Government Agencies Among Those Hacked in Massive January Botnet Attack

More than 75,000 computer systems in at least 2,400 corporations and governments affected worldwide.

by / February 22, 2010
Previous Next

A massive cyber-attack has compromised the information of roughly 75,000 computer systems in at least 2,400 corporations and governments around the world, according to a U.S. security firm.

The Washington Post reported on Feb. 18, that NetWitness, based in Virginia, has found that the Kneber bot is responsible for an infiltration that began in 2008 but was discovered just this past month, almost two years after it was supposed to have begun. Targeted data includes e-mails, credit card transactions and log-in credentials. Kneber is being deemed a botnet, a computer program created by a Trojan designed to infiltrate computers and wreak havoc.

"Botnets themselves aren't new," said Michael Maloof, CTO of TriGeo Network Security. "Most of the spam on the Internet is driven by millions of compromised PCs, but I think what is relatively new is that the botnet herders seem to be targeting high-value corporations and certainly high-value government institutions."

Amit Yoran, CEO of NetWitness, told The Wall Street Journal that Eastern European criminals originated the attack by using computers in China. Neither the Journal nor the Post claims that it had anything to do with government powers in those countries.

"The technology itself is not a big deal, but the risk is," Maloof said. "And I think anyone who's not taking the risk seriously really needs to wake up and smell the coffee here. This falls into this category, really, [of] an advanced persistent threat. There are highly organized individuals out there who have access to sophisticated technology,"

Ten government agencies in the United States were victims in the attack, but the vast majority of those targeted were from the private-sector health and technology areas. Unfortunately neither the public- nor private-sector organizations were able to protect themselves from the breach, perhaps suggesting that the IT community as a whole needs to be more diligent in security.

Jeff Nigriny, president of CertiPath, suggested that IT security professionals need to be as competent in protecting computers systems as doctors and scientists are in protecting the biological world.

"I don't think you would ever see a report in the medical community about one system in the human body shutting down after another," he said. "We have doctors who are trained to find the route cause, whether it's cancer, radiation poisoning or a blood disorder, whatever."


Hilton Collins

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.