Came across an interesting story about the halls of Congress being hacked in October 2006. Although no one knows or is saying, some speculate that the attack can be traced to the Chinese, who seem to get accused of hacking into a lot of government systems (worldwide). Of course, the Chinese officially deny these allegations.
Shane Harris of the National Journal reported the attack was initially discovered in one office, but cyber-investigators eventually traced it to eight members' offices, where one or more computers were infected. Besides this, seven committee offices, including the Commission on China, Ways and Means and the International Relations Committee were identified as having compromised computers in them. The International Relations Committee (now the Foreign Affairs Committee) had 25 infected computers and an infected server found in it.
The virus discovered was a trojan designed to allow malware (malicious software) to invade government machines and steal information. The investigation revealed that the trojan was probably downloaded by an employee, who clicked on a link in a spam e-mail. This method of dropping a virus on a computer is usually referred to as Phishing.
Phishing attacks are normally designed to steal personal and financial information, which is later used to commit financial crimes and identity theft. While most phishing attacks (from a historical perspective) have been financially motivated, we are now seeing more person/position-targeted attacks. This type of phishing is referred to as spear phishing or whaling. In April, there were reports of spear phishing attacks against corporate executives all over the country.
The unidentified hackers used a wide-array of attack methods and the malware was downloaded from random Internet addresses. It's suspected they were using other infected machines to launch the attacks, which makes the activity even harder to trace. In this latest instance, it makes sense; the intent was to steal confidential and sensitive information.
Article comments