NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Scary Night Dragons Fall from Sky

February 10, 2011

  • Blog
  • Archive
Reading the headlines today one could not help but notice the latest installment of “scary Chinese hacker press” making the headlines. And who can blame the news media for latching on to this story as it has all the right ingredients: foreign governments targeting U.S. interests, catchy nicknames like Night Dragon, connections to a previous scary threat “Operation Aurora” and a timely announcement leading up to one of the security industry’s biggest conferences in San Francisco next week, RSA. Wait, what? Some of you might be experiencing déjà vu when you read about this latest series of Chinese attacks targeting U.S. Oil and Gas companies. You may recall that it was in January of 2010 that news actually broke about the FBI investigating extensive targeted attacks that took place against Oil and Gas companies during the 2008 and 2009 timeframe. The attacks described then are not much different than the attacks described now. I will leave the debate to others on whether the attacks in 2008 and 2009 are different attacks or if some security companies are just now getting around to shedding extra technical light on years old attacks. Either way, the answer would be uninteresting, but I digress… Night Dragon might remind you of another series of attacks, Operation Aurora, which if you do not remember, was the series of attacks that became public around this same time last year. In the case of Aurora, it was a series of targeted attacks against a variety of organizations, but most notably against Google. The thing that made Operation Aurora unique was not the technical aspect of the attack itself, but Google coming forward to talk openly about the breach they suffered. In the case of Night Dragon, the attacks were of varying levels of sophistication. In some cases public attack tools, which have been known for many years, were used by the attackers behind Night Dragon. Over five months ago, eEye research was monitoring conversations on an Iranian message board which is hosted in the United Kingdom. On the message board, hackers openly discuss the usage of one of the attack tools that was used within Night Dragon. This was of course not interesting because the attack tool is well known and commonly used to attack systems throughout the world. Nor is it interesting that the discussion was taking place on an Iranian message board. Attacks happen all the time to many organizations and countries. Today even the most straightforward attacks are considered sophisticated when contrasted against the outdated approach organizations and governments take to protect their systems. Not to mention that tracing back the origin of an attack is far from an exact science and one that allows for attackers to easily manipulate the attribution of whom is behind an attack. Another example of how old and known components of Night Dragon are is in the case of the malware components that were being embedded on systems. Anti-virus companies have been detecting these malware components for more than 5-6 months, most of which have been protecting generically for these classes of malware long before that. This is another stark contrast to Operation Aurora, which even after Google went public, was still lacking detection by most anti-virus companies. More importantly, the fact that so many components within the Night Dragon attacks are publicly available and known in hacking circles, it makes it even harder to really say with any authority which attacks were related or not. This is again very different than the extremely targeted and customized nature of Operation Aurora or even more so Stuxnet. There are however things similar about Operation Aurora and Night Dragon. Both of them made their big splash in the beginning of the year only weeks ahead of the security industry’s largest conference, RSA. Both of them also, like most attacks covered in the news, were simply more of the same in that they did nothing to further our dialogue on what to do about these attacks but rather only serve some security company’s interests in product sales and continue a crippling effect on what policy the United States, and other countries, might enact to combat a most clear and present danger. You see it is not that Operation Aurora or Night Dragon are not problems; they very much are. But they are simply the tip of a massive iceberg which any modern country is quickly sailing into in a way that makes the Titanic disaster seem minor. Given the political deadlock in Washington at the moment, it is unlikely that we will see government step forward to solve this problem for us and in a lot of ways they are probably not the ones that should have to solve it. The role of government should not be to have to do the job that corporations should be doing themselves in trying to prevent the theft of intellectual property, but rather to do as law enforcement and our military have done since their inception: to identify criminals and those who would threaten our freedom to prosper and either bring them to justice or draw a line in the sand of what will no longer be tolerated without facing retribution. If China is the aggressor that it appears to be in cyberspace, then it is time to elevate this conversation and debate to one of substantial action, instead of wielding it as another weapon of fear for security industry sales and budget increase requests. As the security industry gathers in San Francisco for RSA next week, let’s hope we can for once shift the conversation beyond the latest scary threat and the new silver bullet technology to solve the problem. We should engage in a serious conversation about what it will take at a policy level to make lasting improvements that impact the future security of our technology-engrained way of life. The answer will not be the latest desktop security software for $44.99. Signed, Marc Maiffret Co-Founder/CTO eEye Digital Security Follow Marc on Twitter >>
Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.