Microsoft uncover cybercrime group hacking on their production lines
Cybercriminals are now looking to take their exploits to the next level as recent studies undertaken at PC manufacturers in China uncovered dangerous viruses and malware had been placed in the technology of several computer devices whilst they were still being processed on the production line, with the studies showing that today’s cybercriminals are looking to infiltrate the companies and their software that they look to corrupt before respective customers even purchase any hardware.
Reports on this come after a study conducted by Microsoft’s digital crimes unit recently found that viruses and malware were being installed onto their computers from their factories in China, which has the potential to expose a massive failing in the security of Microsoft’s supply chains.
The study was conducted by Microsoft themselves, after winning permission in US Court to undertake an operation to hijack a network of computers froma seris of different PC makers in cities in China, which included a batch of 40 computers (20 PC’s, 10 Dektops and 10 Laptops). Subsequently, they found that four of the computers had been infected with malicious software and a virus simply known as ‘Nitol’, a devious and extremely dangerous virus that steals personal information off the hard drive to help criminals access and plunder victim’s bank accounts. The legal report filed by Microsoft to a US Court over the operation, outlined both the objectives and findings of their study. Section 14 on page 4 stated that: – “This case began as a study into whether criminal organizations were exploiting the unsecure supply chain associated with the sale and distribution of counterfeit version of Microsoft operating system software. Ultimately, however, Microsoft’s investigation led to a major hub of illegal activity on the Internet causing great harm to customers around the globe. Microsoft now has the opportunity to severely disrupt that illegal activity”.
According to microsoft, as soon as any of the four infected computers were turned on, the virus would attempt to contat the computer’s command and control syste, and therefore gain complete access to any stored and secret personal information the device was holding.
‘Operation b70’ found a total of four viruses on the computers they bought, and several hundred different types of malware also embedded in their systems. The report detailed that the virus ‘Nitol’, and it’s processes: – “include distribution and support for malware that can secretly record every keystroke a person makes at his or her keyboard: remotely steal passwords, financial data, and banking credentials; generate waves of spam; launch crippling attacks on other computers connected to the internet; even surreptitiously turn on a computer’s video camera and audio functions without the owner’s knowledge”.
Richard Boskovich, a lawyer for the Microsoft digital crimes unit, highlighted the danger behind the ‘Nitol’ virus, and it’s capability to quite literally have ‘eyes and ears’ on the victims of any of those who owned a computer that contained the virus. “We found malware capable of remotely turning on infected computer’s microphone and video camera, potentially giving a cybercriminal eyes into a victim’s home or business” he said.
Microsoft also managed to track down the group thought to be behind the hacking at their factories, a web domain known as 3322.org. The domain has been on record as being involved in global cybercrime since 2008, however, owner and known registrant of the domain Peng Yong, says that he was completely unaware of any malicious and illegal activity on his domain, and also unaware of the investigation by Microsoft. When questioned on the matter, Yong said: – “Our policy unequivocally opposes the use of any of our domains for malicious purposes”.
The domain has since been seized by Microsoft after permission for them to do so was granted following their complaint to a US Court, and after extensive investigations of the domain, found 70,000 further sub-domains that also looked to spread the virus, and a further 500 strains of different types of malware that they believe were also destined to be installed onto devices in their factories.
After hearing this information, Mr Yong said that he also could not rule out that the other domains and sub-domains connected with 3322.org could be being used for malicious use and illegal activities. “We currently have 2.85million domain names and cannot exclude that individual users might be using domain names for malicious purposes”.
In what has been a significant breakthrough by Microsoft into the ever evolving world of cybercrime, this could see a major turning point and a statement of Microsoft’s intentions to crack down on such illegal activity, and indeed send a message to other software companies that today’s legal firms are willing to allow the lawyers of such companies to delve into and compromise cybercrime, which is constantly evolving to outwit the similarly evolving security that the likes of Microsoft are creating. However, despite such a success for Microsoft over taking control of a ‘major hub of illegal activity’, it cannot be excused that flaws in Microsoft supply chains allowed hackers to get their hands on Microsoft software, and that further measures should be taken to make sure that their technology cannot be compromised again in the future.
By: Robert Pritchard
Information sourced from the following links: