’Red October’: Global Cyber-Spy Network Uncovered by Russian Experts

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

A sophisticated cyber-espionage network targeting the world’s diplomatic, government and research agencies, as well as gas and oil industries, has been uncovered by experts at Russia’s Kaspersky Lab.

The system’s targets include a wide range of countries, with the primary focus on Eastern Europe, former Soviet republics and Central Asia – although many in Western Europe and North America are also on the list.

“The majority of infections are actually from the embassies of ex-USSR country members located in various regions such as Western Europe and even in North America – in the US we have few infections as well. But most infections are concentrated around Russia,” Vitaly Kamluk, chief malware expert at Kasperky Lab, told RT, adding that in Europe, the hardest-hit countries are apparently Beligum and Switzerland.

In addition to attacking traditional computer workstations, ‘Rocra’ – an abridgment of ‘Red October,’ the name the Kaspersky team gave the network – can steal data from smartphones, dump network equipment configurations, scan through email databases and local network FTP servers, and snatch files from removable disk drives, including ones that have been erased.

Unlike other well-known and highly automated cyber-espionage campaigns, such as ‘Flame’ and ‘Gauss,’ Rorca’s attacks all appear to be carefully chosen. Each operation is apparently driven by the configuration of the victim’s hardware and software, native language and even document usage habits.

The information extracted from infected networks is often used to gain entry into additional systems. For example, stolen credentials were shown to be compiled in a list for use when attackers needed to guess passwords or phrases.

The hackers behind the network have created more than 60 domain names and several server hosting locations in different countries – the majority of those known being in Germany and Russia – which worked as proxies in order to hide the location of the ‘mothership’ control server.

That malicious server’s location remains unknown, but experts have uncovered over 1,000 modules belonging to 34 different module categories.While Rocra seems to have been designed to execute one-time tasks sent by the hackers’ servers, a number of modules were constantly present in the system executing persistent tasks. This included retrieving information about a phone, its contact list, call history, calendar, SMS messages and even browsing history as soon as an iPhone or a Nokia phone is connected to the system.

The hackers’ primary objective is to gather information and documents that could compromise the security of governments, corporations or other organizations and agencies. In addition to focusing on diplomatic and governmental agencies around the world, the hackers also attacked energy and nuclear groups, and trade and aerospace targets.

No details have been given yet as to the attackers’ identity. However, there is strong technical evidence to indicate that the attackers are of Russophone origins, as Russian words including slang have been used in the source code commentaries. Many of the known attacks have taken place in Russian-speaking countries.

“It is bound to Russian language. We are currently uncertain which country is responsible for creating these malicious applications, but we are most certain the developers picked the Russian language. It is visible from the text links we extracted from the application. Some of them point to Russian origin. For example, the word used inside of the malware the word is ‘zakladka.’ In Russian it means a bookmark, or under cleared functionality it can refer to a backdoor functionality in some legitimate software. So that’s why we believe this work was used by Russian-speaking developers,” Kamluk told RT.

The hackers designed their own authentic and complicated piece of software, which has its own unique modular architecture of malicious extensions, info-stealing modules and backdoor Trojans. The malware includes several extensions and malicious files designed to quickly adjust to different system configurations while remaining able to grab information from infected machines.

These included a ‘resurrection’ module, which allowed hackers to gain access to infected machines using alternative communications channels and an encoded spy module, stealing information from different cryptographic systems such as Acid Cryptofiler, which has reportedly been used since 2011 by organizations such as NATO, the European Parliament and the European Commission.

The first instances of Red October malware were discovered in October 2012, but it has been infecting computers since at least 2007, Kaspersky Lab reported. The firm worked with a number of international organizations while conducting the investigation, including Computer Emergency Readiness Teams from the US, Romania and Belarus.

The EU is attempting to counter the huge rise in cyber-espionage by launching the European Cybercrime Center, which opened on Friday.

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

McAfee Antivirus founder on the run after murdering neighbour

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

John McAfee’s world of zombifying drugs, Belizean gangsters, illegal firearms and run-ins with authorities thickens as he continues to evade police after being named the prime suspect in the murder of his neighbor. McAfee, 67, has apparently successfully managed to dodge Belizean police for a second day after he was implicated in the murder of his neighbor, 52-year old Gregory Faull. The antivirus pioneer’s covert movements are being tracked – and tweeted – by Wired.com reporter Joshua Davis, whom he contacted soon after going into hiding via telephone. The last tweet read: “McAfee on phone just now: I have radically altered my appearance.” As soon as McAfee heard about the murder he went into hiding, allegedly fearing for his own life. He believes he could be killed if taken into custody for questioning, according to Wired magazine.

John Mcafee

His current whereabouts are unknown, but he has been in contact with a reporter at Wired on several occasions via telephone. The millionaire entrepreneur believes that whoever shot Faull may in fact be gunning for him. “I thought maybe they were coming for me. They mistook him for me. They got the wrong house,” he told Wired. “He’s dead. They killed him. It spooked me out.” But initial evidence doesn’t bode well for the antivirus guru-cum-yoga master. According to reports, a 9mm Luger shell was found at the scene of the crime. McAfee was seen with two Luger pistols during his interview with Wired magazine back in summer 2012. He insists they were confiscated during a police raid in April while he was living with his 17-year-old Belizean girlfriend.

IT weblog Gizmodo reported, "McAfee has become increasingly estranged from his fellow expatriates in recent years. His behavior has become increasingly erratic, and by his own admission he had begun associating with some of the most notorious gangsters in Belize." After selling his final stake in McAfee at the end of the 90s, he lost most of his $100 million fortune in bad investments and the global financial crisis in 2008. McAfee then moved to Belize. The New York Times wrote back then that, “He planned to spend much of his time in Belize, in part because of more favorable taxes there.” He also revealed on online message boards his fascination with MDPV, a psychoactive drug with stimulant properties and most commonly attributed to recent ‘zombie-like’ attacks. McAfee was also not on the best of terms with his neighbor. Faull had been complaining that McAfee was “difficult” and “hard to befriend”, says ABC News. He had also complained about McAfee’s dogs and had reportedly filed a complaint about them with local authorities. According to McAfee, the dogs were poisoned on Friday.

But McAfee blames the Belizean authorities for the deaths of his dogs. The antivirus pioneer has been tangling with them for months after he was initially accused of manufacturing methamphetamine and illegal firearm possession in the April raid, he told Wired. These charges were dropped, but McAfee still believes the government is out to get him. According to Wired, the head of Belize’s Gang Suppression Unit, Marco Vidal, says that McAfee is a “prime suspect” in Faull’s death and rejects McAfee’s assertions. “This guy amazes me every day. We don’t have anything personal against Mr. McAfee. There is no need for us to poison dogs,” he said. The Belizean police have already searched McAfee’s property and could nearly have nabbed McAfee himself. According to Wired, he had “buried himself in the sand and covered his head with a cardboard box in order to breathe.”

But despite being currently on the run, McAfee insists he has no plans to leave the country. “I like it here,” he says. “It’s the nicest place on Earth.”

(RT)

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

CIA - Mossad produced Flame and Stuxnet Related: Computer Experts

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

If research conducted by Kaspersky Labs is correct, the Flame virus is related to a previous malware virus developed by Israel and the United States.



Alexander Gostev, an expert at Kaspersky Labs, said in an email that the Russian cyber security software company discovered a similarity between a subset of the code used in Flame and code used in the Stuxnet virus.

Stuxnet was developed collaboratively between Israel and the United States for the explicit purpose of disabling computer networks in Iran, although Israeli intelligence denies this, according to Mossad agents who say they created the malware and Obama is taking credit for unleashing it against Iran’s fledgling nuclear program as propaganda in his re-election bid. According to author David E. Sanger, Obama decided to accelerate cyberattacks initiated during the Bush administration. Sanger says the project’s codename was Olympic Games and it began in 2006.

Flame is described as the most sophisticated malware to date. After it infecting a Microsoft Windows computer, it can record audio and keyboard activity, take screenshots and monitor network traffic. Flame can record Skype conversations and grab data via Bluetooth from nearby devices like cellphones. Like Stuxnet, Flame was specifically deployed on computer systems in the Middle East. Kaspersky’s research reveals that “a huge majority of targets” were within Iran.



“Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states,” Kaspersky’s chief malware expert Vitaly Kamluk told the BBC in late May.

“Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group… The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it.”

Over the last few years, the U.S. government has hyped an emerging cyber threat in near apocalyptic terms and the establishment media has echoed the supposed threat incessantly. The so-called defense industry – the military-industrial complex president Eisenhower warned about as he left office – has exploited the cyber threat and turned it into a multi-billion dollar industry.



Lockheed Martin, Boeing, Northrop Grumman and related defense and tech companies have vigorously lobbied the federal government about “growing cyberthreats to national security and corporate America, but they also make millions of dollars each year selling a variety of cybersecurity programs, tools and solutions to government and business,” Politico reported on May 30.

Israel and the United States – the CIA and Mossad – represent the vanguard of the emerging cyber security threat. Considering the history of government and its array of clandestine and self-serving false flag attacks, this reality is hardly surprising. It demonstrates that like al-Qaeda, the cyber threat is designed to create a crisis that can only be addressed by government and the military industrial complex.

(Prison Planet)

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter