Sykipot is not a new Trojan Horse by any means, but the variation found to be attacking Department of Defense smart cards is certainly something that government agencies need to be worried about. United States government agencies, that is. It's doubtful the Chinese government will be too worried about them, considering that the Sykipot-led attacks against these US government agencies would appear to be originating from China itself.

Security specialist AlienVault has uncovered evidence that the attacks might stretch right back as far as March 2011 and have been targeting a number of agencies which use ActivIdentity, or more specifically the smart card readers running ActivClient (the client application of ActivIdentity) and which smart cards are now standard security measures for the US Army, Navy, Air Force as well as the Department of Defense itself. The smart cards are used not only to identify military personnel but civilian employees and contractors for example.

Jaime Blasco, AlienVault's Research Lab Manager, reckons this is the "first report of Sykipot being used to compromise smart cards" although he does admit that a year ago another security vendor wrote about smart card proxy attacks "although the report did not provide specifics on the attack methodologies being used, the term is useful in describing this latest style of attack vector." The research team have apparently so far found evidence of attacks compromising cards running on the Windows Native x509 software which is pretty commonplace, as I understand it, within US government agencies.

Blasco makes the China connection as he has reason to believe that the Sykibot 'swarm' team are Chinese and working to a known 'data shopping list' which includes semiconductor and aerospace technology information. Indeed, the new strain is thought to come from the same Chinese hackers which created an earlier Sykibot version that spammed messages containing promises of information on US drone technology.

Once activated, the Sykibot strain employs keyloggers to harvest PINs for the smart cards in question which allows the malware to act as an authenticated users and therefore access sensitive information under the control of its allegedly Chinese controllers.

About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

Member Avatar


Sounds like something out of Neal Stephenson's REAMDE.
Are the crackers to be admired or despised and are the manufacturers of the card / security software to be pitied or slapped about a bit?