Clock Forwarding HAC

 e-risk FAQ

*. Why is mi2g software talking about Clock forwarding "HAC"?

There have been two serious incidents and we would like to warn the world community about not being prepared for such an eventuality. Both Y2k compliant and non-compliant systems exhibit varying degrees of vulnerability.

*. Just what is meant by "Hacker Activated Code" and how does it work?

Hacker Activated Code (HAC) means native / machine code that is compiled for a specific architecture and is activated remotely through a signal extraneous to the network.

*. Have you found and isolated this code?

Yes, mi2g software has found two customised end-of-cycle components that were configured for specific IP addresses on the victim's networks. They appear to have run once only and they no longer execute the entire sequence contained in the confidential log files of the infected servers within the two major victims in October.

*. How far has this thing spread now?

mi2g software has had only two instances.

*. Are you dealing with more than one version?

Yes, the mi2g SIPS engineers are dealing with two distinct end-of-cycle versions. They are still searching for start-of-cycle codes.

*. Have you taken any other action other than contacting CERT?

Yes, the regulatory authorities in the appropriate jurisdictions have been informed with the consent and co-operation of the clients involved, whilst respecting confidentiality and sensitivity to adverse share price movement in the event of naming specifics.

*. Do you have other information available on this tojan/malicous code?

It appears to be a one-time execution, IP address specific, native code that forwards the clock of the 80x86 system on which it runs, whilst disabling any synchronisation protocol with a Central Time Server. It has brought down all Y2k non-compliant computers/applications on the network.

*. What is the origin of this HAC? Where did the HAC come from?

The two main geographic areas that the victim departments trade with are Eastern Europe and Scandinavia.

*. How much of the problem came from the HAC?

mi2g software is still trying to identify how much of a threat the start-of-cycle code is. How much has the code achieved on its own and what was achieved by unauthorised network accessors in parallel.

*. The use of this term "one-time Hacker Activated Code" means what exactly?

It executes its payload once and then does not execute.

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy