"Computer malware targets Europe agencies"

**Roma_Victrix** · January 14, 2013, 09:43 AM

Kind of scary I'd say, considering if it's actually cyber criminals behind this who could sell decryption keys to just about anyone.

http://www.washingtonpost.com/world/...402_story.html

By Ellen Nakashima,

Computer security researchers have uncovered malware that appears to have been used as part of a widespread cyber espionage campaign targeting European diplomatic and government agencies.

Kaspersky Lab, a global firm based in Moscow, said in a report released Monday that the malware rivals in complexity the Flame virus, a cyber-spying tool that was created by the United States and Israel for use against Iran.

The newly discovered malware, called Rocra, has been in existence for at least five years and appears to have been written by Russian speakers using Chinese exploit code that silently installs malware. It was still active as of early January.

Among other things, Rocra has been used to steal encrypted files and decryption keys used by European Union organizations and NATO, said Roel Schouwenberg, a Kaspersky researcher based in Boston.

The malware also can map out the internal layout of a computer network, the configuration of routers, and hijack files from thumb drives and smartphones, he said. It records keystrokes, makes screenshots, recovers deleted files and encrypts data it steals. It makes unique identifiers for each target to more easily catalogue the data stolen.

Rocra is not as sophisticated as Flame, which spread through Windows software updates. But it appears to be far more elegant than the “rudimentary” malware coming from China, which has been used to siphon vast amounts of proprietary data from companies and governments around the world, Schouwenberg said.

Kaspersky’s researchers began analyzing the malware in October and determined it was targeting organizations mostly in Eastern Europe, but also in Central Asia, Western Europe and North America. Targets include trade and commerce organizations, nuclear and energy research groups, oil and gas companies and the aerospace industry. They also include a handful of non-U.S. diplomatic organizations inside the United States.

The lab does not know who is behind the malware, whether it is a national government or criminals looking to sell the data to a government. “Over the past six months, we’re starting to notice a pattern where cyber criminals are stealing information from a bigger scope of targets,” Schouwenberg said.

So far, the lab has counted several hundred infections worldwide, with Russia and other Eastern European countries leading the list. But Iran and the United States also have been hit, according to the report.

Researchers said it’s likely there are far more targets that they have been unable to detect.

**Thorn777** · January 14, 2013, 10:39 AM

China did it!!! Cyber Terrorism. Prolly monsterous Assad as well.

**Border Patrol** · January 14, 2013, 10:44 AM

You're right Thorn, it was clearly done by Mossad. We know the truth. Israeli agents learned Chinese and Russian, then programmed a virus in the Chinese language in Russian. Just to throw the world off the scent. Obviously.

**~~Raubritter~~** · January 14, 2013, 01:16 PM

European Union organizations are now Europe agencies? The EU is now Europe itself?

**Dr Zoidberg** · January 15, 2013, 03:45 AM

Originally Posted by Raubritter

European Union organizations are now Europe agencies? The EU is now Europe itself?

What?

**Sir Pignans** · January 14, 2013, 05:47 PM

Iranians.

**Plan C** · January 15, 2013, 03:18 AM

Cyber warfare... what a bunch of crud. The vision sold to the public to secure funding for ever more complicated (and expensive) "defense solutions" exploits public ignorance.

The only feasible way in for any attacker anywhere is invariably based on compromised element inside organisation. Social engineering is key to compromising any IT systems, certainly by far the most cost-effective.

Reminds me of the Home Office announcement a few months back saying that UK is under a sustained cyber attack because staff are targeted by spam emails.

Data breaches occur because people lose data, are sloppy as data custodians (weak, predictable passwords, undue disclosure i.e. passwords written on a post it attached to a lost ID card) or are approached and willing to turn (like in case of Stuxnet). Some, like Manning, turn based on their views and opinions.

Clamoring for more money is duping tech-illiterate, decades-behind-the-curve govt officials into diverting taxpayer money away from schools and libraries and into phoney "cyber defense programs" whereas all that is required is continuous awareness, more stringent and regular training and people actually giving a

about data they are meant to look after.

