Go Back   Professional Soldiers ® > Area Studies > Europe

Reply
 
Thread Tools Display Modes
Old 01-15-2013, 12:55   #1
Richard
Quiet Professional
 
Richard's Avatar
 
Join Date: Aug 2004
Location: NorCal
Posts: 15,370
Operation Red October: Global Espionage Campaign

With 'frienemies' like this...

A rogue {Russian} group is covertly collecting top-secret data with an infrastructure rivaling Flame and Stuxnet.

Richard


Operation Red October: The Top-Secret Global Espionage Campaign That's Been Running For Five Years
TheWeek, 14 Jan 2013

Russian anti-virus firm Kaspersky Labs has uncovered a high-level cyber-espionage campaign that has been targeting government agencies, research institutions, and diplomats for the past five years to gather "classified information and geopolitical intelligence," per a report published on Monday. Here's what we know about operation "Red October," which has some hallmarks of government-sponsored C++ computer viruses Flame and Stuxnet that came before it:

What's going on exactly?

A sophisticated digital infrastructure that's utilizing a chain of more than 60 command-and-control servers is silently gathering data from high-profile targets around the world, and avoiding detection. Whoever is behind the operation has been compiling troves of top-secret documents and files from computers, smartphones, and external storage hardware like USB sticks since 2007. Kaspersky says the campaign is still active, with a complexity that rivals the Flame virus allegedly used by the U.S. and Israel to spy on Iran's nuclear efforts.

Who's being targeted?

Most of the targets are in Eastern Europe and Central Asia, but more than 60 countries have been hit; accounts have been compromised in the U.S., Australia, Ireland, Switzerland, Japan, Spain, and more. Kaspersky declined to disclose the identities of the targets, but Kim Zetter at Wired notes that the agencies and institutions involved relate to "nuclear and energy research and companies in the oil and gas and aerospace industries."

How does the attack work?

The Red October worm first infiltrates computers using email attachments — things like Word and Excel files. Once a computer is infected, that data is beamed back to a still-invisible command server mother ship, which assigns each victim's computer a 20-hex digit code to identify it. This foothold, more alarmingly, can spread to mobile devices like smartphones, or even entire enterprise networks like Cisco to steal account information and passwords from databases. It also helps hackers reinfect machines in case the malware is removed by anti-virus scanners. The techniques and code seem to have Chinese origins, and have been used in previous attacks targeting Tibetan activists and military in Asia. (Click here for a detailed walkthrough of how the attack works.)

Who's behind it?

Unlike Flame and Stuxnet, Red October probably isn't a government-sponsored enterprise. Rather, Kaspersky says the cybercriminals behind this worm are most likely based in Russia, and are looking to sell their intelligence for a premium on the black market to governments and others willing to pay.

What kind of information are they gathering?

They're taking everything: .pdf files, Excel spreadsheets, and documents with .acid extensions, which are run through Acid Cryptofiler, an encryption program used by the French military and NATO. The virus "can also scrub enterprise network equipment and removable disk drives, copy entire email databases from Outlook storage and POP/IMAP servers, and it can even take deleted files off USB sticks using its own recovery mechanism," says Eric Limer at Gizmodo. "Red October doesn't mess around."

What's being done to stop it?

The investigation is still ongoing. Per the report published Monday: "Kaspersky Lab, in collaboration with international organizations, law enforcement, Computer Emergency Response Teams (CERTs), and other IT security companies, is continuing its investigation of Operation Red October by providing technical expertise and resources for remediation and mitigation procedures."

http://theweek.com/article/index/238...for-five-years
__________________
“Sometimes the Bible in the hand of one man is worse than a whisky bottle in the hand of (another)… There are just some kind of men who – who’re so busy worrying about the next world they’ve never learned to live in this one, and you can look down the street and see the results.” - To Kill A Mockingbird (Atticus Finch)

“Almost any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.” - Robert Heinlein
Richard is offline   Reply With Quote
Old 01-15-2013, 14:17   #2
mark46th
Quiet Professional
 
mark46th's Avatar
 
Join Date: Sep 2007
Location: Orange, Ca.
Posts: 4,941
I wonder how many more are as yet undiscovered...

Last edited by mark46th; 01-15-2013 at 16:37.
mark46th is offline   Reply With Quote
Old 01-16-2013, 22:20   #3
perdurabo
Guerrilla
 
perdurabo's Avatar
 
Join Date: Nov 2008
Location: Pacific Northwest
Posts: 356
One thing to keep in mind is that the source of this report, Kaspersky Labs, in operated by Eugene Kaspersky, who has ties to Russian intelligence and Medvedev.

I've kept up with Kaspersky for years and years, and I respect the guy and his contributions to computer security. But, consider the source.
perdurabo is offline   Reply With Quote
Old 01-17-2013, 15:11   #4
BOfH
Guerrilla Chief
 
Join Date: Jun 2011
Location: NYC Area
Posts: 828
While sophisticated, it may be a lot less dramatic than it really is, a.k.a business as usual.


http://www.networkworld.com/news/201...er-265893.html
Quote:
Some looking at the information that Kaspersky has provided so far about "Red October" are wondering if it's mainly a Russian vs. Russian botnet operation that could involve some of Russia's moneyed industrialists in the oil and gas business, for instance, spying on the government, or vice versa. Or perhaps spying on each other by attaining information from a third-party operating a botnet compromising both computers and handheld mobile devices.

"It's a very interesting case study," says Sean Sullivan, security adviser at F-Secure, the anti-malware firm headquartered in Finland. The entire operation could well involve Russia's "competing oligarchs," a term often used to describe the business magnates and billionaires who rose to power in industries such as oil and gas after the official end of the Soviet Union. Their battles among themselves and the Russian government have spilled with vehemence into the public eye from time to time. Still, in the drama of Kaspersky's "Red October," the espionage might still have something to do with China, Sullivan says.

snip
__________________
"Crime is an extension of business through illegal means, politics is an extension of crime through *legal* means."
BOfH is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -6. The time now is 04:06.



Copyright 2004-2022 by Professional Soldiers ®
Site Designed, Maintained, & Hosted by Hilliker Technologies