Chinese hackers fall for decoy water plant, inadvertently confirm motives

By Brittany Roston/Aug. 2, 2013 10:37 pm EST

The Chinese hacking collective known as APT1 has long been suspected of working with China's army, and as such has garnered its fair share of attention from the powers-that-be. Back in February, the hackers inadvertently revealed the extent of their intentions, doing so by falling for a "honeypot" – one of several decoy water plants. Though their methods were said to be low in sophistication, one Trend Micro researcher says there was no doubting their intentions.

The researcher is Kyle Wilhoit, and he is response for having created the decoy system, detailing his efforts in a session at Black Hat. APT1 fell for the fake system, which is being referred to as a honeypot, back in December of last year believing it to be a legit water plant in the U.S. The hacking collective used methods that have been attributed to them in the past, as well as so-called signature characteristics.

Wilhoit spoke with the folks over at MIT Technology Review, stating that while a water plant wasn't something it seemed APT1 would be interested in, what he witnessed indicated otherwise. "I actually watched the attacker interface with the machine. It was 100 percent clear they knew what they were doing."

By falling for the ruse, the collective also inadvertently revealed its intentions – to interfere with the system, in this case a seemingly utility-based water plant. Furthermore, APT1 wasn't the only group that targeted the dummy system according to Wilhoit, who showed off evidence against the respective hackers during his talk at the hacking conference.

A total of 12 decoy systems were launched from March to June 2013 in eight different nations, among them being Russia, Japan, and the US. Of the dozen, 74 attacks from foreign nations were observed, 10 of which were of such a degree that they took over control of the honeypot system. Further narrowing it down, four indicated a "high level of knowledge" about the systems. Russia is said to have been responsible for the most non-critical attacks on the system, while half of the severe ones originated from China.

SOURCE: MIT Technology Review