The nuclear reprocessing plant is attacked, the uranium centrifuge becomes temporarily uncontrollable Cyber ​​attack "Targatak" is what?


Google, Yahoo! , Adobe, Morgan Stanley and more than 30 companies of IT companies and securities companies attacked to tamper with the source code "aurora strategy", Siemens company process control to attack Iran's nuclear reprocessing plant A computer worm "Stuxnet" that was made to target management software packages and facilities for the system (SCADA) and temporarily made the uranium centrifuge uncontrollable, such as large scale and A cyber attack "Targatak" that cleverly and continually aims a specific organization,G Data SoftwareIt is said that it occurs frequently.

In fact, what kind of attacks have been done in the past, if you look at its history, you can understand that an unprecedented degree of net crime is occurring.

In the first place, "Targatakku" is an abbreviation for "targeted attack". A distinctive point of Targatak is that it is a type of cyber attack that continually and multiply attacks specific targets (companies and organizations). The history of virus and malware trends so far is listed as follows.

◆ First generation: pleasant offensive attack

ByX-ray delta one

Start turn off at random file in the hard disk by, or continue to overwrite all the files the physical format so as not to be recovered by the start of, or in image files such as Ochokuru, such as the game in sudden screen When the screen comes out and fails, it will never start again, the screen is bombed and the attacked place really gets broken, the CD-ROM drive starts to open and close without permission, the floppy disk drive continues to ring off slowly, forcibly on a blue screen is dropped occurred, etc. are summarized in the file is all ZIP files in your hard disk to flow out via the file sharing software, although the infected side I have a real harm, viruses and malware on the side that you create a non-existent except for spiritual fulfillment type Attack will be the first generation. If a person with experience in earnestly infection from the days of the Internet early days to the virus, "virus infection, ie death" should have a lot of people who have a sense of about, and why of the virus writers just here on this dreadful that eats instant death attack for no additional benefit.

◆ 2nd Generation: Attack for money


Most of the authors of viruses and malware were students and other young people in the early days, but as expected it is impossible to eat alone, and the mafia that seemed to have such eyes on those young people (they seemed to be mainly Eastern Europe ) Hired them to create various types of viruses and malware of the type "able to make money" one after another. For easy-to-understand use, I used it for phishing scams, I stealed the other's personal information · credit card number · bank account number and password etc by remote control. In addition, viruses and malware themselves generate a large number of subspecies, repeated infection aiming at unspecified users, and spread rapidly, making it possible to spread to a large number of infected and remotely controllable Internet It is also possible to remotely control thousands to hundreds of thousands of PCs at a time with a single command, building a botnet by bundling connected personal computers, that is, bots and zombies into personal computers, and this botnet itself Illegal business model to lend time to appear. The bot network lent by the time like this is used as a stepping stone of spam mail, a "DDoS" (Distributed Denial of Service) attack that no one can access to a 24-hour on-line casino site or year-end shopping site It has been used for various monetary purposes, such as trying to gain money by intimidating the other site by using it.

◆ 3rd generation: attacks in which "national" size organizations are engaged directly or indirectly


The first generation is of the level of individuals and very few groups, the second generation by criminal organizations and the third generation being involved with "national" or equivalent large organizations. I also do not use images like conspiracy theory or cyber war of a long ago, but I think that such things have become full-fledged in last few years. The purpose of this attack is not monetary, nor is it a criminal or political activity in a narrow sense, it is a "spy act" to confidential information rather than the theft of personal information, and it is a mere denial of service (DoS) The expression "obstructive work", "military action", "political demonstration act" rather than an attack is appropriate. It is an attack that aims at a specific organization, that is, "Targeted Attack", for short "Targattack".

According to G Data Software, the incident of Targatak which became apparent in some form is as follows.

◆ (1) Aurora strategy (around the middle of 2009 - December 2009)


It aimed at vulnerability of Internet explorer. There is persistent access to web servers of more than 30 IT companies and securities companies including Adobe, Jupiter, Google, Yahoo and Morgan Stanley, and attempts are made to tamper with the source code and "Operation · AuroraIt is called "later"Aurora attackIt began to be called.

◆ (2) Attack on the Carbon Dioxide Emission Trading Bureau (DEHSt) (January 2010)


Phishing attack. Those who misrepresented the sender of a phishing scam that fooled the name of the German citizen, deceive the user, exploited the social engineering of protection from hacker attacks, and requested the login site to login. Stolen account information is used for illegal delegation of carbon dioxide emission rights (main delegatee: Denmark, UK), its damage amounted to 3 million euros (approx. 350 million yen).

◆ (3) Stax net (July 2010)


Windows Computer Worm (Stuxnet). Aims at management software packages and facilities for Siemens process control system (SCADA) to attack Iran's nuclear reprocessing plant. As a result, the uranium centrifuge became temporarily uncontrollable. McAfee in his blog "The meaning that the Stuxnet attack brought to the energy industry"Although it explains it in detail,"In short, this is an unusually skillful attack"It is symbolic and it is obviously different in level from the previous attacks.

◆ (4) attack on the French Ministry of Finance, stealing the G20 file (December 2010)

ByX-ray delta one

More than 150 computers in the Treasury Department of France were attacked since the end of 2010, and files related to G20 (EU and the Finance Ministers / Central Bank Governors of the 19 major countries) were targeted. I announced it in March 2011.

◆ (5) Attacks on RSA server (March 2011)


A case in which a hacker intruded into a server of RSA (a major security company specializing in authentication and access management) and part of the algorithm of code generation used for SecurID token may have been stolen. Intellectual property was about to be robbed. Although it is accepted that there was access to at least some kind of information, it is unknown whether it really causes future problems.

◆ (6) Attacks on the EU European Commission (March 2011)


Although an unprecedentedly aggressive attack was launched just before the European Commission in Brussels in March 2011, it seems that measures such as restricting access have taken place and information leakage has not been reached.

◆ (7) Epsilon's email address mass leak (April 2011)

ByX-ray delta one

A large number of customers' mail addresses etc. were stolen from epsilon's database where millions of mail addresses of major companies are stored. Epsilon is a major online marketing company, used by hundreds of large companies around the world, including Disney and Citibank.

G Data Software, regarding these series of Targatak cases,

In contrast to "cyber crime" with the main objective of acquiring money, it can be said that "cyber espionage acts" which are hard to beat up are becoming active.

The difference between this cyber spy activity and the traditional method is not to attack unspecified number against opponents, but to attack military facilities or to conflict in political economy, so witness it in close proximity It is not that it is hard to be noticed.

In addition, attacks that became publicly known became equivalent to "success stories". Based on this result, there is a possibility that the use of phishing fraud e-mail in Internet crime will increase in the future. Moreover, in order for us to know that, it is difficult to grasp this situation only by performing an attack directly to an individual e-mail address.

We are calling attention by saying that it is said that the following three measures are always necessary at the individual level as well.

Even if the system is not connected to the Internet, or even a self-contained network protected by the gateway, every system can be attacked.

● All systems require updating of installed software (Flash, Adobe, Windows OS etc).

● In addition to protecting the gateway, protection against internal systems is also necessary, regardless of whether there is important data.

in Note, Posted by darkhorse