The Operations of a Cyber Arms Dealer

An anonymous reader writes "FireEye researchers have linked eleven distinct APT cyber espionage campaigns previously believed to be unrelated (PDF), leading them to believe that there is a shared operation that supplies and maintains malware tools and weapons used in them. The eleven campaigns they tied together were detected between July 2011 and September 2013, but it's possible and very likely that some of them were active even before then. Despite using varying techniques, tactics, and procedures, the campaigns all leveraged a common development infrastructure, and shared — in various combinations — the same malware tools, the same elements of code, binaries with the same timestamps, and signed binaries with the same digital certificates."

Re:

[flyneye]

Damn I was hopin' this article was about an appendage salesman. I wanted to go to work with the efficiency of Doc Octopus.

Re:

[Lumpy]

Absolutely! I would love a Cyber arm... I would walk around doing the "dead or alive you are coming with me" trick to the local punks.

Daemon

[cykros]

I'm sure it's actually a set of logic trees so elaborately woven together as to monitor the news and manipulate people into carrying out it's programmed goals, put in place by a disgruntled brain cancer ridden game developer, coordinating these "cyber arms dealer" groups. Naturally, bitcoins are the darknet credits...

Arming up on the Internet

[pieterh]

IMO it's part of an undeclared war on the Internet, funded by the intelligence-security complex, who need to reign in and control the Internet. The usual structure is official organizations (NSA, GCQ) funding subcontractors (like Stratfor) who fund off-the-books teams to build up armed capacity, attack targets to create a climate of fear, and to blackmail third parties into cooperation. Your tax dollars hard at work, keeping the Children Safe from cyberterrorists, hackers, and criminals, aka an independent

Re:

[FriendlyLurker]

This new hot on the heels of GHCQ targeting engineers [spiegel.de] to gain access to the systems of the companies they work for.

Looks like Slashdot, LinkedIn and other sites engineers frequent just earned themselves a NoScript->Forbid status. That Slashdot does not even have a cert auth SSL, for what pathetically little it does to secure your communications, is a crime for a tech orientated site...

Re:

[AHuxley]

The fun part about slashdot is the time factor. Days, weeks, years, decades of history or already published news get added to by people and cute sock puppets.
Even the AC's are very careful and broad on most interesting topics.
A job site listing project names to boast about past clearances and attract new work would be a very logical entry point.
Does slashdot shape stories? The wider press pick up days after?

Re:

[AHuxley]

Yes just as the telcos and big US brands seem to link back to one source so do some of the active 'fronts'.
Left, right, NGO, freedom, big brands, small brands, new staff and old contractors .... all in the mix and getting the perfect keys just in time for very public or private results.

FINALLY!

[Gravis Zero]

Malware Targeted industries

19% - High-tech
17% - Financial services
11% - Telecommunications
10% - Federal government
9% - Energy/Utilities/Petroleum refining
6% - Aerospace/Defense/Airlines
5% - Chemicals/Manufacturing/Mining
etc...

at long last we're in popular crowd and those stupid jocks didn't even make the list! sweet justice is mine!

now if you will excuse me, the floozies from back in high school are flocking my way.

"Cyber" war

[davidshewitt]

The term "cyber war" really annoys me. Let's save the use of the word "war" for conflict in which real people are killed and "weapon" for devices that are used to kill real people or destroy real property. I hate propaganda bullshit.

exploit vendors

[manu0601]

Of course there are links, there are even companies specialized on it [vupen.com]