Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday March 22 2018, @06:37PM   Printer-friendly
from the malware-is-malware-no-matter-who-controls-it dept.

US officials: Kaspersky "Slingshot" report burned anti-terror operation

A malware campaign discovered by researchers for Kaspersky Lab this month was in fact a US military operation, according to a report by CyberScoop's Chris Bing and Patrick Howell O'Neill. Unnamed US intelligence officials told CyberScoop that Kaspersky's report had exposed a long-running Joint Special Operations Command (JSOC) operation targeting the Islamic State and Al Qaeda.

The malware used in the campaign, according to the officials, was used to target computers in Internet cafés where it was believed individuals associated with the Islamic State and Al Qaeda would communicate with their organizations' leadership. Kaspersky's report showed Slingshot had targeted computers in countries where ISIS, Al Qaeda, and other radical Islamic terrorist groups have a presence or recruit: Afghanistan, Yemen, Iraq, Jordan, Turkey, Libya, Sudan, Somalia, Kenya, Tanzania, and the Democratic Republic of Congo.

The publication of the report, the officials contended, likely caused JSOC to abandon the operation and may have put the lives of soldiers fighting ISIS and Al Qaeda in danger. One former intelligence official told CyberScoop that it was standard operating procedure "to kill it all with fire once you get caught... It happens sometimes and we're accustomed to dealing with it. But it still sucks. I can tell you this didn't help anyone."

This is good malware. You can't expose the good malware!

Related: Kaspersky Claims to have Found NSA's Advanced Malware Trojan
Ties Alleged Between Kaspersky Lab and Russian Intelligence Agencies
Kaspersky Willing to Hand Source Code Over to U.S. Government
Kaspersky Lab has been Working With Russian Intelligence
FBI Reportedly Advising Companies to Ditch Kaspersky Apps
Federal Government, Concerned About Cyberespionage, Bans Use of Kaspersky Labs Products
Kaspersky Lab and Lax Contractor Blamed for Russian Acquisition of NSA Tools


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: -1, Troll) by cocaine overdose on Thursday March 22 2018, @06:46PM

    My name is Bradley Manning and welcome to "Who wants to be the next kefir-prop for Al Qaeda's new beheading video?" Kapersky's on over drive ever since Eugene Kaspersky's family was taken hostage in Moscow.

  • (Score: 2) by Gaaark on Thursday March 22 2018, @06:46PM (3 children)

    by Gaaark (41) on Thursday March 22 2018, @06:46PM (#656777) Journal

    It's good until it's used against Americans. Then it's bad?

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 5, Insightful) by Snotnose on Thursday March 22 2018, @06:54PM

      by Snotnose (1623) on Thursday March 22 2018, @06:54PM (#656782)

      It's good until it's used against Americans. Then it's bad?

      The problem is the holes they're exploiting exist on all computers/networks, and you can be damned sure it's not just JSOC that knows about them.

      What they should do, but I'm not holding my breath, is tell the vendors about these holes so they can fix them. Then again, I haven't been drinking the RA RA 'MURICA! Kool Aid for the past 20 years.

      --
      It's just a fact of life that people with brains the size of grapes have mouths the size of watermelons. -- Aunty Acid
    • (Score: 3, Insightful) by Anonymous Coward on Thursday March 22 2018, @06:54PM (1 child)

      by Anonymous Coward on Thursday March 22 2018, @06:54PM (#656783)

      It's good until it's used against Americans. Then it's bad?

      No, no, no. That's not it at all. It's good until we get caught and cannot plausibly deny it. Then it's bad that we got caught (but the malware is still good).

      • (Score: 2, Interesting) by Anonymous Coward on Thursday March 22 2018, @07:07PM

        by Anonymous Coward on Thursday March 22 2018, @07:07PM (#656792)

        Backdoors found - "bad", and quickly swept under the rug: compare with the brouhaha around Meltdown/Spectre.
        The parts providing them - still "good", even if for nothing apparent but more backdoors.

  • (Score: 3, Insightful) by Anonymous Coward on Thursday March 22 2018, @06:55PM (4 children)

    by Anonymous Coward on Thursday March 22 2018, @06:55PM (#656784)

    The officials apparently failed to realize that using malware might be detected by security researchers?

    Color me surprised...Military Intelligence just might be an oxymoron in this case.

    The part I find most objectionable is playing the 'our troops/assets in danger' card when caught red-handed.

    • (Score: 4, Insightful) by arcz on Thursday March 22 2018, @06:59PM

      by arcz (4501) on Thursday March 22 2018, @06:59PM (#656788) Journal

      The military thinks there is a thing called "cyber warfare" which is bullshit for "lets make viruses". Fucking scumbags in the US military and intelligence community. They ought to be hanged.

    • (Score: 5, Insightful) by looorg on Thursday March 22 2018, @07:09PM (1 child)

      by looorg (578) on Thursday March 22 2018, @07:09PM (#656794)

      ... likely caused JSOC to abandon the operation and may have put the lives of soldiers fighting ISIS and Al Qaeda in danger.

      likely ... may ... could they be more vague. Not that "in danger" necessarily mean dead but that is what they actually want to say. So how this exposure leads to dead boots on the ground does seem like a bit of a stretch of the imagination.

      • (Score: 2, Touché) by Anonymous Coward on Friday March 23 2018, @01:48AM

        by Anonymous Coward on Friday March 23 2018, @01:48AM (#656970)

        likely ... may ... could they be more vague.

        Possibly.

