Apparently, a random airport customs search actually found something useful. According to Random Search Stops $600 Million In Trade Secrets Bound For China:
Jin was traveling on a one-way ticket to Beijing at the time. She declared that she had $10,000 in U.S. currency in her carry-on luggage. Customs and Border Protection officers found about $30,000 in cash.
They found several technical documents labeled “[Company A] Confidential Property,” Chinese documents, a European company’s product catalog of military technology written in English, a personal laptop computer, a thumb drive, four external hard drives, 29 recordable compact discs, and one videotape.
A search of the thumb drive and hard drives, conducted with Jin’s consent, revealed numerous documents marked “[Company A] Confidential Property.”
I’d say flying on a one-way ticket to China and carrying that much media, including four external hard drives, is
an obvious red flag. Of course, they need to realize that not everyone traveling with a laptop is a Chinese spy. I just hope this doesn’t lead to more invasive airport searches, but rather more appropriately focused ones.
Let’s not forget that CHM files can be dangerous. They can contain embedded executables that get launched automatically when you open them. This post on SANS ISC details a particular malicious CHM file that was sent out via email. After some investigation, it was determined that the program it ran specifically targeted PGP keyrings.
The code searched for these files (.pkr and .skr) and copied them off to the attacker’s system. To really make use of a PGP keyring, you need the passphrase. Well, this is why the malware came bundled with a keylogger, just in case you happened to be using PGP while it was running. The ISC post also notes that it collected .doc files, which could be an attempt to harvest documents that users created to help them keep track of their passphrases.
I’m not sure if I see enough evidence to agree with the conclusion that the attacker was simply trying to map relationships between PGP users, but I guess that is a possibility. Do recent versions of PGP even use these same keyring files?
This is a great lesson in why not to blindly trust random software that you find on the Internet. G-Archiver, a program created to help users locally save their Gmail messages, has a piece of code in it that sends your Gmail login and password to the author. You can see a scary screen shot of his inbox, since the guy had his own Gmail credentials hard coded right into the program, which was obviously discovered.
The details are at SANS ISC (source code) and Coding Horror (screen shot).
I’m happy to say that the new AOET.org website and blog is up and running. I was able to help out only a little bit on this project, but I hope to do much more on future Hackers for Charity initiatives. This is especially true since my PHP and MySQL skills have been improving much over the past couple of months.
AOET is an independent, indigenous non-governmental organization with the prime mandate of providing an education — formal and/or vocational — to desperately poor, neglected and forgotten orphans whose parents have died of AIDS.
I would encourage anyone reading this blog to get involved with Hackers for Charity, even if it’s just making a donation.
Joel on Software recently wrote an interesting piece on the newly-published MS Office file format specifications. It’s a bit off-topic for my blog, but I found the history responsible for the extreme complexity of these files to be fascinating. It goes to show that even with good intentions, software can get out of hand when it sticks around for a decade. As Joel says:
With a little bit of digging, I’ll show you how those file formats got so unbelievably complicated, why it doesn’t reflect bad programming on Microsoft’s part, and what you can do to work around it.
