Defense, energy, banks hit by Internet Explorer bug

operation clandestine foxCNN Money – by Jose Pagliery

Hackers have attacked the government agencies, defense contractors, energy companies and banks by exploiting the software flaw in Internet Explorer.

That’s according to FireEye (FEYE), the cybersecurity firm that revealed the software flaw last week. The company discovered that hackers took advantage of a bug in the Internet Explorer Web browser to secretly take control of computers.  

The cyber offensive has been dubbed “Operation Clandestine Fox,” and affects all versions of Microsoft’s(MSFTFortune 500) Web browser.

Microsoft has issued a fix, but FireEye’s announcement on Thursday showed there are already victims. FireEye also spotted that hackers are now specifically targeting older computers running on the outdated Windows XP operating system and those using the Internet Explorer 8 version of the browser.

Among those still using Windows XP are the Defense Department, the IRS, and bank ATMs. That’s a problem, because Microsoft (MSFTFortune 500) has taken its 12-year-old operating system off life-support, ceasing security updates (although it did, in this case, apply an update to Windows XP).

Consider this a wake-up call.

It’s easy to ignore Internet security scares, especially when there’s a deluge of news about them. In the month of April alone, we were bombarded with news about the pervasive Heartbleed bug, a massive AOL hack and the Internet Explorer glitch.

But there are real world consequences. The Heartbleed bug was used to steal personal information of Canadian taxpayers. The AOL (AOL) hack led to a flood of spam (that could link to infected websites.)

An attack like Clandestine Fox is of the more serious variety — a cyber reconnaissance mission by a foreign government that reveals weaknesses in industries crucial to the United States’ economy, defenses and power. It targeted power plants, banks, government agencies and military technology, which is essentially a precursor for war, said David Kennedy, CEO of security consulting firm TrustedSec.

“They’re going after the core critical infrastructure of the United States, so in the event of a war, they can take it down,” Kennedy said. “The scary part is that the financial sector and energy are extremely vulnerable.”

A typical power plant, for example, makes expensive investments on equipment that’s meant to last decades. It’s common to find 1970s-era software on turbines, Kennedy said. That’s a danger.

“When you have old technology, the defenses they made back then aren’t adequate today,” he said.

FireEye wouldn’t say who is launching the attack, but offensives of this nature are typically conducted by foreign governments. In the past, cybersecurity firms have pointed to China and IranTo top of page

4 thoughts on “Defense, energy, banks hit by Internet Explorer bug

  1. They have to blame Russia for this. It just wouldn’t be cricket if they didn’t.

  2. After reading this article is reminds me of how easy it would be to pull a false flag and knock out the water and power of the east coast then blame it on Iran, Russia or China. After 5 days of no power and running water Americans wouldn’t hesitate saying yes to a war. Heck they would be so mad that if our government said “Santa Claus did it” he would be lynched.

  3. I don’t believe this, mainly because I don’t believe that the computers of defense contractors and banks are easily hacked. We’re talking about billions of dollars at stake here. They hire computer security firms that make sure this can’t happen to them, and I don’t think it’s all that difficult to prevent a computer from being hacked.

    More BS here: “The scary part is that the financial sector and energy are extremely vulnerable.”

    Sounds like they’re getting ready to blame the financial collapse and the rolling blackouts on hackers, and that will allow them to enact whatever “online I.D.” schemes they’re hatching.

    1. In a former life I was an analyst/programmer. I used to crack(hacking is not the evil they make it out to be cracking is the term for breaking into systems) and I was damned good at it. You would be horrified at what passes for cyber security at most places.
      I am a little surprised at you JR thinking that they would have competence in this area when they lack it in so many other places. I also assume that a financial collapse will be blamed on ‘hackers’ but they will have the money not the ‘hackers’ they blame.

Join the Conversation

Your email address will not be published. Required fields are marked *