Windows Flaw Allowed Hackers To Spy On NATO, Ukraine, Others 97
An anonymous reader writes: Reuters reports that a cybersecurity firm has found evidence that a bug in Microsoft's Windows operating system has allowed hackers located in Russia to spy on computers used by NATO, Ukraine, the European Union, and others for the past five years. Before disclosing the flaw, the firm alerted Microsoft, who plans to roll out a fix on Tuesday. "While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime. For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight."
Hilarious (Score:5, Funny)
Russians using American software to spy on NATO. The irony is mind blowing.
Re:Hilarious (Score:5, Interesting)
... unsolicited email is bad, NATO and other sensitive document handling people, ok?
If NATO or any other agency working on defence or international relations issues receives an unsolicited email purporting to list pro-Russian extremist activities, then they certainly should open it. That is part of their job - to remain in touch with these affairs. Chances are it is a hoax or scam, but they should still check. Otherwise it would be like the fire brigade refusing to pick up the emergency calls phone in case it is a hoax.
OTOH, they should open such emails in a sandbox suchas a VM, preferably in a non-Windows environment. They are professionals - they should be able to handle this sort of thing.
Re: (Score:2)
OTOH, they should open such emails in a sandbox suchas a VM, preferably in a non-Windows environment. They are professionals - they should be able to handle this sort of thing.
It is really amazing how many things are not Microsoft's fault.
Re: (Score:2)
To be honest, a political organization should not receive such emails directly anyway
NATO; an academic working on Russian issues; - these are not "political organisations" (NATO is a defence organisation). You think they should say to the world "Please send all emails for us via our local security police" ?!
They should know who is sending the information. Knowing and keeping up with the sender is .. important
It might be an anonymous tip-off. In this case it sounds like the emails were posing as just that. Ironic from an anonymous poster LoL!
Re: (Score:2)
OTOH, they should open such emails in a sandbox suchas a VM, preferably in a non-Windows environment. They are professionals - they should be able to handle this sort of thing.
opening that email in a plain text editor would have been enough, and more informative too. even outlook, i vaguely remember, had a "view source" or equivalent option.
allowing html or media to be embedded in email seemed a cool idea but we have never been prepared for it.
otoh, allowing private software to be used in public affairs is just idiotic.
Re: (Score:2)
You hope they are professionals.
I'm pretty sure this article proves that they are not.
Re: (Score:1)
Why?
Microsoft is not a state-owned enterprise, and has no allegiance to any state. It has a responsibility only towards its shareholders, and apparently the business model of selling flawed software is very profitable.
As opposed to doling out flawed software for free?
Re: (Score:2)
Re: (Score:1)
MS has been convicted of felonies all over the world multiple times. If MS was an individual, they would be serving a mandatory life sentence somewhere on a third strike.
Read here for a more detailed perspective (Score:4, Informative)
Read here for a more detailed perspective
http://www.isightpartners.com/2014/10/cve-2014-4114/
Re:Read here for a more detailed perspective (Score:5, Informative)
In addition to isight's blog [isightpartners.com]
there's an article in Wired [wired.com]
Re: (Score:2)
The first public analysis of the malware campaign (called BlackEnergy by most researchers) was done by Arbor Networks [arbornetworks.com] back in October 2007, and Dell SecureWorks [secureworks.com] did a comprehensive write-up on its second generation in 2010. Additional information on this malware campaign:
Sensationalize much? (Score:5, Interesting)
2 - "Russian hackers target NATO, Ukraine and others" the article screams and then we find this wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian:
"Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here".
Sounds like a bunch of FUD to me
Re: (Score:2)
From TFA
Re:Sensationalize much? (Score:5, Interesting)
1 - ISight claims this has been a five year campaign and then add that "hackers began only in August to exploit a vulnerability found in most versions of Windows". So where did the "five year" timeline come from?
2 - "Russian hackers target NATO, Ukraine and others" the article screams and then we find this wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian:
Sounds like a bunch of FUD to me
While I suspect that ISight (like all "security research" companies) deliberately stirs the pot (it helps generate awareness of their products), they do not actually claim that the specific vulnerability has been used for 5 years.
One could imagine that the "Sandworm" operation has been ongoing for 5 years. If they continually and persistently try to infiltrate NATO and other organizations they will probably use whatever opportunity presents itself. They actually also try to exploit vulnerabilities that have long been patched, hoping to hit an unpatched machine.
