A report by an American security company accused a Chinese Army unit of engaging in cyber warfare against American entities. China's defense ministry denied the accusation. Landon CoxAssociate professor of computer science and electrical and computer engineering, Duke University lpcox@cs.duke.edu http://www.cs.duke.edu/people/faculty/?csid=0000204 Cox is an expert on user privacy and researches experimental software systems with a focus on mobile computing, social networking and security. Quote: "One of the most interesting aspects of the report on alleged attacks by China on American corporations, organizations and government agencies is how the hackers used social engineering and spear phishing, or highly personalized emails, to create their initial footholds on the victims' networks. These spear-phishing emails were not only well written but also appeared to be sent from a personal associate of the target. "Furthermore, if a target replied to one of these emails they would receive a perfectly reasonable response back. Once the hacker had earned the trust of the target, the hacker could often convince the target to open an email attachment that would launch a malicious program. "Defending against these kinds of attacks is extremely difficult, and I am not surprised that the attackers were successful. Looking to the future, while these kinds of attacks seem mostly aimed at people in 'high-value' organizations, one can imagine similar techniques being applied more generally. "The best advice is for people to be very cautious about how they handle messages from unknown email addresses. For example, don't run programs or follow links from unknown sources. It is also good for people to be aware of how much information about them is publicly available, such as their Facebook friend list or who their co-workers are, so that they have a better idea of what information an attacker might use to trick them."
