Handheld scanners are installed with sophisticated malware by China-based threat actors in order to target shipping and logistics organizations all over the world says the security firm TrapX (report 15 MB PDF).
The attack begins at a Chinese company that provides hardware and software for handheld scanners used by shipping and logistics firms worldwide to inventory items they handle. The manufacturer installs the malware on the embedded Microsoft Windows XP devices.
Experts determined that the threat group target servers that stores corporate financial data, customer data and other sensitive information. A second payload downloaded by the malware then establishes a sophisticated C&C on the company's finance servers, enabling the attackers to exfiltrate the information they're after.
The malware used by the Zombie Zero attackers is highly sophisticated and polymorphic, the researchers said. One observed attack revealed that 16 of the 48 scanners used by the victim were infected, and the malware managed to penetrate the targeted organization's defenses and gain access to servers on the corporate network.
Interestingly, the C&C is located at the Lanxiang Vocational School, an educational institution said to be involved in the Operation Aurora attacks against Google, and is physically located one block away from the scanner manufacturer, TrapX said. Another possible attack vector is of course the labels with printed binary data. Compartmentalized networks and a strict API enforcement gateway may be ways to combat threats like these.
(Score: 2, Insightful) by Horse With Stripes on Saturday July 12 2014, @09:45PM
Well, we all knew this type of thing was possible and was happening in the real world. The fact that Lanxiang Vocational School is working closely (literally and figuratively) with the manufacturer (or is it visa versa?) pretty much indicates that this is a State sponsored effort.
Before we go down the "OMG, Windows XP!" path let us not forget that the requirements for these types of devices hasn't changed in a long time so embedded XP isn't unexpected. There are plenty of Linux based options, but how many of those are not made in China?
The fact is that State sponsored international corporate espionage has been going on for a long, long time. Yes, China seems to be caught red handed here, but I'm betting that more than one TLA does similar things (though probably via different attack vectors).
This is war folks. A slow descent into indirect confrontations, and planting as many 'sleepers' as the landscape will tolerate.
(Score: 2) by c0lo on Saturday July 12 2014, @10:02PM
Conjectural "demonstration" - on the line of "Be afraid, be very afraid!". Why should I?
Why you consider China such supermen? Why, in their case, Hanlon's razor suddenly cease to apply?
This wouldn't be a first [h-online.com]
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by Horse With Stripes on Saturday July 12 2014, @11:44PM
Who said they were "supermen"? I'm pretty sure I said that the US is doing it too. In this case it is China (manufacturer and C&C). Malware == Malice. Now, if you think that China is being made a patsy for this I'll go get my deed to the Brooklyn Bridge.
(Score: 3, Informative) by kaszz on Saturday July 12 2014, @10:57PM
One can choose different organized listen-and-interfere agency whether it's Russia, China or USA. But the point with a free operating system like NetBSD-OpenBSD-DragonFly-FreeBSD is that you can audit both operating system and drivers (unless binary blob). So you firmware may be compromised. But you can check the source for should-it-do-this and how-does-it execute this?
(Score: 1) by Horse With Stripes on Saturday July 12 2014, @11:48PM
Absolutely. But you can't really audit the manufacturer's application binary (which is where this little prize is probably residing).
(Score: 4, Interesting) by Hairyfeet on Sunday July 13 2014, @12:04AM
Actually the number of RTOS (many based on Linux) that we have seen targeted in recent years, such as the Iran nuclear center hacks, shows that when you are dealing with state actors the OS? Not really an issue either way. We are talking about a government with billions in resources that is targeting a specif device/s so it is really trivial to hire people with the right expertise to target this or that OS.
The key thing to keep in mind here, and I can't fucking believe I'm actually agreeing with former governor Mike Huckabee on this one as he was a REALLY shitty leader, is that you are basing an increasing number of vital systems on products made by a country whose government has some pretty severe ideological differences with ours. This is only gonna get worse as more and more corps outsource tech that is vital to our functioning as a nation so we REALLY need to be bringing more of this back on our own soil.
But sadly as long as "the free market is king!" is the mantra it will be beyond easy for China to capture the manufacture of any vital components by simply making them at cost or even at a loss, imagine getting all our telecommunications switches and routers from the USSR during the cold war because Moscow will let us have 'em at a third the cost anywhere else.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 1) by Horse With Stripes on Sunday July 13 2014, @01:39AM
Amen.
