Week 4 Blog

The Hidden Lynx Hackers

The Hidden Lynx is a professional group of hackers who partake in many different forms of exploitation. (Zetter, 2013) “The group has targeted hundreds of organizations - about half of the victims are in the U.S. - and has succeeded in breaching some of the most secure and best-protected organizations” (Zetter, 2013). The Hidden Lynx hackers are extremely sleek and have outstanding hacking abilities. (Zetter, 2013) The Hidden Lynx hacker group uses many different approaches to taking down secure infrastructures. More specifically, “The Hidden Lynx group pioneered so-called ‘watering hole attacks’ whereby malicious actors compromise web sites frequented by people in specific industries so that their computers are infected with malware when they visit the sites” (Zetter, 2013). This was one effective technique that the Hidden Lynx group has employed. Another technique the group has used is dynamic DNS. (Zetter, 2013) The Hidden Lynx "Dynamic DNS rapidly switches command-and-control servers to hide their tracks and recompiles their backdoors frequently to keep a step ahead of detection. They also switch out zero-day exploits when one is discovered” (Zetter, 2013).

Another technique that the Hidden Lynx hacker group targeted was Bit9. (Zetter, 2013) The hackers attempted to, “resemble the hackers that penetrated RSA security in 2010 and 2011. In that case, hackers targeting defense contractors went after RSA security in an attempt to steal information that would allow them to undermine the RSA security tokens that many defense contractors use to authenticate workers to their computer networks” (Zetter, 2013). In addition, “Bit9, [. . .] provides a cloud-based security service that uses whitelisting, trusted application control and other methods to defend customers against threats, making it difficult for an intruder to install an untrusted application on a Bit9 customer’s network” (Zetter, 2013).

 

Moreover, “The attackers first broke into the network of a defense contractor, but after finding that a server they wanted to access was protected by Bit9’s platform, they decided to hack Bit9 to steal a signing certificate. The certificate allowed them to sign their malware with the Bit9 certificate to bypass the defense contractor’s Bit9 protections. The Bit9 attack, in July 2012, used SQL injection to gain access to a Bit9 server that wasn’t protected by Bit9′s own security platform. The hackers installed a custom backdoor and stole credentials for a virtual machine that gave them access to another server that had a Bit9 code-signing certificate. They used the certificate to sign 32 malicious files that were then used to attack defense contractors in the U.S. Bit9 later revealed that at least three of its customers were affected by the breach” (Zetter, 2013). I found it pretty ironic that Bit9 didn’t protect its own security platform. The Hidden Lynx definitely did their research on Bit9. Perhaps, Bit9 should have done its own research first in order to prevent being hacked. It just seemed like Bit9 was an easy open target for the Hidden Lynx to attack. My favorite technique that the Hidden Lynx used was signing their malware with the Bit9 certificate. This was just brilliant. Who would ever second guess Bit9's own certificate.

The Hidden Lynx has also hacked high profile stock trading firms. (Zetter, 2013) In addition, “The Hidden Lynx group has also gone after the supply chain, targeting companies that supply hardware and secure network communications and services for the financial sector” (Zetter, 2013). They have even compromised legitimate software driver websites so that the users download drivers with Trojans. (Zetter, 2013) It seems that this group’s motive concentrates around making money, stealing assets, and intellectual property. (Zetter, 2013) In addition, according to Symantec, they the Hidden Lynx has left fingerprints all over and this allowed Symantec to trace their activities and attacks. (Zetter, 2013) The group doesn’t seem to care about covering their tracks potentially because of the time and money involved. (Zetter, 2013) It seems like even the some of the best hackers also have their own weaknesses as well. I wonder who will exploit/uncover their weaknesses.

 

Reference:

Zetter, K. (2013, September 17). State-Sponsored Hacker Gang Has a Side Gig in Fraud. Retrieved September 17, 2013, from Wired: http://www.wired.com/threatlevel/2013/09/hidden-lynx/