Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cyberespionage For Everyone

Soulskill posted about 2 years ago | from the senior-discount-kids-get-in-free dept.

Security 44

Mephistophocles writes "A chilling article by Darkreading's Kelly Jackson Higgins describes how the growing accessibility of hacking tools like RATs (Remote Access Trojans) have made cyber-espionage possible for more than just those financially backed by large nation-states, and speculates on what the implications of this may be: 'Researchers at Norman Security today revealed that they recently analyzed malware used in phishing emails targeting Israeli and Palestinian targets and found that attackers used malware based on the widely available Xtreme RAT crimeware kit. The attacks, which first hit Palestinian targets, this year began going after Israeli targets, including Israeli law enforcement agencies and embassies around the world. Norman says the same attacker is behind the attacks because the attacks use the same command-and-control (C&C) infrastructure, as well as the same phony digital certificates. This attack campaign just scratches the surface of the breadth and spread of these types of attacks around the world as more players have been turning to cyberspying. "We're just seeing the tip of the iceberg," says Einar Oftedal, deputy CTO at Norman.'"

cancel ×

44 comments

Sorry! There are no comments related to the filter you selected.

Amazing. (3, Insightful)

blackicye (760472) | about 2 years ago | (#41977969)

Norman Security is not only still around as a company, but they're now regarded as a news source.

Re:Amazing. (1)

jhoegl (638955) | about 2 years ago | (#41978085)

Your message intrigues me. Tell me more of your obvious distrust of Norman Security.

Re:Amazing. (4, Interesting)

blackicye (760472) | about 2 years ago | (#41978135)

Your message intrigues me. Tell me more of your obvious distrust of Norman Security.

My first experience with this out of nowhere Norton Clone was as preinstalled software on a brand new Acer laptop that I had to uninstall because it was interfering with fresh software installs.

Re:Amazing. (4, Interesting)

L4t3r4lu5 (1216702) | about 2 years ago | (#41978339)

Well your first mistake was not wiping any new PC completely before use. Microsoft have acknowledged [yahoo.com] that malware can be installed on new PCs at the factory, so using it at all without wiping is russian roulette with your personal information.

Download a DBAN ISO and keep it somewhere for when you buy a new PC. Wipe it, reinstall Windows, install drivers (which you should download from the vendor's website from a different PC. Don't put a memory stick in to the new PC before wiping). It's more work, but your experience with the new PC will be better for it.

OEM windows (2)

Barryke (772876) | about 2 years ago | (#41978747)

reinstall Windows

Easyer said than done when there is no Windows CD supplied.

I have even seen cases where there is no bootable recovery partition, no supplied disks whatsoever except for a manual on a CD (no drivers even), resulting in a recovery that demands you order (and pay for) a "recovery boot CD" first. I believe that was a Gateway computer.

Re:OEM windows (1)

L4t3r4lu5 (1216702) | about 2 years ago | (#41978979)

I too have seen where this is the case, however the point is moot; I don't trust the factory image, so why would I trust the recovery media?

There are Windows ISOs available from Microsoft [mydigitallife.info] . You can legally download these ISOs without any issue; It's the license key and certificate of authenticity which are your license documents.

Re:OEM windows (1)

dotancohen (1015143) | about 2 years ago | (#41980365)

I too have seen where this is the case, however the point is moot; I don't trust the factory image, so why would I trust the recovery media?

There are Windows ISOs available from Microsoft [mydigitallife.info] . You can legally download these ISOs without any issue; It's the license key and certificate of authenticity which are your license documents.

Since when is downloading an ISO from digitalrivercontent.net considered "available from Microsoft"? I would trust the Acer / Dell / HP install before I would trust these ISOs.

digital river is a content host (1)

RobertLTux (260313) | about 2 years ago | (#41981161)

if you buy from the Microsoft Store you are sent to digital river to do your download

bonus tip if you have any win7 dvd you can install whichever version of Win7 you have the key for if the ei.cfg file has been removed/disabled (note must be correct Arch and source so an OEM 32 bit DVD can be used to install any 32 bit version)

Re:Amazing. (0)

Anonymous Coward | about 2 years ago | (#41990831)

Yeah, just mirror all of the machines you set up and problem solved and might involve less work int the end.

Norman != Norton (4, Informative)

rgbrenner (317308) | about 2 years ago | (#41978447)

Norman was founded in 1984 and is based in Norway:
http://en.wikipedia.org/wiki/Norman_(company) [wikipedia.org]

Norton was started by Peter Norton in 1990 and is now owned by Symantec:
http://en.wikipedia.org/wiki/Norton_Internet_Security [wikipedia.org]

So, as you can see.. Your experience with Norton Clone has nothing to do with Norman.

