back to article Chinese hackers spied on investigators of Flight MH370 - report

Malaysian officials investigating the disappearance of flight MH370 have been targeted in a hacking attack that resulted in the theft of classified material. The malware-based hacking attack hit around 30 PCs assigned to officials in the Malaysia Airlines, the Civil Aviation Department and the National Security Council, a …

  1. Shasta McNasty
    FAIL

    Seriously?

    "Malaysian officials investigating the disappearance of flight MH370"

    "The malware was hidden in a PDF attachment posing as a news article that was distributed on 9 March...falsely claimed the Malaysian Airlines jet had been found."

    So the team investigating the disappearance were taken in by an unsolicited email attachment which claimed that the plane had been found.

    Didn't anyone on that team think for even a second that the email might be considered even slightly suspicious?

    FFS

    1. JeffyPoooh
      Pint

      "...just one day after..."

      "...just one day after the ill-fated Malaysian Airlines Boeing 777 disappeared..."

      How long was it active? Starting on Day 1 until when?

    2. Anonymous Coward
      Anonymous Coward

      The fact that the attack occured one day after MH370 disappeared...

      The fact that the attack occurred one day after MH370 disappeared, while the initial search was still getting set up and focused on the South China Sea, says a lot. Clearly the Chinese Government already knew something about MH370 that it's still not sharing with the world, and it was worried investigators would find out.

      1. chekri

        Re: The fact that the attack occured one day after MH370 disappeared...

        Plane carrying 152 Chinese citizens disappears, Malaysian investigators have information which China understandably would want access to. China hacks into Malaysian investigators systems to retrieve said information.

        and you write:

        "Clearly the Chinese Government already knew something about MH370 that it's still not sharing with the world, and it was worried investigators would find out."

        FFS use your brain - China is acting in its own national interest to find out what happened to 152 of its citizens.

        1. Nigel 11
          Black Helicopters

          Re: The fact that the attack occured one day after MH370 disappeared...

          After a couple of weeks, I'd believe that China was acting in the interests of its citizens. Just one day after the plane went missing, while it was still quite possible to believe that the plane caught fire, turmed back, failed to make to to the airport ... no, I don't believe it.

          This is either an unrelated (even random) broadcast of malware/ spyware, or they DO know something. Probably the former (pick a hugely topical news story to broadcast malware, rather than something with a much smaller potential readership). But either way, we are unlikely to find out.

      2. Psyx

        Re: The fact that the attack occured one day after MH370 disappeared...

        "Clearly the Chinese Government..."

        Supposition upon supposition. There is no evidence that the attack was even from the Chinese government - or even launched by people from China.

        Even if it was, there's a gulf of difference between wanting the inside track and knowing that something is amiss.

    3. mythicalduck

      Re: Seriously?

      >Didn't anyone on that team think for even a second that the email might be considered even slightly suspicious?

      Of course not. They seem to think it "was well-crafted malware that antivirus programs couldn't detect. It was a very sophisticated attack,"

      Well crafted? Sophisticated? When will people learn how to use email? *sigh*

  2. frank ly

    So ....

    An internal network used to store and generate sensitive and classified documents has an internet connection that was used to download and view a .pdf 'news article'? Or, an idiot brought a USB stick in with some reading material he waned to catch up on? Maybe they should spend more time reading The Register (on a separate network).

    1. SineWave242

      Re: So ....

      Very probably if it was opened on a Linux or OSX nothing would happen. That's one of the problems, too.

      1. disgruntled yank

        Re: So ....

        Because nobody would you use such a machine for serious work?

        I've used Linux since the 1990s, and I rely on it a lot. I do not make the mistake of imagining that it is invunenrable.

  3. Destroy All Monsters Silver badge
    Paris Hilton

    More to the point, why is anything in such an investigation "classified"?

    1. AbelSoul

      Re: why is anything in such an investigation "classified"?

      Indeed, this only fuels paranoia and conspiracy theories.

      The omni-shambles of the Lockerbie investigation being a case in point where public trust in the authorities concerned was completely abused and subsequently lost.

      1. Anonymous Coward
        Anonymous Coward

        Re: why is anything in such an investigation "classified"?

