Trojan APT hits DoD smart cards

A variant of the Sykipot Trojan Horse is able to hijack U.S. Dept. of Defense (DoD) smart cards in order to access restricted resources.

01/26/2012


ISSSourceA variant of the Sykipot Trojan Horse is able to hijack U.S. Dept. of Defense (DoD) smart cards in order to access restricted resources.

“We recently discovered a variant of Sykipot with some new, interesting features that allow it to effectively hijack DoD and Windows smart cards,” said Jaime Blasco, a security researcher at AlienVault. “This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year.”

Smart cards interface with computers through a special reader. They use digital certificates and PIN codes for authentication purposes.

Sykipot commonly sees use in advanced persistent threat (APT) attacks. The Sykipot variant analyzed by AlienVault contains several commands to capture smart card information and use it to access secure resources, Blasco said.

One of the variant’s routines works with ActivIdentity ActivClient, an authentication software product compliant with DoD’s Common Access Card (CAC) specification.

The CAC enables access to DoD computers, networks, and certain facilities. It allows users to encrypt and digitally sign emails and it facilitates the use of public key infrastructure (PKI) for authentication purposes.

This Sykipot variant reads the smart card certificates registered on the victim’s computer, steals the card’s PIN number using a keylogger module and uses the information to log into protected resources, as long as the card remains inside the reader, Blasco said. In essence, it becomes a smart card proxy.

“While Trojans that have targeted smart cards are not new, there is obvious significance to the targeting of a particular smart card system in wide deployment by the U.S. DoD and other government agencies, particularly given the nature of the information the attackers seem to be targeting for exfiltration,” Blasco said.

Sykipot went out last month as part of an APT attack against companies from the telecommunications, manufacturing, computer hardware, chemical and defense industries. According to AlienVault, the Trojan’s main command and control servers are in China, although its creators will sometime use U.S.-based servers to route the stolen information in order to avoid detection.



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
Each year, a panel of Control Engineering editors and industry expert judges select the System Integrator of the Year Award winners.
Control Engineering Leaders Under 40 identifies and gives recognition to young engineers who...
Learn more about methods used to ensure that the integration between the safety system and the process control...
Adding industrial toughness and reliability to Ethernet eGuide
Technological advances like multiple-in-multiple-out (MIMO) transmitting and receiving
Virtualization advice: 4 ways splitting servers can help manufacturing; Efficient motion controls; Fill the brain drain; Learn from the HART Plant of the Year
Two sides to process safety: Combining human and technical factors in your program; Preparing HMI graphics for migrations; Mechatronics and safety; Engineers' Choice Awards
Detecting security breaches: Forensic invenstigations depend on knowing your networks inside and out; Wireless workers; Opening robotic control; Product exclusive: Robust encoders
The Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control, and embedded systems.
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
News and comments from Control Engineering process industries editor, Peter Welander.
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
This is a blog from the trenches – written by engineers who are implementing and upgrading control systems every day across every industry.
Anthony Baker is a fictitious aggregation of experts from Callisto Integration, providing manufacturing consulting and systems integration.
Integrator Guide

Integrator Guide

Search the online Automation Integrator Guide
 

Create New Listing

Visit the System Integrators page to view past winners of Control Engineering's System Integrator of the Year Award and learn how to enter the competition. You will also find more information on system integrators and Control System Integrators Association.

Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.