NORMAN — Recent reports show that a high-powered hacker group called “Comment Crew,” under the control of Unit 61398 of the Peoples Liberation Army of China, has been engaged in a long-term campaign of cyber-attacks against over 120 American companies, as well as United States government and military installations.
These reports coincide with attacks over the past few weeks that have successfully invaded, compromised and infected computer systems at Facebook, Apple Computer, and Twitter. Other attacks have targeted companies ranging from Coca-Cola, the New York Times and the Wall Street Journal, to oil and gas pipeline companies, military contractors, mining companies, telecommunications corporations, chemical plants, and the United States Departments of State and Defense.
Many of the attacks succeeded through the use of so-called “spear phishing” emails. Spear phishing emails are specially-crafted, legitimate-looking messages using a person’s actual name, company name, and even street address. The messages often contain a website link that, when clicked, infects the user’s computer with nasty software that allows the attacker to control the computer to steal information and attack other computers.
While big-shot corporate executives and top-gun government security agents battle Chinese cyber-spies, you may be wondering, “Hey, what about me? How am I supposed to deal with this?” Those are very good questions. While Ethan Hunt dukes it out with Unit 61398, what are regular mom-and-pop computer users supposed to do in the mean time?
Most computer attacks and viruses work by exploiting flaws that exist in programs we use every day. The primary way to protect your computer is through software updates and upgrades that repair the flaws the bad guys attack.
One program flaw the Chinese super-spies used to hack into computer networks is in Java. Java is a programming language used on thousands of websites. We have Java on our computers so we can use and interact with these websites. New flaws are found in Java all the time, and need to be fixed. If you do not install Java updates, your computer is a sitting duck.