So the media has been popping with the usual allegations that the Chinese are spying on our government. Well, that is not something surprising at all. Every government that is a smart government would be doing the same thing. The information available in cyber space is to valuable not to.
What I did find surprising was the methods acclaimed to being used by the Chinese. I have been familiar with Trojans and RAT client to server hacking methods for a long time(10+ years). Often times in the past, I would experiment by infecting one of my home computers with a Trojan or RAT and see if I could access it remotely. It was always fun to have different anti-viruses installed to see if any of them would pick it up. What’s scary about this method is that its incredibly basic.
When an undetectable Trojan or RAT software gets introduced to one computer on a network, it is easy for it to spread to other hosts on the same network. The major problem with our government officials is that they are not tech savvy at all. The government issues them a laptop and provides them a stupid security training video that 90% of the staff will just repeatedly click next until its over.
Most of the time the infected computers aren’t going to be accessed while they are on the government network because network equipment would, or should pick up the traffic. Firewalls should be used to only allow certain traffic into the government network, but I question the amount of filtering being done for outbound traffic. If outbound traffic is allowed, then the infect machine could be sending data outbound at all times even while on the government network or any network really. Additionally, there are methods out there for reverse shell connectivity where the victim gets infected with a client file, and the attacker installs the server software on their machine. Then instead of the attacker connecting to the infected machine, the attacker machine is listening on a given port and the infected machine phones home to the attacker by connecting to them over that port.
Another problem is that its not uncommon for someone who works for the government to legitimately transfer files to and from the work network so security experts often overlook or miss things.
Other then infecting government officials issued laptops, attacks could hit server equipment, no? The government has powerful server equipment and some of it is public facing. I am interested in finding out more information on whether or not the Chinese government attempts to exploit outdated server software on our governments servers.
Here is a video I found by Mandiant who are security experts. They are demonstrating how the attacker uses different services and software to spy on a remote computer.