Information Security News
Investigators said they have identified a secretive hacking group that has spent years systematically targeting US partners in the space and satellite industry, most likely on behalf of the Chinese military.
The group typically gains a foothold in sensitive networks by attaching booby-trapped documents to e-mails, according to a 62-page report published Monday by Crowdstrike, a firm that conducts forensic investigations on behalf of customers who have suffered security breaches. When employees click on the documents, the attackers are able to gain control over their PCs. The attackers then use the PCs to take control of servers housing blueprints, customer lists, or other sensitive data. The group, dubbed as Putter Panda, is connected to Unit 61486 of the People Liberation Army's (PLA's) Third General Staff Department, according to the report.
"Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of the US Defense and European satellite and aerospace industries," Crowdstrike researchers wrote. "The PLA ’s GSD Third Department is generally acknowledged to be China’s premier Signals Intelligence (SIGINT) collection and analysis agency, and the 12th Bureau Unit 61486, headquartered in Shanghai, supports China’s space surveillance network."
Two 14-year-old Canadians hacked a Bank of Montreal ATM after finding an operators manual online. The manual showed how to gain administrative control of the device, according to a media report published over the weekend.
When Matthew Hewlett and Caleb Turon tested the instructions against an ATM at a nearby supermarket, the ninth graders didn't expect them to work, The Winnipeg Sun reported Sunday. To their surprise, the machine quickly prompted them for a password. Even more surprising, their first guess—a six-character password that's common among default settings—let them in. The boys then reported their lunch-hour caper to bank employees, who at first thought the duo had merely acquired the PINs of an ATM customer.
"I said: 'No, no, no. We hacked your ATM. We got into the operator mode,'" Hewlett was quoted as saying. Then, the bank employees asked for proof.
Women in InfoSec: Building Bonds & New Solutions
As a woman working in InfoSec for over a decade and a half, I've had the pleasure of becoming good friends with a number of other women in the field. It has occurred to me over the years how similar many of our stories are, both in terms of what ...
A Multidisciplinary Approach to InfoSec
Imagine a cyber-attack that disables an electricity distribution center. What's the role of the U.S. military, government or the utility company in defending and retaliating? That's a question on the mind of Army Col. Gregory Conti. Conti is director ...