back to article Space boffins, oil giants, nuke plants 'raided' by MYSTERY code nasty

A piece of government-bothering malware called NetTraveler has been active since 2004 - and targets agencies and organisations involved in space exploration, nanotechnology, nuclear power, lasers, medicine, communications and more. And that's according to researchers at security biz Kaspersky Lab. More than 350 high-profile …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Windows + Office/Adobe + BOFH not doing their job (or not allowed to, maybe not even there).

Same as usual then :(

Move along please...especially Eadon...

1
0
FAIL

Install updates

It's beyond me why companies involved in top secret research and military don't update software that is used throughout all of their offices and has vulnerabilities that are rated "critical" or "severe" and contain words like "remote code execution".

So yeah, let's continue building multi-billion dollar/euro cyber armies and buy multi billion dollar/euro cyber security products, while all we need to do is:

- right click blinking icon in bottom right corner

- press Update Now

- press Next

- press Finish.

2
1

Re: Install updates

Agree in a perfect world...

However in a complex environment where you have hundreds of different systems/applications its not that simple.

It wasn't that long ago that a windows patch bluescreened a number of PCs, imagine that happening to your whole organisation.

Patches have to be tested and rolled out carefully to avoid bringing down critical systems.

1
0
Anonymous Coward

Re: Install updates

A delay of a week or so testing patches (at least, testing it won't blue-screen and the obvious still works) is understandable, though still not good, but it appears there were not up to date for much longer.

1
0
Meh

Re: Install updates

Let's not forget about that other security advice, that of not allowing end-users to install software. No thanks to Adobe et. al. for software updates that require admin rights to install, meaning most users can't do it.

Sorry, not so easy as that.

0
0
Anonymous Coward

@ Marcel

One only sees the blinking Windows Update icon if you are logged in as an administrator - which of course you are not allowing your users to do, are you?

0
0
Anonymous Coward

'Mongolia came top of the table, followed by Russia, India, Kazakhstan, Kyrgyzstan, China, Tajikistan, South Korea, Spain and Germany'

Judging by the list of targets I'd guess the top 3 likely suspects are Japan, US and Pakistan, not in any particular order. Anyone got any better ideas?

2
0
Silver badge

Only one of those is a known rogue state.

1
0
Anonymous Coward

...because only rogue states hack people?

0
0
Silver badge

@ murph

Japan? I very much doubt that, as it's been a long while since they had an agressive foreign policy, and there's no history of Japanese cyber espionage that I've seen any reference to. Israel would seem a more probable actor, although Iran or the Norks could be to blame. Also, don't forget that somebody on the most infected list could equally easily be the source.

Worth noting that the infected list largely appears to reflect the extent of illegal Windows/Office installs, which means they can't patch them. Certainly most of the reported countries have reported piracy rates of 40% minimum and 80-90% maximum, with the single and striking exception of Germany, which has one of the lowest piracy rates in the world (23%). Pakistan is certainly a large country with very high piracy rates (84%) and so it noticeable by its absence from the top ten most infected list, although it features lower down. All figures from 2011 BSA survey data.

On these IT security threads we sometimes come across the idea of whether Windows has US government backdoors. As such, I doubt it, but given the extent of pirated software, and the inability to patch that pirated software, you have an interesting outcome that perpetuates vulnerabilities on computers in "countries of interest".

If you were clever enough to do this and get away with it for almost a decade, then it follows (for me) that you'd be clever enough to build in some false leads to direct suspicion away from you, and disguise any elements that might give you away. The Mongolian connection (and other Tibetan/Uigher aspects mentioned in the Securelist blogpost) could well be a false lead - just use some smart programming to ensure that certain computers get more than their fair share, let it be known that's where China's cyber warfare people are based, let other people draw an apparently logical conclusion. And on the double bluff, it could be China, hoping people believe that they wouldn't dump in their own back yard. If Pakistan were behind it, would they be daft enough to engineer malware that infects all neighbouring countries, but not themselves?

Given the long timescale, and the targeting, I think we can say it looks too intricate a scheme to be the work of the Iranians, and the Norks. Both Russians and Chinese would be plausible and willing to spy on their own people, although the US and/or Israel seem equally likely to want to spy on the most infected countries. All four have a track record of advanced cyber espionage and cyber sabotage, all four have reasons to take an interest in the most infected list.

2
0

Candidates - neglecting the obvious

The obvious would be a private black-hat firm specializing in deniable espionage with contracts including the US, China, and others. The targets might be a client list as well.

0
0
Bronze badge
Trollface

rogue state?

@Cristoph

you mean the USA I assume

0
0
Silver badge

Another idea

It's like bio-warfare. The Chinese(*) wrote it, but it escaped, and is now propagating itself beyond their ability to "recall" it. Scary.

(*) or anyone else, possibly including some near-autistic kid living in a council flat near you.

0
0
Bronze badge

" Mongolia came top of the table, .... It is worth noting that the Chinese military has a large training area located in Inner Mongolia, where it practises cyber-warfare techniques."

So should we suspect Iran as having created Stuxnet?

1
1
Bronze badge
Childcatcher

Innie or Outie

The actual report listed Mongolia, not Inner Mongolia. The physical proximity of the base is most likely coincidental and thus not worth noting. Also, the most targeted group seem to be diplomatic, government, and military. The other areas are more broad in scope but narrow in geography. Looking at the targets in those terms would seem to indicate the product was developed for use as a generic attack vehicle, probably for use in a typical criminal money-making venture, then spread thin as it was sold for use by (probably) a government.

Or perhaps not, but it makes for a nice story.

0
0

Oil giants

Coming after space boffins I has hoped this was about great big planets made of petrol. Oh, well. (Or no well, I suppose).

1
0
Anonymous Coward

Just nuke it.

I think we should just make sure that training facility would be replaced by a very deep glassy crater.

0
0
Mushroom

Re: Just nuke it.

Good plan, it's not like they have hundreds of their own nukes to retaliate.

No, wait...

0
0
Gold badge
Joke

Re: Just nuke it. @AC

Yes, but you might get in trouble for that. They may have admitted Stuxnet, but I don't think that they have admitted this one yet.

Mind you, maybe they are just planning an announcement. You know; tell everyone that China has been spying on them, and then announce that they have done this in retaliation.

And be careful; as Chris T Almighty said, they have hundreds of nukes, and even demonstrated to Japan & rest of world that they are happy to use them.

0
0

This post has been deleted by its author

This topic is closed for new posts.

Forums