Академический Документы
Профессиональный Документы
Культура Документы
Text-only version
About Us
Visit our Webshop
Blog Home
IT Governance
Business Continuity
PCI DSS
Cyber Security
Data Protection
IT Best Practice
Other Blogs
http://webcache.googleusercontent.com/search?q=cache:2K6zGhSpoQkJ:www.itgovernance.eu/blog/european-cyber-espionage-went-undetected-for-13-years/
1/9
11/19/2014
http://webcache.googleusercontent.com/search?q=cache:2K6zGhSpoQkJ:www.itgovernance.eu/blog/european-cyber-espionage-went-undetected-for-13-years/
2/9
11/19/2014
Israeli cyber security firm CYBERTINEL announced in a press release that it was responsible
for discovering the Harkonnen Operation. The criminals attacked government servers,
banks, and large corporations in Germany, Switzerland, and Austria, using over 800 phoney
front companies all with the same IP address and deploying unique malware to siphon
secret and sensitive data off the servers. The name Harkonnen is likely to refer to the
villains of the cult science fiction novel Dune, by Frank Herbert. In the story, Baron Vladimir
Harkonnen declares that He who controls the spice, controls the universe.
Exfiltrated data thought to have been extracted over long periods.
The Harkonnen Operation was initiated using a spear phishing attack to install two Trojans,
which had been created in Germany. Once embedded in the system, the malware identified
and copied data from the target computer, which was then sent on to an external domain.
The domain that CYBERTINEL traced the information to was registered to a UK company,
which happened to share its exact address and contact details with 833 other companies.
The majority of these other companies had already been dissolved.
These front companies acquired hundreds of domain names, IP addresses and wildcard
certificates at an estimated expense of $150,000 in order to camouflage fraudulent activity
as a function of legitimate services. The stolen data was collected on servers hosted by these
domains.
This scam has been going for more than a decade, since 2002. CYBERTINEL CEO Kobi BenNaim said, It had all the trappings of a coordinated, methodical attack by a large, wealthy,
and cyber-savvy organization perhaps a government. But Ben-Naim said he wouldnt
necessarily go that far: I prefer not to speculate on whether we are talking about a
government program. If anything, it feels to me more like an organized crime operation.
Worryingly, it would seem that Internet regulators in the UK thought of by many
international corporations as a relatively safe haven for Internet businesses did not notice
that over 800 shell companies shared the same IP addresses and contact information. This
was not necessarily the most sophisticated attack, because there were so many clues that
something unusual was going on, said Ben-Naim. I think it would be legitimate to ask
some questions about the process involved here.
Read more at: Israeli firm busts 13-year-long Europe hack attack | The Times of
Israel http://www.timesofisrael.com/israeli-firm-busts-13-year-long-europehack-attack/#ixzz3DV5PqBo2
The mechanism used to deliver the malware was unsigned, meaning that it had not been
identified by antivirus experts.
The network exploited the UKs relatively tolerant requirements for purchasing SSL security
http://webcache.googleusercontent.com/search?q=cache:2K6zGhSpoQkJ:www.itgovernance.eu/blog/european-cyber-espionage-went-undetected-for-13-years/
3/9
11/19/2014
certificates, and established British front companies so they could emulate legitimate web
services, said Jonathan Gad, chief executive of distributor Elite Cyber Solutions,
CYBERTINELs UK partner. The German attackers behind the network then had total control
over the targeted computers and were able to carry out their espionage undisturbed for
many years. He added, At this point, we are aware of the extent of the network, but the
damage to the organisations who have been victims in terms of loss of valuable data, income
or the exposure of information related to employees and customers is immeasurable.
[Source: The Hacker News: 16th September 2014]
IT Governance will report further on this important European hacking story in the coming
days, including comments from affected organisations.
