Windows + Office/Adobe + BOFH not doing their job (or not allowed to, maybe not even there).
Same as usual then :(
Move along please...especially Eadon...
A piece of government-bothering malware called NetTraveler has been active since 2004 - and targets agencies and organisations involved in space exploration, nanotechnology, nuclear power, lasers, medicine, communications and more. And that's according to researchers at security biz Kaspersky Lab. More than 350 high-profile …
It's beyond me why companies involved in top secret research and military don't update software that is used throughout all of their offices and has vulnerabilities that are rated "critical" or "severe" and contain words like "remote code execution".
So yeah, let's continue building multi-billion dollar/euro cyber armies and buy multi billion dollar/euro cyber security products, while all we need to do is:
- right click blinking icon in bottom right corner
- press Update Now
- press Next
- press Finish.
Agree in a perfect world...
However in a complex environment where you have hundreds of different systems/applications its not that simple.
It wasn't that long ago that a windows patch bluescreened a number of PCs, imagine that happening to your whole organisation.
Patches have to be tested and rolled out carefully to avoid bringing down critical systems.
Japan? I very much doubt that, as it's been a long while since they had an agressive foreign policy, and there's no history of Japanese cyber espionage that I've seen any reference to. Israel would seem a more probable actor, although Iran or the Norks could be to blame. Also, don't forget that somebody on the most infected list could equally easily be the source.
Worth noting that the infected list largely appears to reflect the extent of illegal Windows/Office installs, which means they can't patch them. Certainly most of the reported countries have reported piracy rates of 40% minimum and 80-90% maximum, with the single and striking exception of Germany, which has one of the lowest piracy rates in the world (23%). Pakistan is certainly a large country with very high piracy rates (84%) and so it noticeable by its absence from the top ten most infected list, although it features lower down. All figures from 2011 BSA survey data.
On these IT security threads we sometimes come across the idea of whether Windows has US government backdoors. As such, I doubt it, but given the extent of pirated software, and the inability to patch that pirated software, you have an interesting outcome that perpetuates vulnerabilities on computers in "countries of interest".
If you were clever enough to do this and get away with it for almost a decade, then it follows (for me) that you'd be clever enough to build in some false leads to direct suspicion away from you, and disguise any elements that might give you away. The Mongolian connection (and other Tibetan/Uigher aspects mentioned in the Securelist blogpost) could well be a false lead - just use some smart programming to ensure that certain computers get more than their fair share, let it be known that's where China's cyber warfare people are based, let other people draw an apparently logical conclusion. And on the double bluff, it could be China, hoping people believe that they wouldn't dump in their own back yard. If Pakistan were behind it, would they be daft enough to engineer malware that infects all neighbouring countries, but not themselves?
Given the long timescale, and the targeting, I think we can say it looks too intricate a scheme to be the work of the Iranians, and the Norks. Both Russians and Chinese would be plausible and willing to spy on their own people, although the US and/or Israel seem equally likely to want to spy on the most infected countries. All four have a track record of advanced cyber espionage and cyber sabotage, all four have reasons to take an interest in the most infected list.
The actual report listed Mongolia, not Inner Mongolia. The physical proximity of the base is most likely coincidental and thus not worth noting. Also, the most targeted group seem to be diplomatic, government, and military. The other areas are more broad in scope but narrow in geography. Looking at the targets in those terms would seem to indicate the product was developed for use as a generic attack vehicle, probably for use in a typical criminal money-making venture, then spread thin as it was sold for use by (probably) a government.
Or perhaps not, but it makes for a nice story.
Yes, but you might get in trouble for that. They may have admitted Stuxnet, but I don't think that they have admitted this one yet.
Mind you, maybe they are just planning an announcement. You know; tell everyone that China has been spying on them, and then announce that they have done this in retaliation.
And be careful; as Chris T Almighty said, they have hundreds of nukes, and even demonstrated to Japan & rest of world that they are happy to use them.
This post has been deleted by its author