Information security company Mandiant has published a report on the Advanced Persistent Threat (APT), a sophisticated and organized means to steal information from compromised computers in another country.
Although the APT is a generic concept that may refer to activity from any country, it is primarily linked to several years of systematic Chinese attacks on systems in the United States. The recent intrusion into Google’s systems is a prominent example.
The defence, financial, manufacturing and research sectors, both private and public, are the primary targets of APT activities. The APT is remarkably persevering and has significant resources at its disposal. It “hides in plain sight” by using inconspicuous, common network protocols. The malware used by the APT circumvents common safeguards, such as anti-virus software.
Classic “prevent and detect” techniques do not effectively counter the APT. They can easily defeat normal defenses. The enemy successfully evades anti-virus software, network intrusion detection and under-equipped incident responders. They use sophisticated techniques to conceal their presence: hiding malware on their target’s own hosts and exfiltrating data in its own network traffic.
The APT’s goals are twofold. Of course, they steal information to achieve economic, political and strategic advantage. But more importantly, they establish and maintain an occupying force in their target’s environment, a force they can call on at any time. When the APT wants additional data from a target, they don’t need to re-establish a presence. They simply call on their existing assets, locate, steal and exfiltrate the data they need.
— Mandiant
You can read Mandiant’s media release or proceed directly to request your copy of the report.
What do you think of the report or of this issue in general? Please post your comments!
7 Comments
I am pretty disgusted when it comes to how the internet isn’t regulated and filtered between countries.
I personally wish there was more which could be done about it.
This goes with smart phones as well. Nobody has the right to jack into another person’s cell phone and get away with it.
And nobody has the right to play God with another person’s life as if it were their own life to take.
That was a typo. I meant hack, not jack.
Typo 4th line down.
I meant hack, not jack.
While I’m at it, it would also be nice for cell phone companies to require phones which could only be utilized with batteries which are removable.
Hi Shelly,
Filtering by country would often come in handy. In fact, many email servers use geolocation blocking lists that try to map client IP addresses to countries.
However, the Internet Protocol itself has no notion of countries or geolocation, so filtering on the IP level would require a list of every IP network worldwide and their corresponding countries. In addition, many networks span multiple countries.
There is also the problem of botnets, Tor nodes and other ways to make traffic appear to originate from the country of choice.
The notion of ‘countries’ and nations in a physical sense is *so* last century! We’re all in a big melting pot. Global travel is the norm, not the exception. Even ‘mericans have been known to obtain passports and flee their shores in search of – whatever. And in cyberspace, even more so. Geographical position is essentially meaningless aside from a few milliseconds latency.
‘APT’ smacks of ‘WMD’ to me. It’s just another cynical attempt by one nation to discredit another, as a prelude to, well, let’s just see what transpires.
The very notion that “foreigners” are doing this sort of underhand political and economic espionage, while the home nation is entirely above board, is laughable.
Laugh all you want. The reality is that nobody (from any country) hasn’t been moving towards regulating the internet due to their selfish interests which have little to do with making this world a better place to live in.
Let me give an example so those laughing can perhaps comprehend the damage which can be done globally due to the internet not being filtered between countries.
The last presidency in America was won primarily due to campaign funds. It has nothing to do with wanting a democrat to win or a republican. It doesn’t even matter which puppet is giving the speech in front of the teleprompter.
All that matters is who has the money which feeds the campaign. If one has 50 million dollars available versus their competitor who only has 10 million dollars available, then who is going to win in the long run?
So where did most of the campaign dollars come from for the last election?
The internet, which coincidentally isn’t regulated.
So who really owns America now? Well there is no way of knowing if the internet isn’t filtered, now is there?
See, the problem with most people who do not want things regulated is their fear that someone else might control them or that they might not have to take responsibility for their own illegal activities or actions.
I was in the fire department for over 7 years and the first thing they teach you, in any emergency situation, is to always establish communication. Thus, to take out an enemy, all one has to do is manipulate perception and confuse a person by taking away their ability to communicate.
Does this mean a country should not be able to communicate within its own borders? Absolutely not.
But this so called “we’re all one” way of thinking is bullshit unless good people also want to be one with evil.
I personally don’t. Does that mean there aren’t evil things already happening within my own countries borders. Absolutely not. There is a lot of evil I’d love to see change.
However, it would be nice to have the evil in a smaller designated area then to keep continuing on such a massive scale.
I don’t know. I guess I’d just like to think maybe my vote will count one day in America again instead of it being bought by the highest foreign bidder.
I’ve asked microsoft livemail repeatedly to filter incoming email by “language”. that would get rid of about all of my spam email that is getting through. all rich media email is unicode anyway.
you wouldn’t need to parse much of the msg to drop it into filter folder or delete box.
I basically said, people talk to people around them. so if its english, french, spanish, german etc. why do we want email from asia pacific or nigeria in the from field or the subject line.
- they just said it was unsupported. seems like a dumb idea to me since its pretty easy to implement and gives people the power to clean up the spam.
Post a Comment