Chinese hackers outed themselves by logging into their personal Facebook accounts

Mandiant, the U.S. firm contracted to investigate cyber-attacks against U.S. corporations, says it was able to track an extensive hacking campaign back to the Chinese military in part by exploiting China’s own web restrictions.

China’s “Great Firewall” blocks web access to, among other things, Facebook and Twitter. People in China can get around the firewall, and very web-savvy Chinese often do, by using something called VPNs, or Very Private Networks. But Chinese hackers already have access to what is presumably an extremely sophisticated VPN: the very servers they use for their foreign hacking.

This where the hackers may have gotten themselves into trouble. To be totally safe, a Chinese hacker would log out of the servers used for cyber-espionage (and allegedly sponsored by the Chinese military) before logging into a separate, more low-key VPN that he or she could use to access U.S.-based social media sites like Facebook and Twitter.

Instead of following that procedure, according to Mandiant, some of the hackers got lazy. “The easiest way for them to log into Facebook and Twitter is directly from their attack infrastructure,” the company’s report explains. “Once noticed, this is an effective way to discover their real identities.” When the hacker uses the “attack” servers to log in to Twitter or Facebook, he or she unintentionally links the espionage servers with specific Facebook and Twitter accounts – in other words, with specific human beings.

Mandiant traced two hackers, which used the handles DOTA and UglyGorilla, all across the web using datapoints like this. The investigation also looked at, among other things, a cell phone number that one of the hackers used to register a Google e-mail account (yes, he used two-step verification for extra security) and that provided data on the hacker’s location.

National Journal’s Brian Fung makes a great point. He writes, “It’s no small irony the everyday shortcuts users take, and which subsequently open them up to hackers like DOTA and UglyGorilla, are the same traps that the two hackers fell into.” It really is the wild West out there.

Source : washingtonpost[dot]com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s