Re:Norman != Norton (0)

blackicye (760472) | about 2 years ago | (#41978753)

Norman was founded in 1984 and is based in Norway:
http://en.wikipedia.org/wiki/Norman_(company) [wikipedia.org]

Norton was started by Peter Norton in 1990 and is now owned by Symantec:
http://en.wikipedia.org/wiki/Norton_Internet_Security [wikipedia.org]

So, as you can see.. Your experience with Norton Clone has nothing to do with Norman.

Not that Symantec is much better, but they were extablished in 1982, and not 1990.
http://en.wikipedia.org/wiki/Symantec [wikipedia.org]

Progress (0)

Anonymous Coward | about 2 years ago | (#41977991)

Maybe some day, instead of selling arms and giving money to the various factions in a conflict, we can just cyber trade stuff.

We could even put it on an exchange. Next phase: Jim Cramer explaining why you should buy Croation Insurgency at $35.00/share. It's a screaming buy. Booyah!

Finally, HFT takes over. The Intifada Exchange blows up and everybody blames the Jews... in angry comments on YouTube.

I like it. If we can just get ALL of the people that really care THAT MUCH about who can buy an apartment in a particular spot to fight in "cyberspace" instead of real life. Then, we can finally get on with our lives.

H1N1 can be caught BY ANYONE! (0, Flamebait)

Anonymous Coward | about 2 years ago | (#41978001)

Can be USED by anyone is fine. Can WORK SUCCESSFULLY against anyone is the problem.

Thankfully, with the notable exception of Adobe, companies are getting their sh*t together and making these trojans an exercise in futility.

"We're just seeing the tip of the iceberg,"

I think cyber-security companies will pump this up FOREVER and there is no peak to the claims they will make.

And some nefarious individuals (0)

Anonymous Coward | about 2 years ago | (#41978015)

...don't even need to use the XTREME RAT CRIMEWARE kit. Wired suggests we call them "hackers". RMS outraged. News at 11.

Is there a point to this article? (3)

Press2ToContinue (2424598) | about 2 years ago | (#41978049)

I mean, other than "everybody panic!" ?

Re:Is there a point to this article? (2, Interesting)

Anonymous Coward | about 2 years ago | (#41978105)

I mean, other than "everybody panic!" ?

It's more revisionist history bullshit intended to spread FUD. They're trying to pretend like script kiddies and lone hackers are just now showing up, and OMFG they have tools as well! They want people to believe that in the past, the only notable hacks have come from large, wealthy governments.
In reality, the governments have been playing "catch-up" for the last 30 years (or more) and other than the overly sensational Stuxnet story, I have yet to see anything done by a government which has not already been bested by a lone hacker or small group.

Cyber weapons don't cyber kill (0)

Anonymous Coward | about 2 years ago | (#41978059)

Mod my comment down all you like, cyber weapons are not weapons. Shoot a gun at someone and they die, sent a trojan to someone and they actually need to commit cyber suicide, run the trojan, on an insecure platform, without an anti-virus. The problem here is the legacy of platforms that will run anything, promptly hand full permissions to the app to be run and can be modified by these apps.

As I said higher up, and was modded -1:

Can be USED by anyone is fine. Can WORK SUCCESSFULLY against anyone is the problem.

Thankfully, with the notable exception of Adobe, companies are getting their sh*t together and making these trojans an exercise in futility.

"We're just seeing the tip of the iceberg,"

I think cyber-security companies will pump this up FOREVER and there is no peak to the claims they will make.

Re:Cyber weapons don't cyber kill (0)

Anonymous Coward | about 2 years ago | (#41978123)

Mod my comment down all you like, cyber weapons are not weapons.

They may not be lethal weapons, but they can certainly still be weapons. I take it you've never heard the phrase "The pen is mightier than the sword"? Words too can be used as weapons.

I think cyber-security companies will pump this up FOREVER and there is no peak to the claims they will make.

Bingo. The article makes it sound like script kiddies just showed up last week. These guys are completely backwards, and are either completely retarded or intentionally spreading FUD to pump up business. I suspect the latter.

Weapons that need vulnerabilities (2, Interesting)

Anonymous Coward | about 2 years ago | (#41978225)

They're not weapons, lethal or otherwise, if they cannot do harm. The problem here is the open OS's, and companies, notably Adobe, that create vectors (vulnerabilities) for doing harm.