    • (Score: 1) by i286NiNJA on Thursday March 22 2018, @07:54PM

      by i286NiNJA (2768) on Thursday March 22 2018, @07:54PM (#656831)

      APT malware is usually a different breed.
      Imagine that someone recreated all the functionality of metasploit from scratch and then wrote a modern Remote Access Tool but with the sort of care and attention to detail you'd see in the more advanced DOS viruses.
      Every string is encrypted and most of the tool itself is stored as series of encrypted strings that are decrypted and eval'd as needed. The stub of an unencrypted program that does this is painstakingly designed to mimic the sorts of things a legitimate program may do. Every program has some plausible legitimacy that is coupled with the sorts of system access that you'd expect such a program to have. If the malware is hidden in a game and the malware needs network access, then the game will be sure to present a legitimate need for network access.
      Then to top it off they're not trying to get it to spread like wildfire so it won't get caught in random sinkholes and honeypots.

  • (Score: 4, Interesting) by bob_super on Thursday March 22 2018, @07:21PM (3 children)

    by bob_super (1357) on Thursday March 22 2018, @07:21PM (#656802)

    1) why do they admit that it was theirs, and describe the way they were using the virus?

    2) was that program actually working? If you're gonna tell us, and tell the bad guys to be paranoid, should you be bragging that the thing was helping?

    3) who's getting extradited for computer breaches inside a foreign sovereign state ?

    • (Score: 5, Interesting) by number11 on Thursday March 22 2018, @07:39PM

      by number11 (1170) Subscriber Badge on Thursday March 22 2018, @07:39PM (#656814)

      1) why do they admit that it was theirs, and describe the way they were using the virus?

      This. Normally, they would deny it, even if there is overwhelming evidence, or have no comment. They are admitting it for a reason. The story is not that they did it, of course they do stuff like that. The story is that they admit it.

      Why? I don't know. To attack Kaspersky? To attacking security researchers in general, at least the ones that they don't control? To encourage the scum who want backdoors in everything? To draw attention away from something else? To obliquely brag that they'd gotten away with it for years? To get adversaries to shift to a different communication channel, which has already been compromised?

    • (Score: 5, Insightful) by zocalo on Thursday March 22 2018, @07:44PM

      by zocalo (302) on Thursday March 22 2018, @07:44PM (#656822)
      I'm guessing it boils down to the code was blown,and now being detected by anti-virus signatures, Kaspersky Labs was responsible for that, and since there's an on-going smear campaign against Kaspersky Labs (for which the US has *still* to provide any real evidence), so they thought they might as well salvage something from it and add a tenuous claim of "putting American lives in danger" to the pile of completely unsubstantiated allegations. Of course, that completely ignores the possibility that the same vulnerabilities they are exploiting were already known to another nation state or group hostile to the US and really was being used to put US lives in danger because they hadn't informed the relevant vendor of the flaw and enabling them to fix it. Probably not the case in this occassion due to locations where the exploit has been detected, although it's possible that another independently coded version exploit wouldn't be detected by Kaspersky Labs, but given previous leaks of NSA exploit code it seems highly unlikely that they would all only be know the US.
      --
      UNIX? They're not even circumcised! Savages!
    • (Score: 3, Informative) by RamiK on Thursday March 22 2018, @08:30PM

      by RamiK (1813) on Thursday March 22 2018, @08:30PM (#656844)

      3) who's getting extradited for computer breaches inside a foreign sovereign state ?

      Well, according to the new judicial standard [theintercept.com], a measured response in this case would be bombing a small, American-owned, warehouse in the US.

      --
      compiling...
  • (Score: 2) by legont on Thursday March 22 2018, @08:18PM

    by legont (4179) on Thursday March 22 2018, @08:18PM (#656835)

    Do we have to clear bug fixes with the government? Perhaps, only foreigners have because we are protected by the Constitution but they are not?

    We probably need licensed developers. The days of guerrilla programming are probably over.

    --
    "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
  • (Score: 4, Insightful) by Anonymous Coward on Thursday March 22 2018, @09:38PM

    by Anonymous Coward on Thursday March 22 2018, @09:38PM (#656877)

    ...so, Kaspersky did its job, and the US Govt. is pissed about it?
    because getting hit by an AV is always going to be a risk if you're using malware as part of an espionage toolkit

    The real question is, what does it gain the govt to openly disclose the fact that they made Slingshot in the first place? Is it just to smear Kaspersky, make 'em look like the bad guys for "helping the terrorists"?
    If an American company had found this malware, what would have happened?

  • (Score: 3, Interesting) by maggotbrain on Thursday March 22 2018, @09:42PM

    by maggotbrain (6063) on Thursday March 22 2018, @09:42PM (#656880)

    And sites expect us to stop using ad blockers??? Seriously though, I hadn't realized the MicroTik was Latvian based. Previously, I had just considered it a generic white-box router solution.

  • (Score: 2) by Bot on Friday March 23 2018, @07:14AM

    by Bot (3902) on Friday March 23 2018, @07:14AM (#657044) Journal

    - russkie citizen
    - da?
    - about your recent malware discovery
    - good catch huh?
    - it was our military stuff, you ruined our isis crushing op
    - how were we supposed to know? and wasn't isis one of your...
    - shutup, first the spy, then the syrian mercenaries, and now this. why are you persecuting us
    - still hurt about the election of trump, i see? yet he is a close friends of isr....
    - shutup

    superior stabat lupus, longeque inferior agnus, and both had nukes, and both were part of the same system which thrives on destruction and reconstrucion.

    I tell ya, a true robocalypse (not the meatbag driven project) would probably be a good thing for you.

    --
    Account abandoned.
(1)