Feeds

back to article French gov infiltrated by data-hungry spear phishers

At least 150 computers used by the French government were breached after hackers used highly targeted spear-phishing emails to plant malware that monitored the machines for weeks before being discovered, according to published media reports. The attack, which commenced late last year, allowed the hackers to monitor official …

COMMENTS

This topic is closed for new posts.
Silver badge
Linux

Good news for the phishersmen...

After enjoying a good French expedition, they can look forward to a good haul from the German foreign office as they move from Linux to back to Windows XP.

On a more serious note, are we actually going to be told what tricks they used to compromise the PCs?

Tux, as even she/he would have suggested they get Macs instead.

5
1
Anonymous Coward

Thanks for your contibution to the "anti MS message of the day"

Yeah, because:

Windows = full of holes like a Swiss cheese, no matter what version you use, if you keep it updated, and if you have a firewall/antivirus. You're doomed!

Linux/Mac = absolutely bullet proof, no holes whatsoever, secure as a match with the red bit chopped off, no matter if you DON'T have a firewall/antivirus running. Nothing can ever happen to you! EVER!

Your message will be archived with the others, given the 1 yottabyte hard drive is not full up already.

2
6
Anonymous Coward

title?

Please don't fall into the my OS is better trap.

Looking at the description of how the attack took place (in French http://www.zdnet.fr/actualites/attaque-informatique-de-bercy-le-cheval-de-troie-etait-loge-dans-un-pdf-39758813.htm), they could have been running OpenVMS and still got infected.

Maybe 150 clients would not have been infected but we don't know if the payload even contained a viral replication scheme. It might have been all customized for 150 individual targets.

1
2
Silver badge
Linux

@Thanks for your contibution

Always willing to oblige :)

But seriously, you have a gov/company policy that dictates you use the most hacked software of all time, then you find it gets hacked. Quelle surprise?

And yes, I read a basic translation of the ZNet.fr article and it looks like the common attack of poisoned .pdf document that is able to gain root privileges, something that is sadly common in the w2k/XP world due to MS' weaknesses and Adobe's even worse security.

Given that such targeted attacks use common techniques, but with a custom payload (hence not in the signature file), most AV won't deal with it.

But back to your rather black and white analysis of my comment, please answer why it is that Windows as such a long and inglorious record of being breached in this way? Hint: It is not simply popularity, as Linux is a high value target in the server world.

I don't believe that Linux/Mac are bullet proof, and no OS is able to stop a Trojan that the user has privileges to install, but they have proven over time to be much more robust in this respect. Google, for example, has moved to Macs in the aftermath of the Aurora attacks, do you think they are simply naive?

1
0
Gates Horns

what they used to compromise the PCs

> are we actually going to be told what tricks they used to compromise the PCs?, Paul Crawford

They sent them an attachment in an email, or sent them a URL that pointed to an exploit that only runs on the Microsoft Internet Explorer ..

Microsoft: the company that made email dangerous ...

1
0
Linux

they could have been running OpenVMS?

> Looking at the description of how the attack took place .. they could have been running OpenVMS and still got infected, said Anonymous Coward

I don't think so, with a little help from BabelFish, I managed to translate this bit.

"The computer attack against PCs of the civil service at the ministry for Finances that accessed documents relating to the G20 economic group, was launched via a Trojan horse placed in a file pdf"

A relevent question to ask is, what is it about this particular OS that allows embedded code in a DATA document to be executed on the 'computer' in question.

1
1
Silver badge

"running OpenVMS and still got infected."

Nonsense.

To quote from your ref.

"The Trojans came via a PDF attachment in an e-mail."

It was a PDF in an email. I don't know about OpenVMS biut the Linuxes I run wouldn't have got infected AND I doubt if OpenVMS would either

0
0
Anonymous Coward

@AC 0945

This is arrogant rubbish. It was a pdf based trojan. Unless you were using a susceptible system ( i.e.Acrobat/Windows) it would be unlikely to be any kind of problem.

0
0
Anonymous Coward

From your own ref.

"The department's computers are standard PCs with antivirus,"

So that would be WIndows then.

0
0
Anonymous Coward

Care to explain how anything other than Windows PCs

would be susceptible ?

0
0
Megaphone

Questions for the IT security department of French government

How can they explain now the hefty budgets spent on security software/hardware ? How comes that for several weeks nobody noticed something suspect ? Was anyone actually reading logs and watching IDS sensors or were they all asleep ? [Shouting]How comes regular users were allowed to install backdoors directly from the mail attachments[/Shouting]

Policies, anyone ? How about hiring some competent people ?

Of course, the same goes for Canadian government.

@Mr. Dan Goodin : Is it that difficult to mention at least once in your article we're talking about Windows PC here ? I see a trend of speaking of this kind of failures as happening irrespective of the platform someone uses and this in my opinion induces complacency.

4
0
Anonymous Coward

title?

Maybe the article doesn't mention Windows PC simply because it's not common knowledge.

You seem so certain that it's the case that you must have a credible source confirming it.

Care to share them with us?

1
1
WTF?

Adobe is to blame?

> it looks like the common attack of poisoned .pdf document that is able to gain root privileges, something that is sadly common in the w2k/XP world due to MS' weaknesses and Adobe's even worse security, Paul Crawford

What business is it of a document formating company, to secure the underlying OS. And that doesn't represent any deliberate vulnerability exploits any third party might introduce.

"Portable Document Format (PDF) is an open standard for document exchange. The file format created by Adobe Systems in 1993 is used for representing documents in a manner independent of the application software, hardware, and operating system"

http://en.wikipedia.org/wiki/Portable_Document_Format

0
1
Silver badge

@Adobe is to blame

You are right that a document reader (or web browser, email client, etc) should NOT run with any privileges that could allow system-wide code injection, but that is not to say that it *wont* in all cases.

Why, for example, is IE6-8 not separable from w2k/XP, and updates to it generally require a system reboot?

However, there is also the question of a crap document reader being capable of running bad code that could be used in conjunction with OS vulnerabilities to penetrate the system.

In the case of Adobe, it in a combination of crap software (an endless stream of issues, and multi-week delays in patching, that make MS look the golden boy in comparison), a flaky updater (though it is possible they had this centrally managed in a competent manner), and finally some incredibly dumb features such as executing a program from the document! WTF!

http://www.theregister.co.uk/2010/03/31/pdf_insecurity/

So while the OS should be up to the job of protecting against injection, you can start by dealing with open gateways to code execution in the first place.

Remember, in a case like this (wanting to steal valuable documents) simply compromising the user's account is often enough to get the documents. You don't actually need system-wide root access, though of course that makes the black hat's day if they achieve it.

0
0
Grenade

But the big question is

Any reason a PDF viewer should be given the ability to launch embedded machine code when all it's supposed to do is allow people to read static documents?

1
0
This topic is closed for new posts.