Chinese hackers target smart cards to grab US defense data

By Lee Kaelin on January 16, 2012, 11:30 AM

In the latest blow to U.S. cybersecurity, hackers based in China have managed to infiltrate the supposedly secure smart card system used by U.S. Government employees, according to a report by AlienVault.

The security firm says it has confirmed dozens of attacks originating from servers in China, by an adapted strain of the malware Sykipot. It is reportedly capable of capturing the PIN codes used by the government smart cards, which can then be used to access secure information. "We recently discovered a variant of Sykipot with some new, interesting features that allow it to effectively hijack DOD and Windows smart cards. This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year," AlienVault said in a report of their findings on their website.

Government agencies generally use the smart card system as an extra layer of defense, as user passwords are generally quite easy to hack. It worked as well, until the Sykipot malware raised its ugly head and compromised what essentially is the government’s last physical line of defense of preventing unauthorized viewing of sensitive material contained on computers.

"Like we have shown with previous Sykipot attacks, the attackers use a spear phishing campaign to get their targets to open a PDF attachment which then deposits the Sykipot malware onto their machine," AlienVault said. "Then, unlike previous strains, the malware uses a keylogger to steal PINs for the cards. When a card is inserted into the reader, the malware then acts as the authenticated user and can access sensitive information. The malware is controlled by the attackers from the command & control center."

Sykipot has been around since 2007, is considered a high priority threat and until recently had been taking advantage of vulnerabilities in software such as Internet Explorer and Adobe Reader. Microsoft’s Excel spreadsheet has also been targeted by exploits based on the malware.

According to AlienVault though, this is the first time Sykipot has been used to specifically target smart cards. This particular new strain of the malware exclusively targets ActivIdentity, using the PKI (public key infrastructure) authentication method employed by the firm's smart cards, which are known for their compliance with U.S. government specifications.

It is not yet known what information has been compromised or taken by the hackers but since ActivIdentity was the intended target it is very clear the attacks were aimed at U.S. government and defense departments.

Image credit: NASA




User Comments: 8

Got something to say? Post a comment
Guest said:

Why won't the government just wisen up and force dual-factor authentication with a frequently changing pin (30 seconds?) and limit it to one authentication per pin, combined with a well thought out internal permissions and limit greatly the ability to grant permissions to people except to those with enough IT knowledge to not get virus's...

Side note, posting as an anon, it has asked me the same 'random question' 3 times in a row.

---agissi--- ---agissi---, TechSpot Paladin, said:

Once they're in they can access all of our computer based training material, which is most everything except hands on.

Win7Dev said:

This is why we should keep our sensitive data on paper in vaults

/sarcasm

Really, the US needs to take responsiblity and keep a tighter regulation on what employees can use their work computers for and what flash drives etc. can be plugged into them. I bought a few kensington usb docks for laptops and they can somehow bypass windows 7 and autorun the program that installs their driver. You just plug it in and bam! the driver gets installed off the flash memory in the dock. After it installed, it showed a cd was in drive e: in my computer. There was no real cd in, it was merely a u3-like technology aka a virtual cd drive. Autorun was disabled btw.

Guest said:

I'm a bit surprised they haven't switched to a dual factor authentication system with a pin that changes every 30 seconds or so, and have each pin - password key combination only usable once, combined with strict access permissions on every document. Then only give permission to change access permission to those with the knowledge of avoiding virus's.

hahahanoobs hahahanoobs said:

All these breaches tell me, is that the US does not care about your information. How many times has information not even been encrypted for example? Too many.

Guest said:

Posting on this site is higher security than government smart cards.

ephraim25 said:

Chine Really are Hackers..... They wanted to be the superior country..

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.