The governments of at least 20 countries may have fallen victim to a sophisticated new cyber-attacks. Security experts believe the hackers are attempting to steal political intelligence.
The governments of at least 20 countries may have fallen victim to a sophisticated new cyber-attack. Security experts believe the hackers are attempting to steal political intelligence.
Computer security firms Kaspersky Lab and CrySyS Lab discovered that the malware, dubbed “MiniDuke,” targeted government computers in the Czech Republic, Ireland, Portugal and Romania along with think tanks, research institutes and healthcare providers in the United States.
“The technical indicators from our analysis show this is a new type of threat actor that hasn’t been seen before,” Kurt Baumgartner, a senior security researcher with Kaspersky Lab, told RT.
Although experts avoid speculating on who the attackers may be, Baumgartner clarified that “based on the target victims and the functionality of the malware” the objective of MiniDuke’s authors is “to collect geopolitical intelligence.”
The threat operates on low-level code to stay hidden, and uses Twitter and Google to get instructions and updates. It allegedly infected PCs when ‘victims’ opened a cleverly disguised Adobe PDF attachment to an email.
“The high level of encryption in the malware and the flexible system it used to communicate with the C2 via Twitter and Google indicates this was a strategically planned operation,” Baumgartner said.
The PDF documents were specifically tailored to their targets, according to the researchers. The attachments referred to highly relevant topics subjects like “foreign policy,” a “human rights seminar,” or “NATO membership plans.”
When the files were opened, MiniDuke would install itself on the user’s computer.
So far it is only known that the malware then connects to two servers, one in Panama and one in Turkey, but security researchers say there are no clear indications of who was behind the online attacks.
According to Karpersky Lab the spyware was written in “assembler language,” a low-level code where each statement corresponds to a specific command, and is very small in size, only 20 kilobytes. Assembler language codes are written specifically for each system they are meant to attack, as opposed to higher-level codes, which can infect multiple types of technologies.
The way the malware was created and used indicates that the attackers “have knowledge from the elite, ‘old school’ type of malicious programmers who were extremely effective at creating highly complex viruses in the past,” Baumgartner says. “MiniDuke’s attackers have combined these skills with the newly advanced sandbox-evading exploits to target high-profile victims, which is unique and something we haven’t seen before.”
MiniDuke is a three-stage attack, technology news and information website, Arstechnica, explains. First it tricks a victim into opening an authentic-looking PDF document, and then infected machines start using Twitter or Google “to retrieve encrypted instructions showing them where to report for additional backdoors.”
“These accounts were created by MiniDuke’s Command and Control (C2) operators and the tweets maintain specific tags labeling encrypted URLs for the backdoors,” Kaspersky Lab said in a statement. “Based on the analysis, it appears that the MiniDuke’s creators provide a dynamic backup system that also can fly under the radar – if Twitter isn’t working or the accounts are down, the malware can use Google Search to find the encrypted strings to the next C2.”
Stages two and three are hidden inside a GIF image file which is downloaded from the command server and “disguised as pictures that appear on a victim’s machine.”
Image from securelist.com
Eugene Kaspersky, founder and chief executive of Kaspersky Lab, compared the highly-advanced MiniDuke to “malicious programming from the end of the 1990s and the beginning of the 2000s”, saying it has the potential to be “extremely dangerous” because it was an “elite, old-school” attack.
“This is a very unusual cyber-attack,” the statement emailed to RT read.
“I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world. These elite, “old school” malware writers were extremely effective in the past at creating highly complex viruses,” Kaspersky’s CEO added.
Neither Kaspersky nor CrySyS is disclosing what the malware does once it takes hold of a victim until they have had a chance to privately warn infected organizations, Arstechnica reported.
According to the technology news and information website, at least 60 victims have been affected. Kaspersky has identified at least 23 affected countries, including the US, Hungary, Ukraine, Belgium, Portugal, Romania, the Czech Republic, Brazil, Germany, Israel, Japan, Russia, Spain, the UK, and Ireland.
Revelations about the new malware come two weeks after Silicon Valley security firm FireEye discovered security flaws in Reader and Acrobat software.
dailyalternative | alternative news – MiniDuke: New cyber-attacks ‘hacks governments’ for political secrets
Google Upgrades Digital Wallet to Pay by Facial Recognition
As we march steadily toward a cashless society, Google is naturally at the forefront of seeing it come to fruition as quickly as possible.
Despite the fact that several years ago Google had a major security scare with its first incarnation of the digital wallet smartphone app, which required a temporary shutdown, they are announcing a new system being tested which does not even require the smartphone at all.
A growing number of people apparently find that having to remove their smartphone is just such a hassle that they are prepared to embrace payment via biometrics – in this case, facial recognition.
As a perfect indicator of the target market, please read this sad quote:
“Imagine if you could rush through a drive-thru without reaching for your wallet, or pick up a hot dog at the ballpark without fumbling to pass coins or your credit card to the cashier,” Bhat said. (Source)
In one sentence, that quote might represent literally everything that is wrong with modern society.
The new system is being cleverly called Hands Free; and, as the second indicator of its potential mass appeal, it will be rolled out first at McDonald’s and Papa John’s fast food restaurants.
A second more serious component to this ties in with the recent rollout of citywide WiFi systems that keep people connected at all times. Layered on top of that is the arrival of billboards with hidden cameras built in that can film you, then track you through your mobile phone. This reality makes the following information more chilling than convenient:
The digital wallet uses Bluetooth and Wi-Fi connections alone [sic] with location sensing capabilities in smartphones to detect when someone is near a store enabled with Hands Free payment technology.
“When you’re ready to pay, you can simply tell the cashier, ‘I’ll pay with Google,’” Bhat said.
“The cashier will ask for your initials and use the picture you added to your Hands Free profile to confirm your identity.”
At some locations, Google is experimented [sic] with using cameras in stores to recognize people with Hands Free digital wallets so they could pay without even pausing. (emphasis added)
The number of people already prepared to accept this system numbers in the millions, according to Google.
Although this announcement would appear to border on satire, please view the videos below to get an idea about a world where cash is seen as a major annoyance, and laziness is embraced as a virtue.
daily alternative | alternative news – Google Upgrades Digital Wallet to Pay by Facial Recognition
Latest Crypto Price
|Quotes delayed up to 3 minutes.|