Quantcast
Connect with us

Blame game for cyber attacks grows murkier as spying, crime tools mix

Published

on

 Veteran espionage researcher Jon DiMaggio was hot on the trail three months ago of what on the face of it looked like a menacing new industrial espionage attack by Russian cyber spies.

All the hallmarks were there: targeted phishing emails common to government espionage, an advanced Trojan horse for stealing data from inside organizations, covert communication channels for grabbing documents and clues in the programming code indicating its authors were Russian speakers.

It took weeks before the lead cyber spying investigator at Symantec, a top U.S. computer security firm, figured out instead he was tracking a lone-wolf cyber criminal.

DiMaggio won’t identify the name of the culprit, whom he has nicknamed Igor, saying the case is a run-of-the-mill example of increasing difficulties in separating national spy agency activity from cyber crime. The hacker comes from Transdniestria, a disputed, Russian-speaking region of Moldova, he said.

“The malware in question, Trojan.Bachosens, was so advanced that Symantec analysts initially thought they were looking at the work of nation-state actors,” DiMaggio told Reuters in a phone interview on Wednesday. “Further investigation revealed a 2017 equivalent of the hobbyist hackers of the 1990s.”

ADVERTISEMENT

Reuters could not contact the alleged hacker.

The example highlights the dangers of jumping to conclusions in the murky world of cyber attack and defense, as tools once only available to government intelligence services find their way into the computer criminal underground.

Security experts refer to this as “the attribution problem”, using technical evidence to assign blame for cyber attacks in order to take appropriate legal and political responses.

ADVERTISEMENT

These questions echo through the debate over whether Russia used cyber attacks to influence last year’s U.S. presidential elections and whether Moscow may be attempting to disrupt national elections taking place in coming months across Europe.

The topic is a big talking point for military officials and private security researchers at the International Conference on Cyber Conflict in Tallin this week. It has been held each year since Estonia was swamped in 2007 by cyber attacks that took down government, financial and media websites amid a dispute with Russia. Attribution for those attacks remains disputed.

THE SMOKING GUN

ADVERTISEMENT

“Attribution is almost never a clean, smoking-gun,” said Paul Vixie, creator of the first commercial anti-spam service, whose latest firm, Farsight Security, helps firms track down cyber attackers to identify and block them.

Raising the stakes, a mystery group calling itself ShadowBrokers has taken credit for leaking cyber-spying tools that are now being turned to criminal use, including ones used in the recent WannaCry global ransomware attack, ratcheting up cyber security threats to a whole new level.

In recent weeks, ShadowBrokers has threatened to sell more such tools, believed to have been stolen from the U.S. National Security Agency, to enable hacking into the world’s most used computers, software and phones. (http://reut.rs/2rmTZmm)

ADVERTISEMENT

“The bar for what’s considered advanced is lowered as time goes by,” said Sean Sullivan, a security researcher with Finnish cyber firm F-Secure.

The Moldovan hacker’s campaign to steal data and resell it on the web came to light only after infections popped up last year at a major airline, an online gambling firm and a Chinese automotive software maker, which are all customers of Symantec products used to secure their business networks.

Igor appears to have targeted the auto-tech company to steal its car diagnostics software, which retails for around $1,100 but Igor sold for just a few hundred dollars on underground forums and websites he had created. His aims in trying to break into the airline and gambling firm remain a mystery.

ADVERTISEMENT

“Considering the audacity of this attack, the financial rewards for Igor are pretty low,” DiMaggio wrote in a blog post on his findings to be published on Wednesday.

As a threat, Symantec rates Trojan.Bachosens as a very low risk virus, in part because the attack singles out only a handful of specific firms rather than the wide-ranging, random attacks used by many cyber criminals to scoop up the greatest number of victims.

“I think those days are over when we can say in black and white: We know this is an espionage group,” DiMaggio said.

ADVERTISEMENT

The Symantec researcher has not reported Igor to local authorities, calculating that exposing the methods of the attack will be enough to neutralize them.

(Editing by Peter Millership)


Report typos and corrections to [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Facebook

Mitt Romney blames democratic women for Trump’s racism: Their views ‘are not consistent with my experience’

Published

on

Little more than six months ago Senator-elect Mitt Romney (R-UT) promised voters he would "speak out" against President Donald Trump's racism. On Monday, Senator Mitt Romney blamed the targets of President Donald Trump's two-day racism fest for the President's own racism.

"I will speak out against significant statements or actions," by President Trump, "that are divisive, racist, sexist, anti-immigrant, dishonest or destructive to democratic institutions," Romney said in a New Year's Day 2019 Washington Post op-ed.

Continue Reading

Facebook

Facebook needs ‘very high standard’ for Libra coin: Mnuchin

Published

on

Facebook will need to meet "a very high standard" before it moves ahead with its planned digital currency Libra, US Treasury Secretary Steven Mnuchin said Monday.

Mnuchin said US regulators have already expressed concerns to Facebook about the plan for a global cryptocurrency, noting that these kinds of virtual coins have in the past been associated with money laundering and illicit activities.

"Whether they're banks or non-banks, they're under the same regulatory environment," Mnuchin told reporters at the White House, adding that Facebook "will have to have a very high standard before they have access to the financial system."

Continue Reading
 

Facebook

Shep Smith goes off on Trump’s racist attacks: ‘A misleading and xenophobic eruption of distraction and division’

Published

on

Fox News newsman Shep Smith began his Monday show by calling President Donald Trump's racist tweets about four Congresswomen of color "xenophobic" and a "distraction" for the purpose of "division."

"Our reporting begins with President Trump’s latest misleading and xenophobic eruption of destruction and division," Smith opened with. "Directed this time at a group of minority women in the United States Congress, 'go back to where you came from.' That is what the president wrote on Twitter just yesterday and today he called them haters of America and Jews. The president is defending those statements and when asked if he thought the Tweets might be racist, his response, 'Not at all.'"

Continue Reading
 
 
 

Copyright © 2019 Raw Story Media, Inc. PO Box 21050, Washington, D.C. 20009 | Masthead | Privacy Policy | For corrections or concerns, please email [email protected]

close-image