The more script kiddies out there, the more secure the OSs will become because the more times they'll be attacked.

Adobe, Adobe, Adobe, Adobe, Adobe, Adobe, I'll say it a million times, because I am sick of it upgrading with some critical vulnerability. It's clear to me that Adobe is the company that currently does not have a technical grip on it's products and seems to be happy with an endless upgrade cycle.

I've started kicking their **** off PCs now because they just don't seem to be able to get their act together. But then that's also part of making OSs more secure: removing software from companies seemingly incapable of making their software secure.

As for words as weapons, bugger off, there's nothing you can say that can harm me. If you claim words as weapons then free speech is no more.

Re:Weapons that need vulnerabilities (1)

somersault (912633) | about 2 years ago | (#41990641)

There's plenty that people can say to help or harm you. The right or wrong words can have massive psychological impact. The whole of politics is basically just people trying to persuade other people. You can be falsely accused of things and have your reputation irreparably damaged, or even be put in prison just because of others people's words. Words are a very effective weapon indeed.

Free speech is only meant to apply to being able to say whatever you want about the government. It is illegal to slander, harass, use hate speech etc. in relation to private individuals.

You lack imagination, and are rather ignorant of law and reality.

What's the Cyberespionage alternative for... (2)

SpaghettiPattern (609814) | about 2 years ago | (#41978073)

What's the Cyberespionage alternative for using a window as a mirror to observe the target? What's the counterpart of sitting on a park bench with a newspaper with a hole in it? Cyber Grouch Marx mask anyone?

Re:What's the Cyberespionage alternative for... (1)

DavidClarkeHR (2769805) | about 2 years ago | (#41978301)

What's the Cyberespionage alternative for using a window as a mirror to observe the target? What's the counterpart of sitting on a park bench with a newspaper with a hole in it? Cyber Grouch Marx mask anyone?

let #text = Script Kiddies.
$print "The term is"; #text


OH NOES, imma terrorist now for using cyber-espionage tools! Even though I didn't use it for cyber-espionage, the tool could be used to destabilize a government.

"Growing Accessibility" (5, Insightful)

Anonymous Coward | about 2 years ago | (#41978109)

Did everyone already forget freely available rats like Sub7, BO and NetBus that used to be around in the late 90ies?

Re:"Growing Accessibility" (0)

Anonymous Coward | about 2 years ago | (#41979809)

i remember them, yes. i used to act as a girl on winmx chat and get users to download my "pics" (me.jpeg.exe). see the user ip while he was downloading the server program, and then i had full access to the users pc. hours of fun. this was, i don't know, maybe ten years ago?

Re:"Growing Accessibility" (0)

Anonymous Coward | about 2 years ago | (#41980003)

Yeah I used to play around with sub7, wow that brings back memories! Remember Back Orifice?

Re:"Growing Accessibility" (1)

theArtificial (613980) | about 2 years ago | (#41982837)

I remember when BO2K came out. The "mouse cam" plugin was pretty cool at the time, streaming an area around where the client's mouse cursor was very cool. Sub7 2.3 [subseven.org] was released in 2010 but by another developer [wikipedia.org] who had their site hacked. Mobman, the original developer, also stated that they'll be back...

So, tell me about these new "script kiddies"... (5, Funny)

DavidClarkeHR (2769805) | about 2 years ago | (#41978125)

So, rather than celebrate the possibility of having transparency for all (it's not government spying when everyone is doing it to the government in return) ... Norman Security is reporting on the emergence of script kiddies?

OMG (0)

Anonymous Coward | about 2 years ago | (#41978193)

You're saying that by creating technology to break into other people's computers, we create technology that could be used to break into our computers?

TELL ME MORE.

Yawn (1)

Anonymous Coward | about 2 years ago | (#41978251)

Wow, such a new concept! [wikipedia.org]

Really that prolific? (4, Insightful)

nomad-9 (1423689) | about 2 years ago | (#41978257)

From the article:"Turns out cyberespionage malware and activity is far more prolific than imagined.".

Really? Who "imagined" that malware activity was not that "prolific"? Did they just defrost those "researchers"?. Seems like these folks are the only ones surprised by the existence of script-kiddies, hackers in the Middle-East, the extent of Chinese state-sponsored cyber-espionage, and the growing hacker communities in Brasil and other emerging nations. Globalization => globalization of hacking. Who would have imagined that....

