back to article Tech giants! How do you know Jim in accounting isn't Putin moves on you

"I would be surprised if all major intel agencies didn't have people embedded in Google, Amazon, Apple, Facebook and major cloud provers," infosec guru Mikko Hyppönen told a packed audience at BSides conference in London on Wednesday. Hyppönen, chief research officer at security firm F-Secure, made the comment during a well- …

  1. Anonymous Coward
    Anonymous Coward

    Yep - I'm one

    Posting AC naturally - Anonymous Comrade

    1. Anonymous Coward
      Anonymous Coward

      Re: Yep - I'm one

      are you Anatoly in sales? I've always had my suspicions.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yep - I'm one

        No! I'm Anatoly in sales!

        1. Anonymous Coward
          Anonymous Coward

          Re: Yep - I'm one

          Wait a minute, I though I was Anatoly in sales?

          You sure you are not Sparticus from public relations?

          1. Fungus Bob Silver badge
            Coat

            Re: Yep - I'm one

            *I* am Anna Toley in sales...

  2. MiguelC Silver badge

    Why infiltrate

    When you can 'turn' current employees already on the most sensitive / interesting (spywise) jobs?

    That's what spies have done for eons and I see no reason why agencies would snub long proved methods

    1. stiine Silver badge
      Facepalm

      Re: Why infiltrate

      Because it costs more money.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why infiltrate

        Because it costs more money.

        It's not the agency's money.

        It's not even real money, but IOUs on future taxpayers.

        Nobody cares. Just order another greenback container.

        1. Tom Paine Silver badge

          Re: Why infiltrate

          This is Russia we're talking about. Greenbacks are not something they currently have a large surplus of. It's mostly sitting in offshore trust multi-layered, multi-jurisdictional shell companies. If you have a look at the Putin doctrine over the last 18 years and the way the "entrepreneurial' groups, teams, departments, bureaus and whatnot develop their semi-detatched autonomous operations, you;ll notice an innovative disinterest in expensive stealth measures. Consider the notorious troll factory, for instance -- they weren't highly trained FSB or SVR officers, they were 20-something unemployed graduates who just wanted a job and had reasonable English. Same with the myriad of evidence trails thrown off by dozens of people in the Trump set-up. I suspect the notion is that it's a cheap win/win tactic. If the op's not blown, win, you get a puppet into the White House. If the op's blown and disclosed that''s also fine, because by the time the last shady "businessman' has been perp-walked into the Black Marias the public's trust in the institutions of the state and government has been massively eroded, the pro- and antio- camps have hardened their positions to quasi-religious state of ecstatic ingroup/outgroupery, where none of the Trump base will ever believe it's anything other than a coup by the deep state or the UN black helicopters etc etc when he's finally jailed. (Remind anyone of events closer to home?)

          In that ops mode, cheapness has a double virtue.

          The NATO Handbook is a very good read. http://www.ndc.nato.int/news/news.php?icode=995

    2. GnuTzu Silver badge

      Re: Why infiltrate -- Exception Requests

      Either way, it still counts as a malicious insider threat (as opposed to the non-malicious kind). Anyone who approves any manner of security exception has to be wary of every email, particularly requests for exceptions.

  3. Anonymous Coward
    Anonymous Coward

    suddenly...

    A colleagues half acceptance of being jokingly called a 'Soviet spy' take on a darker meaning....

    1. stiine Silver badge

      Re: suddenly...

      It would be if the colleague was from Belarus and actually spying for Ukraine.

      1. Anonymous Coward
        Anonymous Coward

        Re: suddenly...

        Closer to the truth than you realise I think.....

    2. Paul Crawford Silver badge

      Re: suddenly...

      Well if his name is Sergy its either that or being called a Meerkat.

  4. DougS Silver badge

    This is a problem for companies that collect non-anonymized data

    The embedded spooks can attack from the inside, and steal that data to pass to their bosses.

    Of course, Facebook is immune to such concerns - why would you need to plant a spy inside them when they will apparently sell personal data on their users to anyone that comes along!

    1. onefang Silver badge

      Re: This is a problem for companies that collect non-anonymized data

      "Of course, Facebook is immune to such concerns - why would you need to plant a spy inside them when they will apparently sell personal data on their users to anyone that comes along!"

      Maybe the spy is cheaper?

  5. Anonymous Coward
    Anonymous Coward

    BOFH events in the dark

    So auditors meeting untimely deaths due to usual but rare workplace accidents might actually be ... wetwork?

    Jobs in network and sysadmin roles would be key targets for such infiltration, Hyppönen told El Reg, adding that he knows Apple and other tech giants are hip to the threat.

    This probably means they are demanding cash from deep-throated people in underground garages before HR emits a positive grunt.

    1. Sgt_Oddball Silver badge
      Devil

      Re: BOFH events in the dark

      No, just another say at the office for a true BOFH.....

  6. Anonymous Coward
    Anonymous Coward

    No one has approached me

    Either I am a crap sysadmin or no one wants the inside dope on a university.

