This might come as a shocker to most of us who believe that top notch government websites, who employ the best technical talents to develop and secure their data systems , are now under a hacker attack.

Well this was true for the bipartisan, foreign policy think tank-  the Council of Foreign Relations. Its website was under a Trojan attack, basically infecting the older version of IE, by  an unknown group of cyber criminals in the last week of December. The site was used as a bait for users with IE browsers to usher a "drive-by download" infection. Cyber security agencies like FireEye and AlienVault have come up with alternate conjectures to explain this cyber crime.

The FireEye spokespersons opine that the CFR site was "compromised on Dec 27th" but could have been infected at a much earlier date. The real motive of the cyber hacking group still remains unclear; whether it was to gain access to important classified information or target specific groups and VIP officials serving in the government departments.

The CFR was a ripe target specifically due to its illustrious member list. It includes prominent names like Robert Rubin, former Treasury Secretary and head of Goldman Sachs, U.S Secretaries-of-State Powell, Albright besides former predecessors like Henry Kissinger, George Shultz, James Baker, Hillary Clinton as well as Bill clinton and other corporate VIPs.

The Windows PCs running Internet Explorer versions 6, 7, 8 were specifically affected as the malicious codes generated a "heap spray attack against IE 8.0". Using a Adobe Flash file  to spearhead the pairing of such malicious codes with the pre-existing security appartus of the targeted system, hints at how vulnerable systems are in such a high-tech world.

This hack, being dubbed as a "watering-hole" attack by security experts, has once again zeroed-in the cloud of suspicion on Chinese hackers. What's unique about this kind of phishing is that cyber criminals use web browsers in particular rather than e-mails for infecting their target groups. An interesting tidbit by The Guardian reveals that most hacking activities originate from inside sources. 1 in every 4 US hacker is in fact an FBI informant. This breeds a culture of mistrust across departments , making them more vulnerable to outside attacks as well.

In the aftermath of this news coming into the open, Microsoft declared its plan-of-action to fix the vulnerability of its own browser- the Internet Explorer (IE).  As part of its official security advisory statement, Microsoft believes that "users whose accounts are configured to have fewer rights on the system could be less impacted than users who operate with admin user rights".

The Corporation's technical team was fast to identify the potential threat and has assured that the users need not reboot their systems as of now. As an alternative recommendation for Windows users who are unable to upgrade the new version of the browser, Microsoft suggested that they set their "intranet security-zone settings" on a HIGH mode so that atleast alerts come by regularly. As a temporary quick-fix move, users can also install the free Enhanced Mitigation Experience Toolkit.

Cyber security is going to be a top priority issue in 2013 not doubt. But the cyber fraternity has a long road to travel before it can counterpoise such moves completely.

To share your thoughts with us, leave a comment below. You can follow us on our Facebook Page, Twitter or subscribe to our RSS feeds for more updates.
Related Posts with Thumbnails

Post a Comment