According to the indictment, the hackers had various means of disguise. For one thing, they allegedly sent malicious e-mail into companies and the union from hop points—intermediate computers, including one in Kansas, that were under their control. Second, they skillfully manipulated the Internet’s system for naming computer addresses. The hackers set up domain names such as “arrowservice.net” and “purpledaily.com” and programmed malware on the corporate victim computers to contact them. Then the spies could continually change the computer addresses to which the domain names connected. When it was daytime in Shanghai and nighttime in Pittsburgh, the indictment says, they’d set a domain name to connect to hop-point computers and conduct espionage. When the Shanghai workday was done, the hackers would set the address to connect to innocuous sites such as Yahoo pages.
It’s not a surprise that such systems are relatively easy to co-opt for nefarious purposes. Ideas for making the Internet more secure have been around for decades, and academic and government labs have churned out interestingproposals. Yet very few of these ideas have been implemented; they require broad-based adoption and possibly trade-offs in network performance. “You don’t hear about rebuilding the Internet anymore,” says Greg Shannon, chief scientist at the CERT division of Carnegie Mellon’s Software Engineering Institute.
What’s a company to do? Wyatt tightened things at United Steelworkers; among other things, he now gives fewer employees so-called administrative privileges to their computers, and he searches the network for the telltale signs of communications by malware. But none of this would have prevented the intrusions. Wyatt says it “might have slowed them down.”