Global Hack Attack Hit 2,500 Corp and Gov’t Targets & May Be Ongoing, NetWitness Says
Posted Feb 18, 2010 2:00 PM CDT
By Martha Neil
In a claimed international hack attack that apparently dwarfs the recent alleged China-based intrusion into the computer systems at more than 20 companies, including Google, a coordinated operation based in China and Europe reportedly broke into some 75,000 computers in 196 countries over the past 18 months.
According to security consultant NetWitness, which discovered the breach while installing anti-cyber-attack software, the hackers broke into more than 100 corporate servers storing large quantities of business data and also infiltrated 10 United States government agency computers. The attackers used ZeuS spyware to control computers remotely, reports the Wall Street Journal.
More than 2,400 companies were hit in the ongoing global cyberattack, which has left the highest concentration of infected computers in Egypt, Mexico, Saudi Arabia, Turkey and the U.S. It appears that a variety of methods were used to gain access, including but not limited to stealing passwords and tricking users into clicking on contaminated e-mail, websites and even advertisements offering virus cleanup services, the newspaper reports. An employee of at least one unidentified company may have offered internal help and is being investigated.
The massive Kneber botnet, which takes its name from the username that links affected machines worldwide, has been gathering log-in information for online financial systems, Hotmail and Yahoo e-mail accounts, the Facebook social networking site, as well as other data including detailed identity information, reports Computerworld.
NetWitness has shared its findings with the FBI, which is following up on the allegations. Damage from the global cyber-attack is still being assessed.
"It highlights the weaknesses in cyber security right now," senior engineer Adam Meyers of SRA International Inc. told the Wall Street Journal, after reviewing the NetWitness data. "If you're a Fortune 500 company or a government agency or a home DSL user, you could be successfully victimized."
ABAJournal.com: "China Cyber-Attack May Have Targeted Law Firm & Other Companies, Too"
ABAJournal.com: "Google Seeks Help from Spy Agency on Hack Attacks, Raising Privacy Concerns"