SoylentNews is people
SoylentNews
Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
The Russian group, known as “Turla” and accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, British security officials said.
[...] Paul Chichester, a senior official at Britain’s GCHQ [(Government Communications Headquarters)] intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.
In a statement accompanying a joint advisory with the U.S. National Security Agency (NSA), GCHQ’s National Cyber Security Centre said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.
“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.
Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.
[...] By gaining access to the Iranian infrastructure, Turla was able to use APT34’s[*] “command and control” systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory.
The Russian group was also able to access the networks of existing APT34 victims and even access the code needed to build its own “Iranian” hacking tools.
[*] APT34: Wikipedia Entry.
(Score: 1, Insightful) by Anonymous Coward on Tuesday October 22 2019, @09:53AM (4 children)
There's a recurring logical problem with these sort of announcements. Let's assume for a minute that what is stated here is 100% accurate. In other words that we have not only developed a means of determining exactly what Russian intelligence agencies are capable of doing, presumably without their knowledge, but what they are actively doing. And furthermore we've discovered a method of presumable misdirection they had developed, and some method for us to contravene this. Why now would you then decide to go announce this to the world?
Secrets like these are exactly what gives countries an edge in cyber-war where it's a never-ending game of cat and mouse (though often with a blur of whom is whom). It's like the NSA announcing that "We've developed a means of surveiling dumps of memory using an SSL connection exploit." No, you exploit it as much as you can internally while denying any awareness of it externally. When a third party announces it you remain silent or express surprise.
"Appear weak when you are strong, and strong when you are weak."
So why would this be announced? It's similar to the story of the secret Cuban 'brain beam'. And this is all happening during a day and age when everything down to what the president had for breakfast is stamped top secret and tucked away hidden from the public. And we just decide to keep announcing things that, if true, would genuinely substantially inform and aid hostile actors? It just feels like propaganda, or is there some clear angle I'm missing here?
(Score: 3, Funny) by driverless on Tuesday October 22 2019, @10:32AM (1 child)
Oh, that one's easy. You simply ask "Are there any Russian hackers on this server?" and if they response is "Nyet!" then you know they're there.
(Score: 3, Touché) by dak664 on Tuesday October 22 2019, @02:19PM
No, you ask "Does anyone deny they are hacking this site? If no answer, you can be sure they are lurking.
(Score: 3, Insightful) by Mojibake Tengu on Tuesday October 22 2019, @11:11AM
Announcements like that are often needed when own operations on friends got partially disclosed and it is necessary to blame some opponents to mitigate. Doing this helps the friends by giving them a plausible reason to placate impending public upset of their own.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by https on Tuesday October 22 2019, @07:17PM
It's not a wild assumption. Operational security is hard, as both AIVD and FSB [volkskrant.nl] can attest (in this case, from opposite sides).
Not everything is expendable. As the article points out, sometimes you actually have to defend against an attack. This can reveal your hand in itself. Reporting on things afterwards doesn't tell anyone that matters anything they don't already know.
Offended and laughing about it.