        Maybe because they were trying to gather information from military as well as civilian aviation authorities?

        1. Destroy All Monsters Silver badge
          Facepalm

          Re: why is anything in such an investigation "classified"?

          > Maybe because they were trying to gather information from military as well as civilian aviation authorities?

          Yeah so what.

          As if military would give them classified, unredacted information anyway. If they were even able to find it in their permanently overfunded and undermanaged Dilbert-organizations-with-guns.

          "Yeah, we have been given classified info that we can't put into the accident report" .... Yeah, totally legit report. Obama-level information freedom. Uh-huh.

    2. Graham Marsden

      @Destroy All Monsters

      > why is anything in such an investigation "classified"?

      Because (as was later revealed) the Malaysians had tracked the plane with military rather than civilian radars (which have much less coverage) and they probably don't want the Chinese (or anyone else) knowing their surveillance and monitoring capabilities.

      1. Destroy All Monsters Silver badge
        Facepalm

        Malaysia stronk!

        > they probably don't want the Chinese (or anyone else) knowing their surveillance and monitoring capabilities.

        They should face the fact that their computers are probably phoning home to Bejing.

    3. Psyx

      "More to the point, why is anything in such an investigation "classified"?"

      Because some information passed to the investigation was from military sources - such as RADAR and later SONAR traces - and would demonstrate classified capabilities.

      If the investigation did not guard that information at the appropriate level, future crash investigation could probably kiss goodbye from being handed such data from military sources (especially foreign ones) ever again, thus making the entire process more difficult for everyone in future and causing further woe for affected families seeking answers.

      Hope that answers your question.

    4. Anonymous Coward
      Anonymous Coward

      > More to the point, why is anything in such an investigation "classified"?

      In principle it is not. Looks like an interpretation error by the press.

      Edit: Very good point by Graham Marsden. That would be grounds for withholding certain information.

    5. PCComf

      Right. It shouldn't be necessary for anyone to hack in to see what is going on with that investigation. I suppose that the means by which they gathered information would give away capabilities of assets such as satellite imagery resolution and the like. I can't help myself but to compare this to Ferguson (in US) where withholding information is the thing that fuels conspiracy. Just be open about it.

      1. Psyx

        "It shouldn't be necessary for anyone to hack in to see what is going on with that investigation."

        Except for every media outlet ever, looking for a scoop.

        Also remember that the Chinese government were very keen to be seen as pushing and leading the investigation, to the point of twice being insistent that stuff they'd found was the real deal, when it wasn't. If it *WAS* a government hack then they were trying to get an inside track and scoop to save some face for the benefit of their citizens.

  4. DropBear
    WTF?

    And just what exactly might anyone hope to find on any investigator's computer, ONE DAY after the plane went missing...? Short of stumbling upon a dead-on admission of "we know what happened because it's our doing" there's no investigation committee on earth that will turn up ANYTHING AT ALL in that amount of time! Unless of course one were to hope the malware would stay undetected for the painfully prolonged periods over which such committees do their work, but that sound a bit far fetched for a team of "sophisticated hackers" who would be well aware what time-frame they can realistically hope for.

    1. Psyx

      "And just what exactly might anyone hope to find on any investigator's computer, ONE DAY after the plane went missing...?"

      A news scoop?

      The investigator's PIN and debit card details?

      Classified RADAR traces that shows the military capabilities of another nation?

      All are viable answers.

  5. Anonymous Coward
    Anonymous Coward

    the day after....

    This attack was launched the day after the plane went missing?

    You mean, when most of the world still expected it to be found somewhere, either in some far-flung airfield or broken up on the surface of the ocean. And this hacker group managed to conceive the attack and launch it in that timeframe, well before any kind of "big" investigation had started and teams had been formed? And they knew who to target? That sounds mighty strange to me.

    1. Destroy All Monsters Silver badge
      Black Helicopters

      "[Iran] hijacked the aircraft and they landed it in a place that nobody can see or find it."

