Read his account of it here. The FBI may be interested in this, since an effort this sophisticated raises the very real possibility of a state-sponsored hack.
Curtis, you have arrived.
If anyone has any recommendations for how to detect and protect against this kind of attack, I’d be interested in hearing what they are.
10 Comments
Front Line Defenders provide this manual and these digital-security-in-a-box tools for Human Rights defenders, which may possibly be of some use.
0
0
I suggest that if you are worried about an attack then there’s pretty much two principles that will stop a potential attacker in their tracks.
First is using Linux. Its a lot harder to crack that normal and most vulnerabilities that exist are in Windows or are for Windows programs (for example the Adobe Reader exploit Curtis was attacked with. Additionally security for a lot of Linux distributions is not just an afterthought, but a prime concern, updating to fix holes within hours of them coming known. Microsoft is known for leaving discovered bugs unpatched for long periods of time.
Second, virtualize everything. Creating a virtual machine is exactly that, creating a machine that unique to all attackers. A good idea on howto utilize these would be to categorize information into levels of sensitivity, and have different virtual machines for storing different levels of data. For example, if someone cracked your nonsensitive virtual machine (say by sending you an infected email) they would only have access to your nonsensitive data. Your sensitive stuff would be safe somewhere.
Oh, and a few general security tips too. Use a different password for everything. If you have anything sensitive at all: encrypt it. Treat laptops as already being compromised, and if you need to store data on them encrypt it, and then bring your laptop with you everywhere, or alternatively do something like lock it in a safe. Regard any data you send across a network you don’t control (hotel network, wifi) as essentially being public (or use something like an encrypted VPN). If you use wifi at home make sure its a network encrypted with WPA (not WEP, as that’s easily broken).
There’s probably a lot more, but that’s probably a beginning of good list of best practises for security.
0
0
I certainly second the point about Linux. I’ve been using Ubuntu ever since my 80€ Norton antivirus failed miserably to prevent a virus from making a complete mess of my Windows XP for about a fortnight, and I find it a very smooth and user-friendly OS.
0
0
To start getting a handle on all this security stuff, I highly recommend at least once a week checking in at the Krebs On Security blog – http://www.krebsonsecurity.com/ — if pinched for time, just look at the Time to Patch category. Brian Krebs used to write for the W. Post until late last year, now I think he’s struck out on his own. I’ve learned a lot from this guy over the last year or two since I discovered him.
The #1 exploit recently has been Adobe Acrobat. What I didn’t realize until recently was that this software isn’t required to open PDF files. So I just uninstalled Adobe Reader from my machine a few weeks ago. I tried a couple different programs as replacements, finally settling on STDU Viewer – http://stdutility.com. (Many recommend FoxIt, but it seemed kind of weird, though I never actually tried it.) STDU Viewer is MUCH smaller, loads faster, and does the simple stuff I need, like allowing me to copy text and print files (haven’t used it much yet, but printing may be slower).
For Windows users, don’t surf the web while logged in as an administrator. 90%+ of what we do does not require that level of permission, but if we do manage to run some bad code while computing, having given that extra permission can allow the damage to be much worse. Create a new account that is a regular user and use that for normal use.
Also, as you likely have heard, don’t use IE — not necessarily because it’s “bad”, but just because it has the biggest chunk of the market, it is the #1 target of hackers.
——
Now have gone and read Curtis’ post. I remember reading about this scam during the initial coverage when Google announced a couple months ago they (and human rights groups) had been the target of sustained attacks. The scam against the rights groups was to impersonate someone who would seem legitimate to the victim, based on orgs or people they would be inclined to know or trust in their field. Sounds similar to what happened to Curtis.
Basically, to answer questions about defending against this specific kind of attack — you have to be very skeptical of ANY email you receive, especially one with attachments (and sometimes even from people you already know — in the event their email’s been hacked). As some have said in the comments on Curtis’ site, if someone says they’re with group or org X, verify that first before clicking any links or opening any attachments.
Last thought — this comment on Curtis’ post – http://www.nkeconwatch.com/2010/03/19/someone-is-not-playing-nice/#comment-187183 – reminds me that you can get around a lot of problems with any PDF Viewer including Adobe’s and FoxIt’s by going into the settings and turning off Javascript!
—
Dan Ó C — those links look awesome, thanks!
0
0
Why do people feel the need to attack other persons computers to begin with? Does it give them a thrill to know that they are being an ass?
0
0
Just a small point on passwords – there’s a fantastic password management tool named keePass. Strongly recommend it. Enables you to have stronger and different passwords for everything.
(To answer your first question – if you want to protect yourself from this type of attack – either disable javascript in adobe reader.. or even better, don’t use adobe reader, use foxit. Get a good virus scanner and keep it up to date)
0
0
I have a hunch that Cao de Benos send this virus to Curtis as they used to be pals. NKEconwatch even seems to confirm pictures where Curtis and Cao are just a little bit shy of actually hugging each other, but seemingly Curtis has now embraced a slightly more ‘professional distance’, ha !
Those trips also featured some moronic doctor from NY, who brought suitcases full of medicine and thought he was doing something noble. Fool.
0
0
Ernst, Curtis and Alejandro are not pals. Trust me.
0
0
I am sure they’re not pals anymore, but given the fact that in 04 and 05 Curtis was part of Cao’s ‘sucker entourage’, you would expect they had at least some ‘relationship’ of sorts.
In 04/05 he seems to have been a ‘friend of Kim’ as per this movie on YouTube and wasn’t he marching there with 25 other loonies ??
0
0
i am only using free virus scanners like avast and avira but they seem to be great tools though:::
0
0