So while they do try to sensationalize, it is conceivable that the hacker group is older than just the most recently used vulnerability.
read moar (Score:2)
1) "So where did the "five year" timeline come from?"
Some Sandworm attacks also use five older vulnerabilities that have already been patched. The exploits are used to install various versions of BlackEnergy, a malicious tool used by cybercriminals. The tool gained notoriety in 2008 when botnets infected with the malware were used to launch denial-of-service attacks against systems in Georgia during a standoff between that country and Russia.
2) "wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian"
Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime.
crime can be anyone, espionage is reserved for a very select set of parties. it's a mere matter of deduction but feel free to believe what you wish, just stop posting it.
@AC (#48138981) - Re:Not unexpected.... (Score:4, Interesting)
Bill [Gates] also said 640k should be enough memory for anyone (I have the audio recording!)
Really? Please could you give a link to that. People have argued over and over whether he really said that. He denies it himself, so it would be very interesting if a recording exists and can be made public.
Re: (Score:2)
People must be blind (Score:1)
Re: (Score:2)
well some malware has the ability to hide from task manager.
couple this with the fact that the average user will have something like 100 processes running on boot up, they won't trim down unnecessary stuff.
And has no idea what most of them are.
I am of the opinion MS needs to make the above process simpler by trimming down the number of processes that run by default. Obviously keep separate things that do need to run in different security contexts, but there are way too many processes that run by default.
Re: (Score:1)
They can be hidden by 1) obtaining the administrator privilege and thus modifying process list in kernel, or 2) removing a line from the process table/list of Task Manager UI of the current user. It's part of centralized GUI / automation feature on Windows - also theoretically doable on X-window but nearly impossible due to massive use of lightweight widgets which are painted on the main window like it's a canvas (might have to do OCR on bitmaps...)
1) is even easier on Linux if malware is run on root permis
Re: (Score:2, Insightful)
User clicks on a malicious PPT file, which installs a backdoor. Don't people check task manager for unscrupulous executables running on their systems?
I'm envisioning a CEO at the big yearly meeting checking for "unscrupulous executables" when he starts his PowerPoint presentation.
This is the problem with you apologists. You have all of these excuses for Microsoft's flaws, and all of your "I can't believe that you didn't (insert really unlikely geek action performed by normal user here) , so it's all your fault."
If almost everyone is too stupid to use Microsoft OS, despite normal or high intelligence, maybe it really isn't their problem.
I wonder how long the NSA (Score:5, Insightful)
has had this one on the shelf, without disclosing it?
Re:I wonder how long the NSA (Score:5, Insightful)
Were they sufficiently technically incompetent that they didn't discover an attack that the Russians have been using, or were they sufficiently inept in a more general intelligence sense that they didn't realise that leaving US and allied machines vulnerable might be a problem?
Re: (Score:1)
Re:I wonder how long the NSA (Score:4, Insightful)
That's probably the big problem the NSA has in general - they have all these great exploits, but others could have them as well. They are the method for being able to do some of the critical things they need to do to get access, especially abroad, but the second they disclose they potentially lose their ability to utilize them. It becomes a spy race at that point - get as much important data as you can while hoping the "bad guys" aren't doing the same or are slower at it.
I wonder if the NSA ever feels a little guilty, knowing they have these exploits and could get them patched, and ultimately one of the could be used to do something very, very bad.
Re:I wonder how long the NSA (Score:5, Insightful)
Governments (Score:3, Insightful)
Re: (Score:2)
Re: (Score:1)
Yes, Heartbleed and Shellshock both had the potential to be much, much worst than this bug. However, those were only exploited after being found and disclosed, and patches being made available,
Re: (Score:2)
I'll take those two OpenSSL and Bash vulnerabilities any day! That's an important distinction, and not making it lulls anyone using OpenSSL or Bash on a non-Linux system into a false sense of security and may prevent them from patching. That's either a good or bad thing, depending entirely on the color of your hat.
Yes, Heartbleed and Shellshock both had the potential to be much, much worst than this bug. However, those were only exploited after being found and disclosed, and patches being made available, while this and other Windows flaws are only patched after being found, disclosed, and exploited for a while. Where there were patches issued for Heartbleed and Shellshock within hours of disclosure, this won't be patched until Patch Tuesday. Mind you, that's today, but it's still coming not only days after the disclosure, but months after active exploits.