      Unless it was Israelis, and possibly George Soros (or Rupert Murdoch?), who just wanted to check that everything was going according to plan while MH370's twin was silently waiting for its day in a hangar in Tel Aviv. [cat stroke]

      1. Anonymous Coward
        Anonymous Coward

        Re: "[Iran] hijacked the aircraft and they landed it in a place that nobody can see or find it."

        and possibly George Soros

        Wow, where did that come from? Since when has George Soros been associated with espionage activities? Curious..

        1. Yet Another Anonymous coward Silver badge

          Re: "[Iran] hijacked the aircraft and they landed it in a place that nobody can see or find it."

          >Since when has George Soros been associated with espionage activities?

          Bill Gates is now a good guy, Maxwell is dead and nobody can take the idea of Beardie Branson as a Bond villain seriously so he's all that's left

          1. Brad Ackerman
            Black Helicopters

            Re: "[Iran] hijacked the aircraft and they landed it in a place that nobody can see or find it."

            Ellis BillingtonLarry Ellison owns a private island and a megayacht. How is it possible that he's not a Bond villain?

            1. Yet Another Anonymous coward Silver badge

              Re: "[Iran] hijacked the aircraft and they landed it in a place that nobody can see or find it."

              Nobody makes fun of him because we know he IS a Bond villain.

      2. disgruntled yank

        Re: "[Iran] hijacked the aircraft and they landed it in a place that nobody can see or find it."

        The Masons are weeping bitterly, and wondering why nobody loves them anymore.

    2. Lars Silver badge
      Coat

      Re: the day after....

      On the other hand suppose it had nothing to do with MH370. We don't really know, do we.

    3. Stoneshop Silver badge
      Holmes

      Re: the day after....

      And this hacker group managed to conceive the attack and launch it in that timeframe

      Probably a matter of the payload being there already (probably in several variants), crafting a plausible-looking carrier pdf (a press release in this case), identifying who to send it to, selecting some compromised mail server and a receiving system (both available in abundance), then adding it all together, stir-frying it briefly and serving it up. Shouldn't take more than a couple of hours for a small group with the right level of organisation.

      The one thing that's rather baffling, as has been mentioned already, is what they hoped to find after just one day.

  6. Alan Brown Silver badge

    "An IP address in china"

    Given the number of zombies in china, it would take a lot to convince me that this was "chinese hackers", vs "someone using a Pwned chinese proxy"

    There's a lot of "ohhhhhh, Yellow peril" scarmongering going on.

    1. John G Imrie

      Re: "An IP address in china"

      An awful lot of the worlds internet traffic goes through the US. I'd like to see the Received headers to check which countries could pick up the mail before sending it on to China.

      1. Stoneshop Silver badge
        FAIL

        Re: "An IP address in china"

        I'd like to see the Received headers

        That will tell you which mailservers it touched, and where it was injected. And then only if none of those machines was compromised. It won't tell you who injected it.

  7. jerehada

    Remarkable they can launch at such short notice an attack that works so comprehensively and defeats virus protection. So in a nutshell where an organisation has anyone who opens an attachment they are then compromised. They can they penetrate any organisation through such on the face of it simple technique as spear fishing. Seems every organisation to me should be looking at where packets are send and who by. Perhaps quarantining far more where suspicious.

  8. dawnie

    the obvious solution is to degrade all outgoing connections to china down to 14.4kbps speed

    1. Anonymous Coward
      Anonymous Coward

      the obvious solution is to degrade all outgoing connections to china down to 14.4kbps speed

      .. and so the Chinese market opened for TalkTalk :)

  9. JaitcH
    Happy

    Surprise! So Malaysia is a somebody ... with things to hide

    They should feel honoured, joining the ranks of the UK and the USA along with many other 'advanced' nations.

    Malaysia is a major cable tapping station for the GCHQ, too, along with Singapore.

  10. chivo243 Silver badge
    Terminator

    One day, sure thing!

    How many people in China? I think the cyber power possessed by China is grossly underrated.

    Um, yes, your mission today is to infiltrate the investigators of MH370. You have 5000 Chinese hackers at your disposal, of those 500 speak fluent english. I expect results by 12:00hrs...

  11. Anonymous Coward
    Anonymous Coward

    [REDACTED]

    [REDACTED]

    ....nothing happened.....repeat after me....nothing happened....

    [REDACTED]

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like