And the article links to another one ("Scope Of APTs More Widespread Than Thought" ) that goes on:
"There's a lot of cyberespionage happening internationally. This is not going to go away," Kaspersky's Schouwenberg says.

Gee, thanks for the eye-opening, completely obvious, self-evident statement, Shouwie, Here's a question: do you experts stay constantly tuned with what's happening in the world, or do you just wake up one day, burst out of the bubble where you were busy "imagining" things, and discover reality?

"... growing accessibility of... RATs..." (5, Insightful)

L4t3r4lu5 (1216702) | about 2 years ago | (#41978315)

You mean like Sub7 and Netbus, which were readily available in the late 90s?

Dude. This was news before Slashdot existed.

And where is that "chilling" part you mentioned? (0)

Anonymous Coward | about 2 years ago | (#41978403)

Can't seem to find it

cheap jerseys (-1)

Anonymous Coward | about 2 years ago | (#41978421)

100% Stitched cheap nike nfl jerseys [cheapwhole...eysusa.com] outlet with wholesale price and authentic quality free shipping, hurry up to order them.We would always try our best to satisfy our customers, no matter whether it is your first time or you are one of our long-term business partner. We especially put our efforts in Cheap Jerseys, wholesale nike nfl jerseys [cheapwhole...eysusa.com] .It has been years that our Cheap Jerseys attracted a great amount of wholsalers through the world.We have been trying to seek all the best to for our customers and would appreciate your any opinions or suggestions on our products cheap dallas cowboys jerseys [cheapwhole...eysusa.com] , service, etc.Cheap Jerseys, only $19 Buy Cheap cheap houston texans jerseys [cheapwhole...eysusa.com] from China NFL NBA NHL MLB Jerseys 2012 Factory.

cheap jerseys (-1)

Anonymous Coward | about 2 years ago | (#41978479)

I'd let them know it happens to be dependent upon what your thoughts is actually and what you're attempting to express. For anyone who is wanting to present and produce a really superior and classy seem after that it's a real.To show their support for these various teams, you will get a number of people wearing the NFL jerseys.As a nfl jerseys sale [cheapforjerseysgame.com] dealer, it is easy to begin and make your small business effective. Simply because there are millions of people on earth are NFL followers.nfl nike jerseys, wholesale nike nfl jerseys [cheapforjerseysgame.com] ,2012 nike nfl jerseys,wholesale nfl jerseys cheap,cheap nfl jerseys. dallas cowboys jerseys,green bay packers jerseys,new orleans saints jerseys,new york giants jerseys.Cheap Patriots Jersey. Eliza Clarke did several hamstrings to include on this to Wholesale NFL Jerseys come back hassle.Guarantee, Fast and free delivery. 2012 cheap nfl jerseys,Wholesale NFL Jerseys On Sale! cheap new york giants jerseys [cheapforjerseysgame.com] .There are various persons everywhere cashing with within the attractiveness connected with Us Activities having large providing counterfeit jerseys.you will find many retailers and merchants on the web that offer inexpensive soccer discount cheap pittsburgh steelers jerseys [cheapforjerseysgame.com] .

cheap jerseys (-1)

Anonymous Coward | about 2 years ago | (#41978517)

China Gro h dealer sell nfl jerseys sale [cheapinjerseyssale.com] : ect jerseys, baseball jerseys, NHL jerseys NCAA, NBA jerseys, baseball caps, hats, NFL Hats NHL, NCAA, NBA Hats. All are made in China. Below Wholesale Nike NFL Jerseys Online Store is a cheapjerseys2012shop.com Hong Kong business-to-consumer (B2C) e-commerce company in cheap green bay packers jerseys [cheapinjerseyssale.com] Shenzhen tee heart of Hong Kong, is the world's fastest growing city. Founded in 2008, our company has won trust and praise of certain cheap san francisco 49ers jerseys [cheapinjerseyssale.com] Chinese manufacturers in this sector and has a long-term partnership with them. For this reason, the company guarantees quality t and wholesale prices. So, z Glad you do not, nike nfl jerseys china [cheapinjerseyssale.com] from our Gro Buy commercial online store.

wet (0)

flyerbri (1519371) | about 2 years ago | (#41978657)

i say i want a wEt TshiRt PartY!

Slashdot welcome in the 90's. (2)

Barryke (772876) | about 2 years ago | (#41978755)

Slashdot i welcome you in the 90's. Nice that you are rerunning stories from the era of your inception.

