Aletho News

ΑΛΗΘΩΣ

‘Kaspersky Lab in crosshairs since exposing US & Israeli spy agencies behind Stuxnet attack on Iran’

RT | November 10, 2017

The campaign to discredit Kaspersky Lab dates back to 2010 when the Russian based cybersecurity firm uncovered the origin of the Stuxnet malicious computer worm which ruined Iran’s civilian nuclear centrifuges, experts in the field told RT.

Kaspersky Lab, founded in Moscow in 1997, has been a world leader in cybersecurity for decades. The private company takes pride in working outside of any government’s sphere of influence when it comes to cyber espionage. Americans believe that US intelligence agencies consider the Russian firm a competitive challenge, the experts pointed out.

“Kaspersky is highly reputable. It has been operating for a couple of decades. It has 400 million users around the world, including until very recently the American government,” former MI5 analyst Annie Machon told RT. “So of course if they are doing it, other countries are going to do it to a competitor corporation around the world too. Obviously, the CIA would be interested in a very successful Russian based company that offers protection on the internet.”

“Kaspersky [has] one of the most successful security teams worldwide. Don’t forget that Kaspersky was the security firm that first of all discovered the NSA linked group of activities involved in cyber espionage activities worldwide,” Pierluigi Paganini, the head of cybersecurity at Grant Thornton Consultants, told RT.

The Russian company became one of the targets amidst the ongoing anti-Russian hysteria in the US, which centers around the unproven allegations of Russian meddling in the 2016 US presidential elections. In September, the US Department of Homeland Security (DHS) ordered all government agencies to stop using Kaspersky products and remove them from computers, citing “security risks.”

And while Kaspersky Lab is actively cooperating with the US authorities, on Thursday, WikiLeaks published a source code for the CIA hacking tool ‘Hive,’ which was used by US intelligence agencies to imitate the Kaspersky Lab code and leave behind false digital fingerprints. Exposing the CIA’s impersonation of Kaspersky Lab is just a part of WikiLeaks’ Vault 7 and 8 revelations which shed light on the CIA’s electronic surveillance methods and cyber warfare tools.

“What is important in this specific story is the complexity, the effort spent by the US intelligence to make hard the attribution. Kaspersky is the actual victim of these activities. There is a government agency, the CIA that conducted cyber espionage activities to also use false flag in its operation in order to make harder the attribution,” Paganini explained.

Kaspersky Lab remains one of the few companies in the world that can expose the CIA’s scheming, and that is why the Russian company is facing so much backlash, Machon believes.

“We have Kaspersky saying ‘We can do this-we can prove some of these hacks are not Russian, they are American’ when it comes to the presidential elections. And so they needed to discredit them, and I think that this new application of a virus at state level, a very aggressive virus that would discredit a very proven brand around the world it’s exactly what the Americans would want and the Israelis also would want,” the former MI5 operative pointed out.

The campaign against the Russian cybersecurity firm goes back to 2010; when Kaspersky Lab revealed the origin of the Stuxnet virus which the company said likely came from American and Israeli intelligence services, Machon told RT. The alleged American/Israeli cyber espionage operation was designed to target industrial control systems used in infrastructure facilities to affect their automated processes. Stuxnet reportedly ruined almost one-fifth of Iran’s nuclear centrifuges Tehran had been using to develop civilian atomic power.

“Stuxnet was deployed against the centrifuges that enriched the uranium and nobody knew where it came from. It seemed to be very weaponized at the state level. And it was actually Kaspersky that unveiled who had developed it. And it was American and the Israeli intelligence agencies,” Machon told RT. “So ever since then, it has sort of been daggers drawn between these two competing sides [Kaspersky vs CIA]. Kaspersky has been very much in crosshairs of both American and Israeli intelligence agencies.”