**Aanker** · January 15, 2013, 08:28 AM

Originally Posted by Brick Top

Cyber warfare... what a bunch of crud. The vision sold to the public to secure funding for ever more complicated (and expensive) "defense solutions" exploits public ignorance.

The only feasible way in for any attacker anywhere is invariably based on compromised element inside organisation. Social engineering is key to compromising any IT systems, certainly by far the most cost-effective.

Reminds me of the Home Office announcement a few months back saying that UK is under a sustained cyber attack because staff are targeted by spam emails.

Data breaches occur because people lose data, are sloppy as data custodians (weak, predictable passwords, undue disclosure i.e. passwords written on a post it attached to a lost ID card) or are approached and willing to turn (like in case of Stuxnet). Some, like Manning, turn based on their views and opinions.

Clamoring for more money is duping tech-illiterate, decades-behind-the-curve govt officials into diverting taxpayer money away from schools and libraries and into phoney "cyber defense programs" whereas all that is required is continuous awareness, more stringent and regular training and people actually giving a

about data they are meant to look after.

Sorry, but I can't help it.

**Plan C** · January 15, 2013, 09:31 AM

Originally Posted by Aanker

Sorry, but I can't help it.

Lol, no it's just my professional observation - Information Security is my trade

**NosPortatArma** · January 15, 2013, 10:22 AM

is it really worth it to have all governmental data on internet accessible places when hackers can attack? Is there even an alternative?

and gods, if they catch these cyber criminals I really hope they're dealt with texan style.

**Plan C** · January 15, 2013, 11:18 AM

Originally Posted by NosPortatArma

is it really worth it to have all governmental data on internet accessible places when hackers can attack? Is there even an alternative?

and gods, if they catch these cyber criminals I really hope they're dealt with texan style.

Most of the data isn't in "internet accessible" places, usually it will reside either on file servers (or SAN, NAS, whatever) or intranet. That's why "breaking in" from "the internet" isn't possible without somebody on the inside clicking on an infected link in a retarded motivational or sending his admin password to his wife so that she can install Flash on work laptop, or leaving unlocked BlackBerry in a pub, or losing an unencrypted laptop on a train etc etc. Criminals are rarely evil geniuses and most often succeed because they get lucky or simply cast wide enough a web.

**mrmouth** · January 15, 2013, 01:50 PM

Isn't this all kind of solved by having two computers on a desk? One that you can reach the outside world with, but that is not networked with the other computer, which is what you can access sensitive information with?

I mean even in that case the sensitive intranet computer could have installed Flame via windows updates done offline, but it wouldn't have mattered. It would have been contained unless there is a case of espionage within the corporation or agency. Like someone removing a USB drive from the building.

**Plan C** · January 15, 2013, 03:36 PM

Originally Posted by mrmouth

Isn't this all kind of solved by having two computers on a desk? One that you can reach the outside world with, but that is not networked with the other computer, which is what you can access sensitive information with?

I mean even in that case the sensitive intranet computer could have installed Flame via windows updates done offline, but it wouldn't have mattered. It would have been contained unless there is a case of espionage within the corporation or agency. Like someone removing a USB drive from the building.

I don't think drastic measures like having separate computers are necessary, and (considering that it's usually people who cause data breaches) I doubt it would be effective.

The real issue is that the whole sector is totally embracing BYOD strategies where data security perimeter is compromised virtually by design. IT loves its little fashion trends and is as fickle as any market. BYOD is hailed as the next big thing but I really don't think how it improves productivity or makes employees more loyal and dedicated. What it will certainly do is make data security a lot weaker.

I have written a fair few processes on data access control and ISMS policies in my time and what I see being done today is quite worrying to me. I've sat through no less than 8 conferences and panels on the subject and I have not a shred more confidence in this strategy for it. I see few companies really take data security seriously and public bodies are amongst the very worst for information management I have seen.

Hence the whole talk about cyber warfare makes me laugh and cringe at the same time because I see fat marketing fingerprints all over this whole thing. Anxiety exploit turned into profit.