Titan Rain was the U.S. government‘s designation given to a series of coordinated attacks on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature (i.e., state-sponsored espionage, corporate espionage, or random hacker attacks) and their real identities (i.e., masked by proxy, zombie computer, spyware/virus infected) remain unknown. The designation ‘Titan Rain’ has been changed, but the new name for the attacks is itself classified if connected with this set of attacks.
In early December 2005 the director of the SANS Institute, a security institute in the U.S., said that the attacks were “most likely the result of Chinese military hackers attempting to gather information on U.S. systems.”
This is very serious stuff. And if they can get into heavily defended top secret computer systems just imagine how easily they could get into yours or into the systems of your place of work. Against this background we have this amazing announcement from Google:
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers……….….more
So there you have it, official. The Chinese put malware on people’s computers which they then use to their own ends. What better way to achieve this than by using a browser video game? The client software for browser video game is on literally tens of millions of Western computers. The operators of these games even encourage you to put it on your work computers. And there is nothing to stop them then extracting all the information they want. Passwords, credit card numbers, email addresses etc. And your virus software will not show this up, because it is not a known virus. And your firewall will not protect you because you installed the client. I wrote an article on here “Is Evony Malware?”. Here is one of the comments that a reader called Lee added to this article:
Please note that I am not saying that Evony is malware or is associated with malware in any way. I am just repeating what other people have said. But personally I would not install it on my computer.
So take care out there. Only play browser games from reputable companies that you know the provenance of. Who owns them, where they are based, their phone number etc. To let just any browser game put their client on your computer is very dangerous, they can do anything they want once it is loaded and you won’t know anything about it and can’t prevent it.