“This was one of the largest and oldest criminal hacker operations…using over 800 shell companies to steal information from government servers, banks, and large corporations in Germany, Austria and Switzerland…for over a decade (since 2002).”-TimesofIsrael
CyberIntel and a UK partner were asked to investigate a security breach which a German company could not identify, because the Trojan used had not been identified by any antivirus software.
The Trojan was unique in each attack, but what no one among the internet authorities had connected was the fact that
“the Trojans and the malware were all delivered from a narrow band of IP addresses, indicating a relationship among them.” – ibid
The malware was delivered by email from a phony UK shell company. CyberIntel checked the DNS info and discovered it was being used by 833 shell companies.
“To make the scam look even more legitimate, the hackers purchased digital security certificates for the phony firms. Thanks to the certificates, the hacker fronts were considered legitimate, so no one bothered checking them out whoever was behind the scam had deep pockets.
“They invested about $150,000 to make this work, so clearly we are talking about professionals.” It emerged that there were two sets of professionals, said Ben-Naim. “The hackers were hired hands, working for some other entity, which was interested in a wide variety of material.”- ibid
Some truly alarming news: “the hackers stole sensitive documents — studies on biological warfare and nuclear physics, as well as plans for key (and top-secret) infrastructure, along with the “usual” bank account and credit card data.”, CyberIntel has found. They refused to speculate as to whether this hacking was done by a cybercrime outfit, or a government but did say it “felt” more like a criminal operation.
The key to the “Harkonnen Operation” (named after the evil Dune ducal family) was incompetence of UK internet regulators who failed to notice that 833 companies had the same IP addresses and contact info. Apparently, apart from the forged digital certificate, the operation itself wasn’t very sophisticated and succeeded because they were in and out very quickly. The regulatory incompetence and lack of IT security should raise some truly serious questions, however, and should provide some good lessons, CyberIntel said.
Source:
http://www.timesofisrael.com/israeli-firm-busts-13-year-long-europe-hack-attack/