Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    ‘Chicken Farmer’ Bots Steal Secrets From Governments Worldwide

    By
    Robert Lemos
    -
    August 8, 2013
    Share
    Facebook
    Twitter
    Linkedin

      An Asian espionage network consisting of more than 5,000 bots—or “chickens” in the region’s parlance—has infected government agencies in the United States, Europe, Taiwan, Thailand, Malaysia and other nations, according to research presented at the Black Hat security conference by Taiwanese researchers.

      While the researchers had identified more than two dozen groups operating different “chicken farms” that were responsible for nearly 50 attacks per week on each major Taiwanese agency, their presentation focused on one group of farmers called “LStudio.”

      The attacks, most of which are not detected by antivirus software, aim to install stealthy malware to steal sensitive government information, said Benson Wu, lead security researcher at Taiwan-based Xecure Lab, who co-presented the research at Black Hat. Known as advanced persistent threats (APTs), such espionage attacks have become a common occurrence, not only for U.S. companies and government agencies, but those in Taiwan as well, Wu said.

      “Taiwan is a great place to study APT—it’s like an APT playground,” he said. “It’s very easy to collect new samples, and everything is so new that (antivirus) has a zero detection rate.”

      The researchers refused to attribute the attacks to any specific actors, noting that it is fairly easy to disguise attacks from one country to make them appear to come from another. However, there was a noticeable absence from the list of victims.

      “There are no IP addresses from China,” says Fyodor Yarochkin, a security researcher at Academia Sinica/Taiwan, who co-presented the research at Black Hat.

      Cyber-espionage has become the crowd-sourced Cold War of the modern era. While many western countries, such as the United States, have adopted espionage on the Internet as a way to gather information a wide variety of information on other countries, many developing nations have focused on stealing economic secrets from the United States and Europe.

      China is the most aggressive of the current crop of espionage actors, but information-gathering attacks have been attributed circumstantially to the United States, Russia, India and Israel. More damaging attacks—such as the sabotage of Iran’s nuclear processing capability by the Stuxnet program—have been allegedly carried out by the United States, Israel, Iran and North Korea.

      “APT malware only accounts for a very tiny percentage of legitimate traffic, but they are like lethal weapons,” Wu said. “Once you have it, you have these lethal malware inside your organization.”

      In the case of LStudio, the attackers appear to be intent on gathering information using a variety of espionage tools that connect to different backend systems. The researchers were able to gather information on the data centers and the consoles that were used by the attackers.

      An interesting component of the system is that it posted messages to a social network as a way to pass information from the compromised systems to the farmers who managed those “chickens.” Messages, such as “Carol: Aaron win the competion (sic) award like ZWEknbws, well known for the series of F512,” identify the specific malware, the user and passes other information.

      In addition, the attackers would give each campaign a label that, in many cases, named the target, allowing the attackers to discover that some attacks were directed at the Ministry of Energy, while others focused on the largest media companies in Taiwan.

      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×