What is the point? For starters none of us have any idea who all has a stock of what 0-days for any platform.
Secondly CVE databases are loaded to the hilt with windows and Linux vulns.
Distinctions made are about as useful as an intelligence contest for the mentally retarded. Unsurprisingly everyone is failing ... badly.
Re: (Score:2)
Re: (Score:2)
it's about keeping people informed so they can act appropriately. Imagine yourself a FreeBSD user; if you heard of Heartbleed as a Linux bug, would you think to look for an OpenSSL patch?
If your idea of being notified is hearing about it on CNN, ./, other "media" or social propagation your doomed.
Users should not be expected to know what supporting libraries are used by applications. Application vendors need to provide patches and make announcements for service effecting vulnerabilities in supporting libraries distributed with their applications no different than if source of error were their own code.
Operating system/package vendors need to provide patches and make announcements for vuln
Re: (Score:2)
Re: (Score:3, Insightful)
Everything else you say... well... It's true that Linux often lags in support for the newest video and graphics cards, and some cheap shit scanners that only ship with binary blob drivers (I've experienced this and Linux was doin
Re: (Score:2)
You're approaching me as though you assume I'm a Linux user. Well, you're half right; my desktop of choice, at the moment, is OS X, I and maintain a couple of Windows boxes, but my servers all run Linux. I have to agree, KDE4 is garbage, but I loved KDE3 when I u
Re:Anyone using Windows deserves it (Score:4, Interesting)
If one uses Windows he deserves what he gets!
Ok. I'll bite.
- Hours, days, weeks of waisted time in Installations configurations and updates.
My system installs configuration updates at night or in the background and only reboots when I'm not using it, so no wasted time.
- Bad style, and ugliness
Subjective. I quite like the style and presentation of Windows all the way through Windowss 8.1 although Metro apps are a slight nuisance, but I've never used any open source tool that has better style than its Windows-equivalent, including Apache/Libre/Open Office, The GIMP, Firefox, nor anything made by Google (and if you try to claim Google Docs is somehow better than MSOffice, I guess everyone will now how full of shit you are).
- Slowness and retarded technology
Well, slowness is measurable, but as with your first false claim, it doesn't impact me in meaningful ways. "retarded" technology, however, is subjective and also not something someone should try to hold against MS given how many terrible, terrible OS tools exist.
- Limited devices and architecture support
Really? Really? OK. I'm done here.
NATO & Windows (Score:1)
Oral phase (Score:1)
Seems our computer (users) are in their oral phase: stick everything you find on the street in your mouth.
"I want everything to happen automagically when I stuff a random $USB_DEVICE in my box"
"I want everything to happen automagically when I open some $RANDOM_DOCUMENT I found on the intratubes"
"I want any $RANDOM_APP linked from some $MORE_RANDOM_WEBSITE to be automagically installed in my browser (which I also use for banking, ferchrissake) and to take over my life from then on"
Well, duh.
Now, don't take m
Re: (Score:2)
Re: (Score:2)
oh you naive people. (Score:1)
It its not a 'Flaw' its a feature.
One way street? (Score:2)
Did the bug somehow prevent NATO, Ukraine, EU and others from spying on Russia?
Security (Score:2, Insightful)
Put your computers in a locked room.
Do not attach your computers to an external network.
If you don't trust your employers, don't attach your computers to any network.
Lock the door to the computer room and allow no one but trusted individuals entry.
Lock the door.
We knew this in 1975 when I worked at Burroughs. We knew this in 1973 when I was in charge of changing the paper tapes used for batch printing. Why don't we seem to know this today?
No mention of Kaspersky link to FSB (Score:3, Insightful)
Article fails to mention that Kaspersky anti-virus maker themselves has been linked to Russian state security services and computers using Kaspersky may contain back doors accessible to FSB.
and? (Score:2)
Zero-day? Really? (Score:1)
Blimey, get with the times!
22 years ago at school we were all using Object Packager in Windows 3.1 to smuggle in arbitary EXEs - long before any of this current hoo-ha erupted. Of course, we were more concerned with smuggling in games rather than using it for spying...
The only surprising thing is that it's taken them over 22 years to realise that yes, allowing random EXEs to be packaged up isn't really a good idea!
Bug or feature? (Score:1)
An undocumented ability to spy on NATO countries? Sounds to me like a feature, not a bug.
Correction: spy back on NATO countries. I'm living in one of the snoopiest.