News & Current Affairs
15 February 2014
Internet Explorer Hack Is Just Another Reason Not to Use Internet Explorer
Believe it or not, hackers have found some new vulnerabilities in Internet Explorer, and are using them to exploit former military personnel.
According to security firm FireEye, two hacking groups used a flaw in the most recent version of the web browser, IE 10, to install malware onto the computers of users who visited the U.S. Veterans of Foreign Wars' website using Explorer. FireEye writes that the hack, which they called "Operation Snowman," (because Washington is especially vulnerable to hacking during this last round of incapacitating snow and ahead of the President's Day holiday) was likely an attempt to get at military information.
FireEye explains the very technical specifics of the breach:
Basically, people who reached the site through IE were susceptible to malware that the hackers had secretly embedded into the VFW site. This didn't happen to people using other browsers, like Chrome or Firefox or even IE 11, per FireEye:
The security firm identified two campaigns as being linked to the attack, Operation DeputyDog and Operation Ephemeral Hydra. The elaborately named hacking efforts have relied on IE's vulnerabilities before -- DeputyDog used flaws in the browser to attack Japanese sites in August, and Ephemeral Hydra partnered with DeputyDog to exploit IE insecurities in a more mysterious breach, per security blogger Ken Westin:
Reuters reports that the hackers behind Operation Snowman infected hundreds or thousands of computers. FireEye research Daniel Kindlund told Reuters it's possible that the hackers hope to access files stored on former military personnel's machines with the breach.
ComputerWorld noted, however, that the breach actually puts one-third of IE users at risk, everyone who is using IE 9 or IE 10. According to the site, IE 9 and 10 users may have been vulnerable to attack for quite some time:
Microsoft spokesman Scott Whiteaker said that the company is aware of the attacks and is investigating, adding "We will take action to help protect customers." Or, maybe users should just switch browsers.
HTML Comment Box is loading comments...