Chinese Hackers Are Hungry for Information

Friday, May 06, 2011

Rahul Neel Mani


Stuart McClure, Senior Vice President & General Manager, Risk & Compliance, McAfee co-authored his best-selling book Hacking Exposed: Network Security Secrets & Solutions 12 years ago. In an interview with Varun Aggarwal, he talks about how things have changed since then as he launched the new edition of his book.

Q: What major changes have you seen in the last 10 years since you first wrote your book?

Web has been the major change in the last decade. From almost 0% to 50% attacks exploit web technologies. Javascript that has become an integral part of Web right now, is highly unsafe to use from a security perspective. There is so much bad guys can do with Java script to wrap malicious code around it that it almost impossible to detect it. You sometimes need to unwrap 10-20 layers of code in the Javascript to find the true source of the bad code.

Moreover, malware has evolved a lot. Malware writers have started obfuscating and encrypting the malicious code so that any security company is not able to detect it. Encryption makes it extremely difficult to reverse engineer the code. So we have to run a malware in a sandbox environment to observe what it does but it gets really challenging to do that with so many new variants of the same malware.

Q: We get about 60,000 samples of unique samples of malware every day.

The biggest advancement in security technologies is the white listing technology. This would prevent 99.9% of malware. So, instead of stopping something that is bad, we let the user run only the applications that are good.

Q: After being acquired by Intel, what would be the key initiatives you’d be involved in?

One reason Intel bought McAfee was to add value to their chips. And one of the values was security. We’d be leveraging the relationship with Intel and would now get into the embedded systems world.

We’ll be building security solutions for embedded systems. There is however, no plans yet to build hardware security at the chip level. We are also moving into securing non-Intel chip platforms like ARM.

Q: Can you talk about the Project Night Dragon and its impact on India?

China has become hungry for information and they have cyber world to be rich with information. So they’ve targeted many different industries and many different countries including India.

They are not just targeting the websites but actual databases and data repositories. While some of these databases in India that were targeted by Chinese hackers were all connected to the Internet while they didn’t really needed to be.

While there have been various attacks targeted at Indian government, utilities, oil and gas companies etc, the defences are still very nascent and defocused. This is not a good combination against people who are highly motivated and highly skilled.

Night Dragon was just another incident where some nation states were going after other nation states for their industries data. The bad guys took advantage of the weaknesses in the security of oil and gas companies.

They used were commonly used techniques and public tools that are commonly known for over a decade to target these organisations. They stole their data over many months or possibly even years before the organisations actually got to know about it.

The problem is that most of these are almost never detected when they occur. They are detected only long after the bad guys have already left.

Q: What according to are the basic steps to get your security right?

The first step to secure yourself, is by making sure you’ve installed all the latest patches for all the applications that you’re using including the operating systems.

Second step is to restrict access of sensitive information to only select people in the organisation. Map the access right on what and where and who and how. That also means you need to built strong authentication. Try and use two factor authentication, if not multi-factor authentication.

The Anonymous group that was trying to defend WikiLeaks by launching DDoD attacks on companies that stood against them also got into a security company called HB Gary. And the number one reason they were able to get in was because of weak passwords.

The number three is about educating the user. Just train and retrain them on one simple thing: Don’t click on anything you don’t trust. We just need to use good security hygiene in Internet usage.

If you just follow these three basic steps, you’ll be 90-95% safe.

Q:  With the popularity of Twitter there is a new click jacking technique that the bad guys are using, which is the url shortening services like How should one prevent such attacks?

Twitter is a popular platform and you get only 140 characters to convey a message. People often use url shortening services to ensure they’re able to convey their message within the available space. You cannot get to know if the shortened url is leading you to a malicious site unless you actually click it.

Therefore, we’ve created a new secure url shortening service called We ensure that whatever url is being shortened using this service doesn’t contain any java script or doesn’t lead to a malicious site.

Cross-posted from CTO Forum

Possibly Related Articles:
Information Security
China malware McAfee Cyber Security Attacks Anonymous Night Dragon
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.