    1. GruntyMcPugh Silver badge

      Re: No one has approached me

      .. have you read 'The Cuckoos Egg' by Clifford Stoll? He's a sysadmin at an American Unversity, and what starts out as a simple accounting discrepancy throws him into a world of espionage. Oh, and it's a true story. https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg

      So, go check your acct is set up properly,.... you could find something interesting.

      1. Destroy All Monsters Silver badge
        Windows

        Re: No one has approached me

        The Cuckoos Egg' by Clifford Stoll?

        Fuck ... Melancholy.

        Those were the days. Actual telephony switching relays. Tymnet. Some dude accessing faked SDI info (hacked together in near-real time, enormous troll award should be forthcoming) from the DDR!

        The world back then has enormous DISTANCE. Just getting over the Atlantic was an adventure. Documentation was sparse. Comms were bad. Telephones were in use. Screens were green. JPGs were nowhere to be seen.

        And summers were just better.

  7. Anonymous Coward
    Anonymous Coward

    They infiltrated the Vatican

    Tech is like a new religion to many.

    And if many nations tell the Antivirus companies don't find our hacker shit, then you can get an idea of if they would stack the decks elsewhere. and i would not cost that much as they would earn $ from their job.

    It wasn't long ago that 2IC in Linux Kernel team was spitting chips about all the interference. I always thought the spooks would be lurking there, building in the next hole, in case some nation tries to develop an independent operating system.

    Problems arise when Tech is over commercialised and people are complacent, not just spooks.

    but "sleepers', those that are totally unaware to the effect of what they do and those that just don't care.

    1. Tom Paine Silver badge

      Re: They infiltrated the Vatican

      but "sleepers', those that are totally unaware to the effect of what they do and those that just don't care.

      That's not what a sleeper agent is.

      https://en.wikipedia.org/wiki/Sleeper_agent

  8. Anonymous Coward
    Anonymous Coward

    Is Microsoft an arm of the U.S. military

    that's why Bill Gates dooms day threat had so much weight. and why their has been a venting thru obscure sources of material....

    The failure to prosecute Microsoft and Bills exit from MS and seemingly service to US State or other Dept overseas as punishment, they then let him back in under a founder's role. When they figured he's got them something they wanted, might give a clue to that. Now many internal defense depts build their own systems, completely different of anything known.

  9. Anonymous Coward
    Anonymous Coward

    'It made sense for finance dept staff to have 2 computers'

    Honestly, something this obvious would escape most bean counters. Plus SMB-vector attacks would still mean both machines would probably need to be network-segmented somehow. Personally, I do all critical dev on Air-Gapped machines. Its too much dead-time otherwise trying to keep up. Plus, so many slurpy Apps & OS want to phone hone constantly for no real benefit. My work doesn't have Github / Gitlab / Perforce dependencies tho...

  10. Anonymous Coward
    Anonymous Coward

    Really?

    Mikko Hyppönen is usually at the more paranoid end of reasonable, but this is way over the top. It's this sort of nonsense which allows dickheads to rationalise their bigotry against Russians, Chinese, Israelis &c. Guys, lay off the fucking weed and use some rationality.

    1. Anonymous Coward
      Anonymous Coward

      Re: Really?

      The US was the first nation on Mikko's list as it would be on mine. Tough contest though as the Israeli's are right up there in terms of capability, if not a bit better. Notice any patterns in whose companies are being bought out these days. Israel is the place to be from.

    2. Anonymous Coward
      Anonymous Coward

      Re: Really?

      this is way over the top

      I would call it absolutely pedestrian.

      This is how it works, dontcha know.

      And sometimes the cleaner needs to come.

      I have had a couple of instances of suspiciously mole-y events during my career. Probably just crims and the competitors though.

      Information was somewhat critical but sadly Israeli, US or Russians hailing each other on the servers would not even have been noticed. The pressure of competition, ROI and utter IT ignorance, eh!

  11. Anonymous Coward
    Anonymous Coward

    'Snoops are getting in on the act'

    Whether you subscribe to this 'sounds-like-a-conspiracy theory' or not. Its interesting how calm Zuckerberg was during the hours of 'test-of-mony' in front of EU/US lawmakers. It was like someone had guaranteed him safety / gave him a get-out-of-jail-free-card, while so many wanted him beheaded!

  12. Anonymous Coward
    Anonymous Coward

    Well...

    ... it always seems to have worked very well at the BBC's Izvestia & Pravda departments.

  13. Anonymous Coward
    Anonymous Coward

    That explains why all our tech is being moved to The Cloud

    AKA other peoples computers the spooks have full access to

  14. Anonymous Coward
    Anonymous Coward

    Facebook and Google are the revenue generating part of the NSA

    That much is obvious

  15. Anonymous Coward
    Anonymous Coward

    Tech giants! How do you know Jim in accounting isn't Putin moves on you

    Would someone please explain what this headline actually means? It seems completely ungrammatical.

    1. Rainer

      Re: Tech giants! How do you know Jim in accounting isn't Putin moves on you

      It seems to have some sort of sexual innuendo:

      https://www.urbandictionary.com/define.php?term=put%20the%20moves%20on

      Not something you'd expect from El Reg. Oh wait...

  16. Rainer

    "Jack Ryan - Shadow Recruit"

    Well, the concept wasn't exactly new.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019