Skip to main content

Attacks on military targets are tightly focused

While high-profile attacks on popular targets gain increasing column inches, cleverly targeted attacks continue to mount against military contractors and government departments with malicious PDF files used to distribute backdoor code.

The attacks carried out by groups such as Anonymous and LulzSec are 'noisy:' caring little whether they are noticed or not and seeking to gain notoriety more than anything else, the attacks are indiscriminate and quickly spotted by the affected companies.

The more 'professional' cracker chooses the targets carefully, keeping under the radar and tailoring the attack vector to exploit the smallest vulnerability in the target's armour. Possibly the best example of this comes courtesy of F-Secure's chief research officer Mikko Hypponen, who has publicised a particular PDF that is very specific to its target audience.

The PDF in question was e-mailed to an unnamed military contractor posing as a request for papers for the AIAA Strategic and Tactical Missile Systems Conference. While the event is real - classified as 'SECRET/U.S. ONLY' and held at the Naval Postgraduate School in Monterey California each January - the PDF is fake, using a name well-known to its target to exploit a common hole in PDF reading software.

"When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm.exe," Hypponen explains. "This is a backdoor that connects back to the attacker."

If the file executes successfully - and with the PDF in question only detected by around half the virus scanners commonly in use at the time of writing, there's little reason it shouldn't - the backdoor is opened quietly and without fuss, with the user unaware that his or her system is now open to intrusion.

It's the sort of attack which can only work against a very specific target, and one that shows that serious thought and research has gone into its creation. The aim is the theft of industrial and military secrets, with the group or groups behind it not looking to publicise their actions in the way of so-called 'hacktivist' groups.

While it's LulzSec and Anonymous that get the column inches, it's the truly anonymous types behind such targeted attacks on military and government targets that pose the real threat. When such things get ignored by the mainstream press, user education becomes significantly more difficult and the attacks more likely to succeed.

As with all such attacks, user education is key. The best technological countermeasures in the world can be circumvented should a zero-day exploit be discovered, but a clued-up user will always be alert for attacks such as this one. monitors all leading technology stories and rounds them up to help you save time hunting them down.