British government hit by e-mail attack

Sophisticated virus writers are targeting computers at the very heart of Great Britain's infrastructure, a British government agency warned on Thursday. 

The warning offered only limited details of the attacks, but indicated they are widespread and sophisticated.  Central government computers have been the most popular target, but corporations and individuals are also at risk, the report said. Attackers are using specially-crafted Trojan horse programs designed to sneak onto computers and steal information.

"The attackers’ aim appears to be covert gathering and transmitting of commercially or economically valuable information," the warning said. The attacks had recently become more sophisticated, according to the agency.

The normally quiet National Infrastructure Security Coordination Center, which reports to Britain's Home Office, issued the warning.

"We have never seen anything like this in terms of the industrial scale of this series of attacks," NISCC Director Roger Cumming said. "This is not a few hackers sitting in their bedroom trying to steal bank account details from individuals."

There was no mention of specific agencies or firms that had been attacked. But the warning was specific in some areas: It listed more than a dozen Trojan horse programs that the agency said had been used in the attacks since January of this year. 

Employees are tricked into installing the malicious programs by cleverly-crafted e-mails loaded with infected documents.  In some cases, the attackers download publicly-available documents off the Internet, load the documents with the Trojan horse, then e-mail them to carefully-selected employees who would be likely to open such a file. To make the notes even more realistic, the e-mail appears to come from a co-worker.

"The attackers are able to receive, Trojanise and re-send a document within 120 minutes of its release, indicating a high level of sophistication," the warning says.  The attacks normally focused on individuals who have jobs working with commercially or economically sensitive data, the NISCC said.

The warning also gives this pessimistic advice: "Anti-virus software and firewalls do not give complete protection," it said. "There is no complete mitigation for computers connected to the Internet."

MORE FROM SECURITY

Security Section Front

Internet users lured to oppose health bills 5 things to know about Facebook’s new settings Facebook privacy revamp draws fire Facebook gives users more privacy controls Hacker to plead guilty in more store break-ins U.S. takes fight against hackers overseas Surprise! Merchants say Web fraud is down Facebook forms board on online safety Man in stolen cell phone pic turns himself in Teen Internet addicts more likely to self harm Security Section Front   Add Security headlines to your news reader: