Security Firm Kaspersky Believes It Found New CIA Malware (therecord.media) 17
Cybersecurity firm Kaspersky said today it discovered new malware that appears to have been developed by the US Central Intelligence Agency. From a report: Kaspersky said it discovered the malware in "a collection of malware samples" that its analysts and other security firms received in February 2019. While an initial analysis did not find any shared code with any previously-known malware samples, Kaspersky has recently re-analyzed the files and said it found that "the samples have intersections of coding patterns, style and techniques that have been seen in various Lambert families." Lamberts is the internal codename that Kaspersky uses to track CIA hacking operations. Four years ago, after WikiLeaks exposed the CIA hacking capabilities to the public in a series of leaks known as Vault7, US security firm Symantec publicly linked the Vault7 hacking tools to the CIA and the Longhorn APT (another industry name for Lamberts).
lol (Score:5, Interesting)
Russian security firm say a US agency is responsible for hacks.
Let this one pass boys, we have a US security firm blaming Russia and China for hacks every day.
The cold war never ended. Don't feed the spooks.
The only thing that would be surprising (Score:5, Interesting)
US government agencies certainly do surveillance, so that wouldn't be surprising at all.
The only thing that I, as someone in that field, find mildy surprisingly would be if Kaspersky has enough samples of different CIA tools that they are able to have significant confidence in cross-referencing. Just because the US uses a different approach than China or Russia.
The US NSA taps providers, so the large-scale collection doesn't use "hacking tools" like Kaspersky is talking about. Whole Russia and China spread malware broadly both for industrial espionage and to be a PITA to rival countries, the US is much more targeted in their operations. Generally, the US wants to get information from the highest levels of the Chinese government; they aren't looking to just increase the infosec costs of random Chinese food company. They don't tend to use the broadcast strategy that puts their tools out there for everyone to see.
Re: (Score:2)
Well yes.
Even when trying (successfully) to get into a highly secured air-gapped network they couldn't reach directly, they used a tool that only damaged the target system. It didn't cause indiscriminate damage. It spread mostly in Iran only.
A malware variant typically has a lifecycle of about six weeks or so (plus potentially a very long tail of a few unlatched machines). It took five YEARS for Stuxnet to be discovered. Precisely because it was going around causing damage indiscriminately. Typically dis
Re: (Score:1)
That's why you any cybersecurity professional needs to be informed.
Thanks to Wikileaks and whistleblowers and forensic journalism we know about the tools, and the very stupid policies, that foster this kind of activity by the CIA/NSA.
We also know that by and large, claims coming from the US administration and US based Media are questionable at best.
When New Knowledge hired an internet PR firm based in Russia to run ads, then used those ads as proof Russia was trying to interfere with elections which both th
Re: (Score:1)
Re: (Score:2)
If the CIA does it so do GRU and about 25 other intelligence agencies too.
Re: lol (Score:5, Interesting)
If you are worried about security, you should definitely be paying attention to Kaspersky. Just like Russians worried about security should be checking in with ESET or others from time to time. The reality is all these firms have huge blindspots for their local government, including American ones.
Re: (Score:1)
That's only true so far is what Kaspersky says is true, otherwise you could be wasting your time looking for something that isn't there, meanwhile a real threat from Russia that Kaspersky keeps quiet about sneaks right on by.
Chasing ghosts isn't harmless, it creates negative value, it wastes your time and can cause you to miss real threats. Misdirection is a key trait of Russia's modern asymmetrical warfare arsenal. They're more than willing to create easy to catch malware, attribute it to the CIA to get fo
Re: (Score:1)
You should be paying attention to Kaspersky, China anti virus / infosec guys, and some from the "western world" if you plan to get a fuller picture of whats actually going on.
Trusting any one of them only, when each of them probably have their own known / unknown blind spots makes you blind to certain things as well.
Re:lol (Score:5, Interesting)
That russian security firm's heuristic scanning identified a shit-ton of US government zero-days an ex-government employee exfiltrated onto a box running Kaspersky and it automatically uploaded it to them.
I trust their analysis a hell of a lot more than any US firm, who probably has secret whitelisting deals.
Re: (Score:2)
Russian security firm say a US agency is responsible for hacks.
Because only Russian firms dare to expose US spying, as they are relatively safe from US retaliation.
Next excuse.
":received in February 2019" (Score:3)
Re: (Score:1)
... often, we ARE one of the bad guys!
Re: (Score:2)
We are all the heroes of our own stories.
We're always the "good guys" unless we want to think of ourselves as "bad guys".
But every good guy is likely a bad guy from someone else's point of view.
So ... (Score:5, Funny)
The CIA copies and pastes some of their code from Stack Overflow [slashdot.org] too. :-)