Chinese hackers using 'Terracotta' VPN to hijack servers of small businesses and attack government sites

PUBLISHED : Wednesday, 05 August, 2015, 1:27pm
UPDATED : Wednesday, 05 August, 2015, 1:28pm

Hackers in China have been taking control of website servers from small businesses with weak security protocols and using them to mask their attacks on bigger prizes like government data sites, according to security researchers. 

RSA Research said that a virtual private network (VPN) platform in China, which it dubbed "Terracotta", has been hacking into servers used by legitimate businesses. 

"It would appear that by just hacking these [servers] and stealing the bandwidth and computing power, there's considerable cost savings involved," Peter Beardmore, RSA’s senior consultant for threat intelligence marketing, told CSO Online. 

The servers are then sold as “digital camouflage” to other cyber criminals. 

VPN services have a number of legitimate purposes, such as giving office workers remote access to a company’s network, or helping skirt China's Great Firewall, but they can also serve more nefarious purposes in the hands of hackers. 

They can hide a user's location and IP address - the digital location of their computer - thus enabling hackers dodge law enforcement agencies. 

As such, cybersecurity teams at large organisations, which are often targeted by hackers, will often will block the IP addresses of commercial VPN services.

"The [hackers] utilising the Terracotta network have effectively overcome this line of defence", the researchers said, by using regular website servers as a shield. 

"Traffic emanating from the Terracotta node could appear as legitimate traffic from a legitimate domestic organisation, when in fact that organisation is a Terracotta victim with an infected server."

While it did not identify which VPN provider Terracotta is, RSA said it was one of many small commercial VPNs operating under-the-radar in China to help people avoid the country’s sweeping internet restrictions. 

Such services are often sold on e-commerce sites like Taobao, run by Chinese e-commerce giant Alibaba, or via social media and online forums.