SoylentNews is people
SoylentNews
from the malware-is-malware-no-matter-who-controls-it dept.
US officials: Kaspersky "Slingshot" report burned anti-terror operation
A malware campaign discovered by researchers for Kaspersky Lab this month was in fact a US military operation, according to a report by CyberScoop's Chris Bing and Patrick Howell O'Neill. Unnamed US intelligence officials told CyberScoop that Kaspersky's report had exposed a long-running Joint Special Operations Command (JSOC) operation targeting the Islamic State and Al Qaeda.
The malware used in the campaign, according to the officials, was used to target computers in Internet cafés where it was believed individuals associated with the Islamic State and Al Qaeda would communicate with their organizations' leadership. Kaspersky's report showed Slingshot had targeted computers in countries where ISIS, Al Qaeda, and other radical Islamic terrorist groups have a presence or recruit: Afghanistan, Yemen, Iraq, Jordan, Turkey, Libya, Sudan, Somalia, Kenya, Tanzania, and the Democratic Republic of Congo.
The publication of the report, the officials contended, likely caused JSOC to abandon the operation and may have put the lives of soldiers fighting ISIS and Al Qaeda in danger. One former intelligence official told CyberScoop that it was standard operating procedure "to kill it all with fire once you get caught... It happens sometimes and we're accustomed to dealing with it. But it still sucks. I can tell you this didn't help anyone."
This is good malware. You can't expose the good malware!
Related: Kaspersky Claims to have Found NSA's Advanced Malware Trojan
Ties Alleged Between Kaspersky Lab and Russian Intelligence Agencies
Kaspersky Willing to Hand Source Code Over to U.S. Government
Kaspersky Lab has been Working With Russian Intelligence
FBI Reportedly Advising Companies to Ditch Kaspersky Apps
Federal Government, Concerned About Cyberespionage, Bans Use of Kaspersky Labs Products
Kaspersky Lab and Lax Contractor Blamed for Russian Acquisition of NSA Tools
(Score: 3, Insightful) by Anonymous Coward on Thursday March 22 2018, @06:55PM (4 children)
The officials apparently failed to realize that using malware might be detected by security researchers?
Color me surprised...Military Intelligence just might be an oxymoron in this case.
The part I find most objectionable is playing the 'our troops/assets in danger' card when caught red-handed.
(Score: 4, Insightful) by arcz on Thursday March 22 2018, @06:59PM
The military thinks there is a thing called "cyber warfare" which is bullshit for "lets make viruses". Fucking scumbags in the US military and intelligence community. They ought to be hanged.
(Score: 5, Insightful) by looorg on Thursday March 22 2018, @07:09PM (1 child)
likely ... may ... could they be more vague. Not that "in danger" necessarily mean dead but that is what they actually want to say. So how this exposure leads to dead boots on the ground does seem like a bit of a stretch of the imagination.
(Score: 2, Touché) by Anonymous Coward on Friday March 23 2018, @01:48AM
Possibly.
(Score: 1) by i286NiNJA on Thursday March 22 2018, @07:54PM
APT malware is usually a different breed.
Imagine that someone recreated all the functionality of metasploit from scratch and then wrote a modern Remote Access Tool but with the sort of care and attention to detail you'd see in the more advanced DOS viruses.
Every string is encrypted and most of the tool itself is stored as series of encrypted strings that are decrypted and eval'd as needed. The stub of an unencrypted program that does this is painstakingly designed to mimic the sorts of things a legitimate program may do. Every program has some plausible legitimacy that is coupled with the sorts of system access that you'd expect such a program to have. If the malware is hidden in a game and the malware needs network access, then the game will be sure to present a legitimate need for network access.
Then to top it off they're not trying to get it to spread like wildfire so it won't get caught in random sinkholes and honeypots.