Veteran espionage researcher Jon DiMaggio was hot on the trail three months ago of what on the face of it looked like a menacing new industrial espionage attack by Russian cyber spies.
All the hallmarks were there: targeted phishing emails common to government espionage, an advanced Trojan horse for stealing data from inside organizations, covert communication channels for grabbing documents and clues in the programming code indicating its authors were Russian speakers.
It took weeks before the lead cyber spying investigator at Symantec, a top U.S. computer security firm, figured out instead he was tracking a lone-wolf cyber criminal.
DiMaggio won’t identify the name of the culprit, whom he has nicknamed Igor, saying the case is a run-of-the-mill example of increasing difficulties in separating national spy agency activity from cyber crime. The hacker comes from Transdniestria, a disputed, Russian-speaking region of Moldova, he said.
“The malware in question, Trojan.Bachosens, was so advanced that Symantec analysts initially thought they were looking at the work of nation-state actors,” DiMaggio told Reuters in a phone interview on Wednesday. “Further investigation revealed a 2017 equivalent of the hobbyist hackers of the 1990s.”
Reuters could not contact the alleged hacker.
The example highlights the dangers of jumping to conclusions in the murky world of cyber attack and defense, as tools once only available to government intelligence services find their way into the computer criminal underground.
Security experts refer to this as “the attribution problem”, using technical evidence to assign blame for cyber attacks in order to take appropriate legal and political responses.
These questions echo through the debate over whether Russia used cyber attacks to influence last year’s U.S. presidential elections and whether Moscow may be attempting to disrupt national elections taking place in coming months across Europe.
The topic is a big talking point for military officials and private security researchers at the International Conference on Cyber Conflict in Tallin this week. It has been held each year since Estonia was swamped in 2007 by cyber attacks that took down government, financial and media websites amid a dispute with Russia. Attribution for those attacks remains disputed.
THE SMOKING GUN
“Attribution is almost never a clean, smoking-gun,” said Paul Vixie, creator of the first commercial anti-spam service, whose latest firm, Farsight Security, helps firms track down cyber attackers to identify and block them.
Raising the stakes, a mystery group calling itself ShadowBrokers has taken credit for leaking cyber-spying tools that are now being turned to criminal use, including ones used in the recent WannaCry global ransomware attack, ratcheting up cyber security threats to a whole new level.
In recent weeks, ShadowBrokers has threatened to sell more such tools, believed to have been stolen from the U.S. National Security Agency, to enable hacking into the world’s most used computers, software and phones. (http://reut.rs/2rmTZmm)
“The bar for what’s considered advanced is lowered as time goes by,” said Sean Sullivan, a security researcher with Finnish cyber firm F-Secure.
The Moldovan hacker’s campaign to steal data and resell it on the web came to light only after infections popped up last year at a major airline, an online gambling firm and a Chinese automotive software maker, which are all customers of Symantec products used to secure their business networks.
Igor appears to have targeted the auto-tech company to steal its car diagnostics software, which retails for around $1,100 but Igor sold for just a few hundred dollars on underground forums and websites he had created. His aims in trying to break into the airline and gambling firm remain a mystery.
“Considering the audacity of this attack, the financial rewards for Igor are pretty low,” DiMaggio wrote in a blog post on his findings to be published on Wednesday.
As a threat, Symantec rates Trojan.Bachosens as a very low risk virus, in part because the attack singles out only a handful of specific firms rather than the wide-ranging, random attacks used by many cyber criminals to scoop up the greatest number of victims.
“I think those days are over when we can say in black and white: We know this is an espionage group,” DiMaggio said.
The Symantec researcher has not reported Igor to local authorities, calculating that exposing the methods of the attack will be enough to neutralize them.
(Editing by Peter Millership)
Colbert names Trump’s siege on DC the ‘Tinyman Square’ incident
It wasn't quite Tiananmen Square, where a still-unknown number of Chinese protesters were murdered by the government in 1989, but it was the closest thing President Donald Trump managed to score this week.
After watching the footage of the military tear gas, beat and shoot at protesters so Trump could march from the presidential bunker to St. John's Church for the cameras.
"It was like Tiananmen Square," Colbert deemed. "Except, in Trump's case, Tinyman Square."
Trump claimed on "The Fox & Friends" that no one was tear-gassed, so it's unclear what was stinging people's eyes and making them cough, choke and tear up. The Park Police released a statement saying it wasn't tear gas. While the moment was captured on video from dozens of different camera angles, one protester actually grabbed a canister of Oleoresins Capiscum, or "OC," the gas that was used.
Vladimir Putin must love watching the US fall apart: columnist
New Yorker columnist Susan Glasser made the astute observation that if Russian President Vladimir Putin wanted to destabilize the United States with the election of President Donald Trump, he's clearly achieved his objective.
It was reported in March that Russian intelligence services are working to incite violence using white supremacist groups to try and sow racial chaos in the United States ahead of the November election.
Conservative columnist links all Republicans to the attack on Lafayette Square
Monday afternoon, President Donald Trump decided to walk across Lafayette Square for a photo-op. To get there, however, it took an outright battle with mounted park police, police covered in body armor and rattled Secret Service members who had just rushed the president to the bunker several nights before. Armed with semi-automatic weapons and military gear, they staged a siege on Lafayette Square against unarmed hippies, woke whites and people of color, again, forced to fight for justice.
Writing for the Washington Post Wednesday, conservative columnist Max Boot attacked Attorney General Bill Barr, who accepted responsibility for demanding that demonstrators be tear-gassed, beaten and shot with rubber bullets. Like Bull Conor ordering fire hoses on students marching in Birmingham, Alabama, Barr's attack on Lafayette Square for a photo-op proved he is willing to do what it takes to stroke the fractured ego of a president forced to cower in a bunker.