Security Watch | Matt Hines » Russian hackers corrupt U.S. consulate site

September 13, 2007 | Comments: (0)

Russian hackers corrupt U.S. consulate site

TAGS: Security

Ah, lovely St. Petersburg, known for its art, architecture, culture, commerce… and cyber-thieves.

If close proximity to hackers and organized crime is to be considered as a contributing factor to having your site get owned -- which isn't always likely to be the case in this world of distributed attacks -- than IT workers at the office of the U.S. Consulate General in St. Petersburg shouldn't feel too badly that it happened to them, as embarrassing as it might be.

According to those ever-vigilant researchers over at Sophos, based on their examination of some cached Web page data, that's exactly what happened earlier this week.

In the incident that the AV company is reporting, which it identified as part of a larger campaign the hijack vulnerable Web servers based in Russia, hackers were able to load malware code onto the consulate site for an undetermined amount of time before someone discovered the problem and fixed it (to their credit).

Sophos reported that by scanning cached versions of the consulate's site, it found that cyber-criminals of some kind had planted a malicious program known as Mal/ObfJS-C on the site that then subsequently attempted to load additional malware from a remote server using the program.

The attack reportedly included an additional piece of malware script that attempted to exploit several Web browser vulnerabilities to install a Trojan horse program on the computers of site visitors that could potentially be used to steal data.

In total, more than 400 Web pages worldwide have been attacked in a similar fashion in only the last week, according to Sophos' estimates.

Sophos chief analyst/research guru Ron O'Brien noted that government agencies are coming under fire from malware attackers on a more frequent basis these days.

"Over the last few months we have seen a multitude of high profile organizations and government agencies come under attack by cyber-criminals; the frequency of these attacks is alarming and signifies that any organization, no matter the size or stature, is a target for hackers and malicious activity," he said in a research summary.

After hearing Xerox security mastermind David Drab's stories about his time working for the FBI in eastern Europe during the 1990s and the flood of hacking talent he saw move from the KGB and other former Soviet intelligence agencies into organized crime, it's not that surprising that the region has become a malware hotbed, but St. Petersburg, formerly Leningrad, is truly making a name for itself as a sort of capital for this type of activity.

Most notably the area has become known as the home of the ever-industrious Russian Business Network, a group of professional hackers who reportedly operate out of an office building in the city much like a legitimate company would.

RBN is believed to be the group behind the creation, or at least the rapid distribution, of the MPack malware development toolkit. MPack has become one of the most widely-used toolkits on the underground market, according to researchers, and has recently been linked to attacks on banking sites in India and the massive attack on over 10,000 Italian Web sites dubbed by analysts as the "Italian Job."

So, here's hoping that U.S. consulate workers can find a way to prevent such attacks from taking over their sites in the future. But, at the end of the day, the big story has to be that someone needs to stop RBN and the other St. Pete hacker gangs from taking over the world (wide Web).

Posted by Matt Hines on September 13, 2007 12:00 PM

RATE THIS ARTICLE: