The New E-spionage Threat

In a news byte from SANS Institute, BusinessWeek has taken a look at the increasing number of targeted attacks against US government and private industry systems. The specific example is cited of an email message addressed to a Booz Allen Hamilton executive that was a brilliant fake of what seemed a mundane list, supposedly sent by the Pentagon, of weaponry India wanted to buy.

However, an insidious piece of code by the name of Poison Ivy was embedded in the message, designed to extract sensitive data out of the $4 billion consulting firm's computer network. If the recipient of this seemingly innocuous email had clicked on the attachment, his every keystroke would have been reported back to a mysterious address registered through an obscure company headquartered on the banks of the Yangtze River.

For more information, see the article in Businessweek.com.

For China's response to the article and to Business Week, see China's Response.