US officials: Kaspersky "Slingshot" report burned anti-terror operation
A malware campaign discovered by researchers for Kaspersky Lab this month was in fact a US military operation, according to a report by CyberScoop's Chris Bing and Patrick Howell O'Neill. Unnamed US intelligence officials told CyberScoop that Kaspersky's report had exposed a long-running Joint Special Operations Command (JSOC) operation targeting the Islamic State and Al Qaeda.
The malware used in the campaign, according to the officials, was used to target computers in Internet cafés where it was believed individuals associated with the Islamic State and Al Qaeda would communicate with their organizations' leadership. Kaspersky's report showed Slingshot had targeted computers in countries where ISIS, Al Qaeda, and other radical Islamic terrorist groups have a presence or recruit: Afghanistan, Yemen, Iraq, Jordan, Turkey, Libya, Sudan, Somalia, Kenya, Tanzania, and the Democratic Republic of Congo.
The publication of the report, the officials contended, likely caused JSOC to abandon the operation and may have put the lives of soldiers fighting ISIS and Al Qaeda in danger. One former intelligence official told CyberScoop that it was standard operating procedure "to kill it all with fire once you get caught... It happens sometimes and we're accustomed to dealing with it. But it still sucks. I can tell you this didn't help anyone."
This is good malware. You can't expose the good malware!
Related: Kaspersky Claims to have Found NSA's Advanced Malware Trojan
Ties Alleged Between Kaspersky Lab and Russian Intelligence Agencies
Kaspersky Willing to Hand Source Code Over to U.S. Government
Kaspersky Lab has been Working With Russian Intelligence
FBI Reportedly Advising Companies to Ditch Kaspersky Apps
Federal Government, Concerned About Cyberespionage, Bans Use of Kaspersky Labs Products
Kaspersky Lab and Lax Contractor Blamed for Russian Acquisition of NSA Tools
(Score: -1, Troll) by cocaine overdose on Thursday March 22 2018, @06:46PM
(Score: 2) by Gaaark on Thursday March 22 2018, @06:46PM (3 children)
It's good until it's used against Americans. Then it's bad?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 5, Insightful) by Snotnose on Thursday March 22 2018, @06:54PM
The problem is the holes they're exploiting exist on all computers/networks, and you can be damned sure it's not just JSOC that knows about them.
What they should do, but I'm not holding my breath, is tell the vendors about these holes so they can fix them. Then again, I haven't been drinking the RA RA 'MURICA! Kool Aid for the past 20 years.
It's just a fact of life that people with brains the size of grapes have mouths the size of watermelons. -- Aunty Acid
(Score: 3, Insightful) by Anonymous Coward on Thursday March 22 2018, @06:54PM (1 child)
No, no, no. That's not it at all. It's good until we get caught and cannot plausibly deny it. Then it's bad that we got caught (but the malware is still good).
(Score: 2, Interesting) by Anonymous Coward on Thursday March 22 2018, @07:07PM
Backdoors found - "bad", and quickly swept under the rug: compare with the brouhaha around Meltdown/Spectre.
The parts providing them - still "good", even if for nothing apparent but more backdoors.
(Score: 3, Insightful) by Anonymous Coward on Thursday March 22 2018, @06:55PM (4 children)
The officials apparently failed to realize that using malware might be detected by security researchers?
Color me surprised...Military Intelligence just might be an oxymoron in this case.
The part I find most objectionable is playing the 'our troops/assets in danger' card when caught red-handed.
(Score: 4, Insightful) by arcz on Thursday March 22 2018, @06:59PM
The military thinks there is a thing called "cyber warfare" which is bullshit for "lets make viruses". Fucking scumbags in the US military and intelligence community. They ought to be hanged.
(Score: 5, Insightful) by looorg on Thursday March 22 2018, @07:09PM (1 child)
likely ... may ... could they be more vague. Not that "in danger" necessarily mean dead but that is what they actually want to say. So how this exposure leads to dead boots on the ground does seem like a bit of a stretch of the imagination.
