Tag: Kaspersky Lab

Cyberwarfare: Not Just for Anarchists Anymore!

Hack the Planet by von Shin Kurohoshi
Hack the Planet by von Shin Kurohoshi

For those deeply concerned about internet security and privacy, the year of 2013 certainly opened with a bang. First, there was the news that a cyberspy ring – apparently operating out of Russia – had been spying on embassies, governments and research institutions around the world for the past five years using a virus dubbed “Red October”. This was back in January, when the Moscow-based antivirus firm known as Kaspersky Lab announced the discovery of the international intrigue.

Then, on Jan. 30th, the New York Times announced that they too have been the target of hackers, this time from China. In a statement released by the newspaper, the company claimed that Chinese hackers have been persistently attacking their publication for the last four months, infiltrating its computer systems and getting passwords for its reporters and other employees.

Jin_jiaboaThe timing of the attacks coincided with a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them.

With the help of  Mandiant, the internet security company hired by The Times, they were able track the intruders, study their movements and help erect better defenses to block them. In the end, The Times reported that they had successfully expelled the attackers and kept them from breaking back in. However, the fact these hackers were able to infiltrate the network of a private news organization in the first place was much cause for worry.

Cyber-WarFor one, this is not the first time that hackers, originating in China, have used these sort of subterfuge tactics to hack US databases. According to experts at Mandiant, their company has tracked many such intrusions back to the Chinese mainland, all of which used the same approach of cloaking their efforts using US servers. In addition, this incident, which smacked of state-involvement, did not occurr in a vacuum.

Back in 2008, internet security experts indicated that Chinese hackers had begun targeting Western journalists as part of a wider campaign to identify and intimidate their sources and contacts, and to anticipate stories that might damage the reputations of Chinese leaders. The purpose behind this far-reaching and growing spy campaign aimed at corporations, government agencies, activist groups and media organizations inside the US seemed to be for the purpose of controlling China’s public image, domestically and abroad, as well as stealing trade secrets.

cyber-war-1024x843But of course, China is hardly alone in these sorts of covert cyber-warfare. As already mentioned, Russia has already shown signs of developing cyber weapons to assist in spying abroad, and there’s mounting evidence that Israel, Iran and the US are on board too. Starting in 2008, Iran’s main nuclear enrichment plant was hit by a sophisticated computer worm that caused damage to it, thus putting a crink in their efforts to become a nuclear power.

While no one took responsibility for this incident, the evidence seemed to indicate that the worm originated from sources within Israel and the US. Attacks which took place later on American banks and oil companies within the US were believed to have been caused by Iran, in retaliation for the worm that hurt their main source of enriched uranium and a key component in their nuclear program.

anonymous_flagFor some time now, hacking federal databases has become something of a sport for various groups and causes who are seeking to reveal government secrets and expose their inner workings to public scrutiny. The “Hacktivist” group known as Anonymous is a perfect example, a group closely linked to Assange (of Wikileaks) who’s most recent infiltration of the Federal Reserve Bank made the news earlier this month as well.

But as I’m sure all will agree, it’s one thing when private citizen attack domestic and foreign databases, and quite another when nations attack each others. While cyber criminals may constitute a vague and slippery enemy, one which is much harder to identify and prosecute, nation-states constitute a far more frightening one. Not only are their resources far more vast, the consequences of battling them are far greater.

Knowing who your enemy is, and that they have nuclear capabilities and the ability to strike at you physically… Yes, I think that’s a much scarier prospect! While the old ways of plausible deniability and covert action may apply, no one likes the idea of subtle attacks which could escalate into a full-scale conflict. Even if it is waged entirely by computer, the effects are still likely to be felt!

Source: NYTimes.com, money.cnn.com

Cybersleuths Uncover Worldwide Spy Virus

 

computer-virus.istock

“I’m frightened because our enemies are no longer known to us. They do not exist on a map. They’re not nations, they’re individuals. And look around you. Who do you fear? Can you see a face, a uniform, a flag? No! Our world is not more transparent now, it’s more opaque! It’s in the shadows.” 

This was one of the most memorable lines from the recent Bond movie Skyfall, as spoken by Dame Judi Dench in her role as M, director of MI6. It’s memorable because of how it managed to capture the essence of spy work in the post-Cold War digital age, and because it pretty much resounds with audiences who are increasingly fearful for their privacy.

In a story that I know I must comb for material for my next cyber novel, a team of cyber sleuths recently uncovered a cyberspy ring that has been spying on embassies, governments and research institutions around the world for the past five years. The virus, which has been dubbed “Red October”, is of uncertain origin, though the culprits are believed to be Russian (hence the name).

Red-October-Infection-MapFor the past five years, the virus has been harvesting documents and data from computers, smartphones and removable storage devices (such as USB sticks), largely from victims in Easter Europe and Central Asia. However, 69 countries were reported as being targeted in total, including the U.S., Australia, Ireland, Switzerland, Belgium, Brazil, Spain, South Africa, Japan and the United Arab Emirates. So far, these victims remain unidentified except to say that in most cases, they were government agencies and embassies, institutions involved in nuclear and energy research and companies in the oil and gas and aerospace industries.

The virus was uncovered by the Kaspersky Lab, a Moscow-based antivirus firm that specializing in internet security. In a statement released on Monday the 14th: “The main purpose of the operation appears to be the gathering of classified information and geopolitical intelligence, although it seems that the information-gathering scope is quite wide.” The virus is still active, they say, but now that the operation is a matter of public record, there’s no telling if it will continue or not.

hackers1What’s more interesting is the fact that the spy ring set up an extensive and complex infrastructure consisting of a chain of at least 60 command-and-control servers that appear to rivals the massive infrastructure used by the nation-state hackers that were behind the infamous Flame spay malware that was responsible for infiltrating computers in Iran and across the Middle East last year. However, Kaspersky went on to claim that this network was not associated with Flame, meaning that there is another hacker ring out there that is equally powerful and motivated, and has comparable infrastructure.

All of this calls to mind the Anonymous and the whole debate about hacking and its ethics. Whereas the concept was born of a desire to make information free, deconstruct corporate and government control of media, and break down barriers between nation states, examples like this remind us that there are also insidious hackers, the ones who’s motivation is questionable and who’s actions are less than benign. Alongside “black hat” hackers, the people who spawn malware, spyware, and other viruses from their basements, hackers have it pretty bad on the PR front!

anonymousBut good or bad, the reality is that hacking and information wars are becoming an increasingly decentralized and democratic affair. For some, this is a good sign, an indication that we are moving towards a truly open and free society. For others, its a very bad sign, since we really have no idea how to contain threats that emerge from what are essentially non-entities.

I swear to God I didn’t pick this story to promote my new book, people! But for some reason, the news cycle seems to have decided to break a story that specifically addresses what I was trying to capture with that book and its planned sequels. So in addition to all the people these “Red October” individual may have screwed over, it seems that they’ve made me look like a shameless self-promoter! I don’t know what your agenda is, be it general mischief, anti-secrecy, freedom of information, or just plain anarchism, but did you ever once think of ME???

Source: Wired.com