Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘espionage’ Category

The Spy Who Tracked Me

with one comment

This is a juicy headline from Bloomberg: U.K. Reveals its First Major Cyber-Attack Was Against IS

GCHQ isn’t typically known for advertising its very-much-behind-the-scenes-on-the-down-low headline making when it comes to espionage, cyber or otherwise.

But according to this Bloomberg report, Britain “carried out its first major cyber-attack in 2017, disrupting Islamic State’s communications and propaganda for much of the year.”

“This is the first time the U.K. has systematically and persistently degraded an adversary’s online efforts as part of a wider military campaign,” [GCHQ Director Jeremy] Fleming told a cybersecurity conference in Manchester, England, “Did it work? I think it did.”

Fleming (great last night for a spy head, right?) also mentioned Russia in his comments:

The use of a nerve agent against former double agent Sergei Skripal, he said, “demonstrates how reckless Russia is prepared to be, how little the Kremlin cares for the international rules-based order.” Russia “widely uses its cyber capabilities,” Fleming said, “blurring the boundaries between criminal and state activity” and deploying “industrial-scale disinformation to sway public opinion.”

Written by turbotodd

April 12, 2018 at 12:59 pm

Internet Insecurity

leave a comment »

You ever get one of those emails where there are two headlines that couldn’t have been more synchronous?

That’s what I got today in a Washington Post email newsletter:

“New malware is 20 times size of Stuxnet”

“Cybersecurity experts needed to meet growing demand”

Surely the Post newsletter editor at least chuckled when he put those two together.

I didn’t chuckle, however, when I started reading up on this new Internet security phenom.

Wired’s Threat Level blog led with this: “A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.”

Here was The New York Times lead on the story: The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Thursday.

And, the Post led with: Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software the disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.

The Post goes on to cite analysts who “suspect Israel and the United States, given the virus’s sophistication, among other things.”

Which is it, we need more cybersecurity experts in the U.S., or we’re the “nation-state” behind this latest cyber war virus?

Whatever the case, the BBC’s coverage included the following facts: Russian security firm Kaspersky Labs believed the malware had been operating since August 2010 and described Flame as “one of the most complex threats ever discovered.”

If you don’t remember Stuxnet, it was the alleged state-sponsored virus which wreaked havoc on Iran’s uranium centrifuges.  This new malware, according to the BBC story, “appears not to cause physical damage,” but instead collects “huge amounts of sensitive information.”

Wired also adds to the story, reporting Flame was “written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals.”

Wired went on to report that “Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.”

Recorded conversations?

Yes, indeedy.  According to Wired, one of the modules in Flame is “one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity.”

It also allegedly contains a module that turns “Bluetooth-enabled computers into a Bluetooth beacon,” scanning for other Bluetooth-enabled devices in order to “siphon names and phone numbers from their contacts folder.”

It can also store “frequent screenshots of activity on the machine,” screenshots that include everything from emeetings to instant messages, email….you get the picture.  Literally.

I don’t know about you, but I sense a whole new genre of cyber espionage novels looming on the horizon.

More details on Flame as they emerge…
%d bloggers like this: