- Obama ‘cavalier’ in hiding foreign aid order, judge rules
- Prince Charles: Muslims are driving Christians from Mideast through persecution
- Gitmo’s first commander: Close the prison down
- Google’s newest photography find: Just wink and shoot
- Detroit’s Heidelberg art project hit by 8 fires in 8 months
- Pa. police pull people over for random DNA tests for feds
- NASA pushing hard to get back into space game
- Harvard student to face federal charges for bomb hoax
- Ronnie Biggs of ‘Great Train Robbery’ fame dies, 84
- Pope Francis wins another ‘Person of the Year’ — from gay rights magazine
China suspected in hacking of Nobel website
Attack seen as linked to dissident’s Peace Prize win
Hackers using hijacked computers in Taiwan struck the website of the Nobel Peace Prize on Tuesday, exploiting a previously unknown vulnerability in the popular Firefox Web browser to place a secret backdoor on the computers of anyone who visited it.
The timing of the attack, just three weeks after the prize was awarded to imprisoned Chinese dissident Liu Xiaobo and the use of computers in Taiwan to launch it, has led some security researchers to point the finger of suspicion at Chinese hackers.
And the use against Firefox of a rare “Zero Day” exploit - malicious code that uses a previously unknown flaw in a software package - had programmers scrambling to come up with a fix before copycat hackers get hold of it.
The Nobel site was fixed shortly after its administrators learned of the attack, said Snorre Fagerland, a virus researcher with a Norwegian computer-security firm, Norman ASA.
He added that there were a number of “puzzling” aspects to the attack, which redirected Nobel visitors to a hijacked university server in Taiwan that installed a very simple piece of malware called a Trojan - effectively, a backdoor into the computer system.
The use of the Firefox vulnerability was “very elaborate,” Mr. Fagerland said.
The Firefox Internet browser is open-source software, which means the code is available to anyone to inspect and work on. It is given to users free of charge by Mozilla, a nonprofit group of mostly volunteer programmers. Advocates of open-source software generally regard it as more secure, and Zero Day exploits against the browser are quite rare. The Register, a British computer-security trade news website, called it “the first time in recent memory attackers have exploited an unpatched vulnerability in Firefox.”
On Wednesday evening, Mozilla engineers issued a fix for the vulnerability, and an updated cersion of the Firefox browser.
“These releases fix a critical security issue … Thanks to Mozilla’s industry-leading open security process the fix has been created, tested, and released to users within 48 hours of first notification about the vulnerability,” the group said in a blog post.
But by contrast with the exploit, the Trojan package it delivered was “really, really basic … clumsily done,” said Mr. Fagerland. “It doesn’t hide itself very well.”
He added it contained portions of code that seemed either badly edited or “not really finished.”
But, though simple, the backdoor was effective, allowing the hackers to get complete control of the infected computer. “You could do almost anything in there,” Mr. Fagerland explained.
Unusually, the Trojan, rather than installing automated malicious software to steal passwords, banking information or other data, was being used to allow an actual human hacker into the infected machine.
“It appears to be a manual connect,” Mr. Fagerland said, “someone is actually typing instructions” at the other end. “That is not at all common,” he said.
Marten Krakvik, of Norwegian telecommunications firm Telenor, said his firm had observed hacker activity on some infected machines.
© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.
About the Author
By John R. Bolton
The president fiddles at his domestic altar while the world burns
- U.S. Army mulls wiping out memory of Robert E. Lee, 'Stonewall' Jackson
- We told you so: Conservatives foresaw polygamy ruling
- BOLTON: Nero in the White House
- EDITORIAL: Al Gore, soothsayer
- Top Democrats reject court ruling over NSA spying on Americans
- HURT: D.C. gets the vapors, calls sequester too much
- Obama mocks Putin, picks gay athletes for Sochi delegation
- IRS pays tax cheats hundreds of millions of dollars
- Army to cut up to 4,000 captains and majors
- Rush weighs in: Maybe Republicans dont dislike Obamacare
Independent voices from the The Washington Times Communities
A libertarian look at breaking news and political trends by author Tom Mullen.
Southern Fried Politics from the Lens of a Persian-American Millennial
Wall Street news for retail investors who want to know what's going on.
Top 10 handguns in the U.S.
Extraordinary day at Redskins Park
White House pets gone wild!
Let it snow