Re:Slashdot welcome in the 90's. (0)

Anonymous Coward | about 2 years ago | (#41978763)

*puts cigar back in mouth*
Continues scribbling on tshirt with a permanent marker.

Well, duh. (1)

flyingfsck (986395) | about 2 years ago | (#41978855)

Welcome to circa 1970.

First rule of cyber security .. (0)

Anonymous Coward | about 2 years ago | (#41979079)

Never mention Microsoft Windows ...

Let's see them "call out to mama" when (0)

Anonymous Coward | about 2 years ago | (#41982085)

I block out communications to their C&C servers here, via custom hosts files + firewall rules tables in combination:

---

0.0.0.0 flashsoft.no-ip.biz
0.0.0.0 good.zapto.org
0.0.0.0 hatamaya.chickenkiller.com
0.0.0.0 helpme.no-ip.biz
0.0.0.0 hint.zapto.org
0.0.0.0 hint1.zapto.org
0.0.0.0 idf.blogsite.org
0.0.0.0 javaupdate.no-ip.info
0.0.0.0 loading.myftp.org
0.0.0.0 lokia.mine.nu
0.0.0.0 may2008.dyndns.biz
0.0.0.0 may2008.dyndns.info
0.0.0.0 menu.dyndns.biz
0.0.0.0 mjed10.no-ip.info
0.0.0.0 monagameel.chickenkiller.com
0.0.0.0 natco1.no-ip.net
0.0.0.0 natco2.no-ip.net
0.0.0.0 natco3.no-ip.net
0.0.0.0 natco4.no-ip.net
0.0.0.0 owner.no-ip.biz
0.0.0.0 powerhost.zapto.org
0.0.0.0 ramadi.no-ip.biz
0.0.0.0 remoteback.no-ip.biz
0.0.0.0 skype.servemp3.com
0.0.0.0 test.cable-modem.org
0.0.0.0 www.hint-sms.com

---

SOURCE = Cyberattack_against_Israeli_and_Palestinian_targets.pdf

Downloadable from NORMAN -> via the article's source page here -> http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240115353/the-globalization-of-cyberespionage.html [darkreading.com]

(I would post the direct link, but /. says it is "too long of a string of letters" so, there you are! Close as I can get...)

Excellent document too!

Well-done & INFORMATIVE for my purposes!

(Which is simply shutting these kinds of machinations down before they can even DO anything, much less even let me get it in the first place!)

* The rest, based on IP addresses, seem to be changing dynamically (ala "fastflux" type work), but again:

I simply add them as they are discovered via a Windows PowerShell script to my firewall rules table too - thank goodness they are NOT the majority of what these malware makers use usually though since they're relatively easy to "Blackhole" @ the ISP/BSP level via say, DNS Block lists as 1 example thereof.

APK

P.S.=> After all - "You can't get burned IF you don't & can't go into the hot kitchen"...

AND?

Yes, that is EXACTLY what this method of defense allows, easily, via a custom hosts file!

(Which is the primary one, since they "recycle" the host-domains they own usually)

And, of course, for those IP address based ones (rarer since they are EASILY blackholed @ the DNS level alone) & firewall rules tables also...

Do THAT, folks?

There is literally NO WAY for them to even "TALK TO MAMA" (C&C Servers) for orders!

Heck - NOT even IF I was to get one of these machinations, via say, a USB stick... they're totally "nullified" from the get-go!

... apk

When I was a kid on Windows 95 (0)

Anonymous Coward | about 2 years ago | (#41984521)

and when ICQ and IRC was very popular, there were easy ways to obtain user IP addresses and only with that you could hack into someone's computer with a very basic tool. Another one required you to get them software, in which it came with a remote networking virus, opening ports and keeping them open. Often times people would already have it and nothing needed to be done. Another tool that I remember was something similar but if they used remote networking then you could easily gain access to their computer as well. Lesson learned is that even when you're 10 you could still hack people with the right tools, and the right tools was once very easy to get to, and it may very well still be that way.

Cyber Security (0)

Anonymous Coward | about 2 years ago | (#41986271)

Webcam Spying is a BIG part of Cyber Security for governments and citizens. The best way to protect your webcam from spying/espionage is to use a Webcam Cover. C-SLIDE makes the BEST webcam cover on the market today. Check them out at http://www.c-slide.com

That® (0)

Anonymous Coward | about 2 years ago | (#41997853)

I'm suprised that no one brought up the Second Amendment (at least those in the USA).

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?