In the meantime, CISOs and information security officers should take note of the IP
addresses used to infect target organisations/computers and to collect the stolen documents
and data see below:
IP addresses and URLs used in Harkonnen Operation
Domain names
IP addresses
64-bit.to64-
82.98.97.176
up.toadcall.deawsmazon.comcastellinews.it 82.98.97.19182.98.97.192/28212.19.32.0
212.19.32.15212.19.36.192/27
dongtaiwang.com
download-web-shield.com
ebayrt.com
feeds.to
goal.to
googlesyntication.com
howto.to
hunter.to
http://webcache.googleusercontent.com/search?q=cache:2K6zGhSpoQkJ:www.itgovernance.eu/blog/european-cyber-espionage-went-undetected-for-13-years/
4/9
11/19/2014
linktrackingnet.com
linkvista.de
maps-24.to
public-load.com
score.to
setup.to
stopp.to
thats.to
tradesdoubler.com
trans.to
trends.to
tweetprocesor.com
uses.to
vill.to
vree.to
win-64.to
zanox-afiliate.com
*.srv.gutscheinfilter.de
http://webcache.googleusercontent.com/search?q=cache:2K6zGhSpoQkJ:www.itgovernance.eu/blog/european-cyber-espionage-went-undetected-for-13-years/
5/9
11/19/2014
*.srv.ns-lookups.com
Source: http://CYBERTINEL.com/wp-content/uploads/2014/09/Appendix-1-HAZARDOUS-IPAND-URL-%E2%80%93-HARKONNEN-OPERATION.pdf
The attack shows how one small phishing scam that places malware on only one of an
organisations machines has been able to infect literally hundreds of organisations.
How far have the hackers already penetrated European national security?
That the scammers invested over $150,000 to make its UK businesses appear legitimate
would suggest a determined and sustained attack that is likely to be the work of an
organised criminal gang. Such a group is likely to have hired some of the best talent
available, as the length of time it took to detect the malware points to a detailed
understanding of security measures that corporations and governments routinely deploy to
detect similar intrusions.
More on this story to follow. Bookmark this page and follow us on Twitter.
IT Governance have recently released an infographic titled: Fighting cyber crime in the UK.
This infographic gathers the latest facts and figures on cyber crime in the UK, and offers
suitable solutions to fight back.
#
We can help you to implement effective cyber security procedures and controls using
ISO27001.
ISO27001 is the international information security management best-practice standard that
will help you protect your information assets, comply with local requirements
and thrive as you give your customers confidence that their information is protected.
Find out more about ISO27001 and our packaged solutions to help you implement the
Standard at a speed and budget appropriate to you.
http://www.itgovernance.eu/t-iso27001-solutions.aspx
Put your detailed questions to our consultants and learn from the experts:
http://webcache.googleusercontent.com/search?q=cache:2K6zGhSpoQkJ:www.itgovernance.eu/blog/european-cyber-espionage-went-undetected-for-13-years/
6/9
11/19/2014
100
Shares
17
20
63
Email *
http://webcache.googleusercontent.com/search?q=cache:2K6zGhSpoQkJ:www.itgovernance.eu/blog/european-cyber-espionage-went-undetected-for-13-years/
7/9
11/19/2014
SUBSCRIBE
SEARCH
Search this website
JOIN US ON TWITTER
Tweets
Follow
IT Governance
@ITGovernance
1h
1h
Tweet to @ITGovernance
ARCHIVES
Select Month
TAGS
APT Business Continuity
COBIT
Cloud Computing
http://webcache.googleusercontent.com/search?q=cache:2K6zGhSpoQkJ:www.itgovernance.eu/blog/european-cyber-espionage-went-undetected-for-13-years/
8/9
11/19/2014
Cyber Security
CyberTerror
CyberWar
Protection Act
data breach
Data
Data Security
ISMS
ITSM
vulnerability
http://webcache.googleusercontent.com/search?q=cache:2K6zGhSpoQkJ:www.itgovernance.eu/blog/european-cyber-espionage-went-undetected-for-13-years/
9/9