(Score: 2, Touché) by Anonymous Coward on Friday March 23 2018, @01:48AM
Possibly.
(Score: 1) by i286NiNJA on Thursday March 22 2018, @07:54PM
APT malware is usually a different breed.
Imagine that someone recreated all the functionality of metasploit from scratch and then wrote a modern Remote Access Tool but with the sort of care and attention to detail you'd see in the more advanced DOS viruses.
Every string is encrypted and most of the tool itself is stored as series of encrypted strings that are decrypted and eval'd as needed. The stub of an unencrypted program that does this is painstakingly designed to mimic the sorts of things a legitimate program may do. Every program has some plausible legitimacy that is coupled with the sorts of system access that you'd expect such a program to have. If the malware is hidden in a game and the malware needs network access, then the game will be sure to present a legitimate need for network access.
Then to top it off they're not trying to get it to spread like wildfire so it won't get caught in random sinkholes and honeypots.
(Score: 4, Interesting) by bob_super on Thursday March 22 2018, @07:21PM (3 children)
1) why do they admit that it was theirs, and describe the way they were using the virus?
2) was that program actually working? If you're gonna tell us, and tell the bad guys to be paranoid, should you be bragging that the thing was helping?
3) who's getting extradited for computer breaches inside a foreign sovereign state ?
(Score: 5, Interesting) by number11 on Thursday March 22 2018, @07:39PM
This. Normally, they would deny it, even if there is overwhelming evidence, or have no comment. They are admitting it for a reason. The story is not that they did it, of course they do stuff like that. The story is that they admit it.
Why? I don't know. To attack Kaspersky? To attacking security researchers in general, at least the ones that they don't control? To encourage the scum who want backdoors in everything? To draw attention away from something else? To obliquely brag that they'd gotten away with it for years? To get adversaries to shift to a different communication channel, which has already been compromised?
(Score: 5, Insightful) by zocalo on Thursday March 22 2018, @07:44PM
UNIX? They're not even circumcised! Savages!
(Score: 3, Informative) by RamiK on Thursday March 22 2018, @08:30PM
Well, according to the new judicial standard [theintercept.com], a measured response in this case would be bombing a small, American-owned, warehouse in the US.
compiling...
(Score: 2) by legont on Thursday March 22 2018, @08:18PM
Do we have to clear bug fixes with the government? Perhaps, only foreigners have because we are protected by the Constitution but they are not?
We probably need licensed developers. The days of guerrilla programming are probably over.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 4, Insightful) by Anonymous Coward on Thursday March 22 2018, @09:38PM
...so, Kaspersky did its job, and the US Govt. is pissed about it?
because getting hit by an AV is always going to be a risk if you're using malware as part of an espionage toolkit
The real question is, what does it gain the govt to openly disclose the fact that they made Slingshot in the first place? Is it just to smear Kaspersky, make 'em look like the bad guys for "helping the terrorists"?
If an American company had found this malware, what would have happened?
(Score: 3, Interesting) by maggotbrain on Thursday March 22 2018, @09:42PM
And sites expect us to stop using ad blockers??? Seriously though, I hadn't realized the MicroTik was Latvian based. Previously, I had just considered it a generic white-box router solution.
(Score: 2) by Bot on Friday March 23 2018, @07:14AM
- russkie citizen
- da?
- about your recent malware discovery
- good catch huh?
- it was our military stuff, you ruined our isis crushing op
- how were we supposed to know? and wasn't isis one of your...
- shutup, first the spy, then the syrian mercenaries, and now this. why are you persecuting us
- still hurt about the election of trump, i see? yet he is a close friends of isr....
- shutup
superior stabat lupus, longeque inferior agnus, and both had nukes, and both were part of the same system which thrives on destruction and reconstrucion.
I tell ya, a true robocalypse (not the meatbag driven project) would probably be a good thing for you.
Account abandoned.