(Score: 3, Informative) by Hairyfeet on Sunday July 13 2014, @11:23PM
Thanks. And for those that need proof that Linux can and does get malware? Here is how to write a Linux virus in 5 easy steps [geekzone.co.nz] and please not that it uses social engineering THE SAME ATTACK VECTOR that the majority of Windows bugs use. See security tool, av 20xx, etc, all use social engineering to get past the defenses since ALL of the major OSes are now hardened so well that the weakest link is...drumroll...PEBKAC.
For those that want specific examples, look up the KDELook screensaver bug, the Quake 3 infected MP (which was in at least one major repo for over a year, showing repos don't magically protect you) and do I even need to mention Heartbleed or any of the other nasties one can find with just 3 minutes on Secunia?
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2, Funny) by Skwearl on Sunday July 13 2014, @02:14AM
Good lord, where did you learn to write english, the projects?
(Score: 0) by Anonymous Coward on Sunday July 13 2014, @07:35PM
RTOS (many based on Linux)
Off-topic
that we have seen targeted in recent years
Citation needed
...or did you mean that UNSUCCESSFUL attempts have been made.
Citation still needed
such as the Iran nuclear center hacks
The target of Stuxnet was WINDOZE .
The lameoids at Siemens only wrote the programming app for their PLCs to run under Redmond's easily-infected OS.
Anyone who has a passing acquaintance with the OS made of eggshells and swiss cheese could guess what would happen next.
...and those Siemens Programmable Logic Controllers did not run Linux.
Those systems were running proprietary code as well.
(That task-specific code is considerably less complex than Linux.)
Your dishonest attempt to distort the truth and smear Linux (yet again) is quite transparent and very shameful.
The fact that you didn't mention that it was Windoze that got infected is also typical of your fanboyism and dishonest nature.
-- gewg_
(Score: 1) by anubi on Monday July 14 2014, @02:01AM
I will throw in my two cent's worth and shill for Micrium [micrium.com] again...
( No, I don't get paid to talk about their stuff on the net. I have some of their stuff and like the way they do business. )
I absolutely love picking on them in forums like this because they actually publish their source code in a book for all to see.
Sure, they license their code if you want to build it into your stuff. Or if you want, get NetBurner's modules and they come pre-loaded with licensed uCOS out of the box. I think of NetBurners like a really high powered Arduino, however the Raspberry PI is in the same league as far as I am concerned.
For me, licensing is not the issue. I do not mind buying a good tool. Its ignorance, enforced by Copyright Law and our Clueless Congress, that forces me to make all sorts of poor decisions when I have no idea what's "under the hood" and I am supposed to make a decision based on "sales-talk", which we all know is more like playing poker than engineering. I feel extremely uncomfortable signing off on stuff under my name based on hear-say. I want to know for myself exactly what I am vouching for.
From what I see, we are becoming a nation of ignoramuses being denied knowledge in depth of stuff in order to protect the business model of those privy to such information. This is the same thing that upset the "holy men" so much when Gutenberg printed the Bible. Once people could see for themselves, the great mystery of the man who throws lightning bolts at sinners is revealed, and a lot of men counting on conning a good life out of the superstition of others had to find a more productive line of work.
I am far from being a "know-it-all", rather I am far more of a "seen-more-crap-than-I-want-to-see" sort. I have seen the kind of attack vectors and am very disgusted others don't get pissed off enough to put a stop to it. RIAA got pissed off enough to have Congress pass what they wanted, but so far we, as a public, haven't got pissed enough at all these "protections" put forth to demand that along with the "protections" come the responsibility to do it right, as well as full liability for anything kept secret. ( If there is radium in the "secret sauce", and radium has been found to kill people, then just because it is secret does not relieve the company from liability for the use of radium in the sauce. ) However a paid and lobbied Congressman may not see it that way.
I am willing to go along with mistakes as long as they were all out in the open all along - but simply nobody saw the hole in the logic... but when all this secrecy and law are involved, then I have no counter to the concept that conspiracies are involved. Then I lose trust in both the vendors and the Congress that are in cahoots with them.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]