close
    • chevron_right

      FBI Disables Russian Malware

      news.movim.eu / Schneier · Wednesday, 10 May, 2023 - 15:26

    Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.”

    The headline says that the FBI “sabotaged” the malware, which seems to be wrong.

    Presumably we will learn more soon.

    • chevron_right

      Security Vulnerabilities in Covert CIA Websites

      news.movim.eu / Schneier · Sunday, 2 October, 2022 - 15:03 · 1 minute

    Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by —at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re now learning that the CIA is still “using an irresponsibly secured system for asset communication.”

    Citizen Lab did the research :

    Using only a single website, as well as publicly available material such as historical internet scanning results and the Internet Archive’s Wayback Machine, we identified a network of 885 websites and have high confidence that the United States (US) Central Intelligence Agency (CIA) used these sites for covert communication.

    The websites included similar Java, JavaScript, Adobe Flash, and CGI artifacts that implemented or apparently loaded covert communications apps. In addition, blocks of sequential IP addresses registered to apparently fictitious US companies were used to host some of the websites. All of these flaws would have facilitated discovery by hostile parties.

    […]

    The bulk of the websites that we discovered were active at various periods between 2004 and 2013. We do not believe that the CIA has recently used this communications infrastructure. Nevertheless, a subset of the websites are linked to individuals who may be former and possibly still active intelligence community employees or assets:

    • Several are currently abroad
    • Another left mainland China in the timeframe of the Chinese crackdown
    • Another was subsequently employed by the US State Department
    • Another now works at a foreign intelligence contractor

    Citizen Lab is not publishing details, of course.

    When I was a kid, I thought a lot about being a spy. And this, right here, was the one thing I worried about. It didn’t matter how clever and resourceful I was. If my handlers were incompetent, I was dead.

    Another news article .

    EDITED TO ADD (10/2): Shashdot thread .

    • chevron_right

      Microsoft Issues Report of Russian Cyberattacks against Ukraine

      news.movim.eu / Schneier · Thursday, 28 April, 2022 - 14:15

    Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war:

    At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating. However, collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions.

    […]

    Threat groups with known or suspected ties to the GRU have continuously developed and used destructive wiper malware or similarly destructive tools on targeted Ukrainian networks at a pace of two to three incidents a week since the eve of invasion. From February 23 to April 8, we saw evidence of nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine.