China syndromeChinese hackers target DoD, DHS smart cards

Cybersecurity researchers have discovered malicious code developed by Chinese hackers to target the smart cards used by Defense Department, DHS, and State Department personnel.

According to researchers at AlienVault, the code is a newly created variant of Sykipot, a piece of malicious software, specifically designed to target smart cards, which grant government employees access to the most sensitive networks.

Smart cards function as an additional authentication layer beyond employee passwords, but with the new code, hackers now have all the elements they need to infiltrate sensitive government servers.

So far the code is believed to have been used in more than a dozen attacks beginning in March 2011, but it remains unclear what the hackers have stolen or how many computers they infected.

AlienVault researchers believe the latest version of Sykipot was created in China as a small snippet of code contained Chinese characters and previous strains were linked to servers in China.

In the latest attacks, hackers sent personalized emails to victims using the email accounts of people they knew in an effort to coax them into opening a .pdf attachment. Once opened, the attachment delivered the malicious code, which contained a keystroke logger, enabling hackers to steal PIN numbers for smart cards.

For compromised computers, whenever an individual inserts their card into an infected machine, hackers can capture their credentials and steal sensitive information.

The latest code exploits a vulnerability in ActivClient, a program made by Actividentity, whose client list includes the Defense Department, DHS, the U.S. Coast Guard, the Social Security Administration, and other federal agencies and major international corporations.