Employees targeted through fake emails carrying a trojan

Jan 15, 2010 15:00 GMT  ·  By
Law Firm involved in lawsuit against the Chinese government, victim of cyber-attack
   Law Firm involved in lawsuit against the Chinese government, victim of cyber-attack

Gipson Hoffman & Pancione, the law firm representing Solid Oak Software in its $2.2 million lawsuit against the Chinese government and the developers of Green Dam Youth Escort, was targeted in a recent cyber attack. Hackers operating out of China attempted to infect the company's computers with an information-stealing trojan.

Based in Los Angeles, Gipson Hoffman & Pancione, prides itself on being a global law firm with experience in international law. The company is currently representing Solid Oak Software in a $2.2 billion copyright infringement lawsuit filed earlier this month against the Government of the People's Republic of China and several computer manufacturers including Sony, Lenovo, Toshiba, Acer, Asustek, BenQ and Haier.

At the center of the litigation is a piece of Internet content filtering software called Green Dam Youth Escort. The program was developed by Zhengzhou Jinhui Computer System Engineering and Beijing Dazheng Human Language Technology Academy, also defendants in the lawsuit, under a contract with the Chinese government, and was supposed to be pre-installed on all new computers sold in the country, beginning with July 2009.

Santa Barbara-based Solid Oak Software alleges that Green Dam developers stole its intellectual property and trade secrets, the controversial software using over 3,000 copyrighted lines of code from its own CYBERsitter parental control application. "We were on guard prior to filing the lawsuit that something like this would happen," attorney Elliot Gipson commented for IDG News Service, referring to the latest attack that targeted the law firm.

The attack took place on Monday and Tuesday, when a considerable number of employees started receiving emails purporting to come from their colleagues. Some of the rogue messages contained malicious attachments, while others included links to suspiciously looking websites. "It came from email addresses that people would recognize as internal to the firm, and the attempt was to make it seem like everyday stuff," explained Mr. Gipson.

The intentions of the attackers, who used servers from China, was to infect computers with a trojan, probably in order to steal information about the case. However, Gregory Fayer, one of the people impersonated in the messages, told CNET that "as far as we know, no one has actually been duped by the e-mails."

NetworkWorld reports that Alex Halderman, an assistant professor of electrical engineering and computer science at the University of Michigan, one of the researchers who reversed-engineered Green Dam and originally announced its code similarities with CYBERsitter, is concerned of possible attacks against him and his team. "My research group takes security very seriously, but facing an adversary on the scale of a nation and its intelligence agencies is something that we've never experienced before," he noted.

This news comes in light of Google recently denouncing a Chinese cyber attack against its own infrastructure, as well as that of at least 20 other companies. The incident has prompted the Internet giant to strongly consider pulling out of the Asian market and closing down its operations there.