SEE ALSO:

CIA wrote code ‘to impersonate’ Russia’s Kaspersky Lab anti-virus company, WikiLeaks says

November 9, 2017 Posted by | False Flag Terrorism, Russophobia, Timeless or most popular, Wars for Israel | , , , | 2 Comments

New Flame-linked malware detected

RT | October 16, 2012

A new cyber espionage program linked to the notorious Flame and Gauss malware has been detected by Russia’s Kaspersky Lab. The anti-virus giant’s chief warns that global cyber warfare is in “full swing” and will probably escalate in 2013.

The virus, dubbed miniFlame, and also known as SPE, has already infected computers in Iran, Lebanon, France, the United States and Lithuania. It was discovered in July 2012 and is described as “a small and highly flexible malicious program designed to steal data and control infected systems during targeted cyber espionage operations,” Kaspersky Lab said in a statement posted on its website.

The malware was originally identified as an appendage of Flame – the program used for targeted cyber espionage in the Middle East and acknowledged to be part of joint US-Israeli efforts to undermine Iran’s nuclear program.

But later, Kaspersky Lab analysts discovered that miniFlame is an “interoperable tool that could be used as an independent malicious program, or concurrently as a plug-in for both the Flame and Gauss malware.”

The analysis also showed new evidence of cooperation between the creators of Flame and Gauss, as both viruses can use miniFlame for their operations.

“MiniFlame’s ability to be used as a plug-in by either Flame or Gauss clearly connects the collaboration between the development teams of both Flame and Gauss. Since the connection between Flame and Stuxnet/Duqu has already been revealed, it can be concluded that all these advanced threats come from the same ‘cyber warfare’ factory,” Kaspersky Lab said.

High-precision attack tool

So far just 50 to 60 cases of infection have been detected worldwide, according to Kaspersky Lab. But unlike Flame and Gauss, miniFlame in meant for installation on machines already infected by those viruses.

“MiniFlame is a high-precision attack tool. Most likely it is a targeted cyber weapon used in what can be defined as the second wave of a cyber attack,” Kaspersky’s Chief Security Expert Alexander Gostev explained.

“First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information. After data is collected and reviewed, a potentially interesting victim is defined and identified, and miniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage.”

The newly-discovered malware can also take screenshots of an infected computer while it is running a specific program or application such as a web browser, Microsoft Office program, Adobe Reader, instant messenger service or FTP client.

Kaspersky Lab believes miniFlame’s developers have probably created dozens of different modifications of the program. “At this time, we have only found six of these, dated 2010-2011,” the firm said.

‘Cyber warfare in full swing’

Meanwhile, Kaspersky Lab’s co-founder and CEO Eugene Kaspersky warned that global cyber warfare tactics are becoming more sophisticated while also becoming more threatening. He urged governments to work together to fight cyber warfare and cyber-terrorism, Xinhua news agency reports.

Speaking at an International Telecommunication Union Telecom World conference in Dubai, the anti-virus tycoon said, “cyber warfare is in full swing and we expect it to escalate in 2013.”

“The latest malicious virus attack on the world’s largest oil and gas company, Saudi Aramco, last August shows how dependent we are today on the Internet and information technology in general, and how vulnerable we are,” Kaspersky said.

He stopped short of blaming any particular player behind the massive cyber attacks across the Middle East, pointing out that “our job is not to identity hackers or cyber-terrorists. Our firm is like an X-ray machine, meaning we can scan and identify a problem, but we cannot say who or what is behind it.”

Iran, who confirmed that it suffered an attack by Flame malware that caused severe data loss, blames the United States and Israel for unleashing the cyber attacks.

Related articles

October 16, 2012 Posted by | Aletho News | , , , , , , | 1 Comment

Stuxnet, Flame… Gauss: New spy virus found in Middle East

RT | August 9, 2012

A new virus dubbed Gauss has attacked computers in the Middle East spying on financial transactions, emails and picking passwords to all kind of pages. The virus resembles Stuxnet and Flame malware which was used to target Iran, Kaspersky Lab says.

­Gauss has infected hundreds of personal computers across the Middle East – most of them in Lebanon, but also in Israel and Palestinian territories. Kaspersky Lab has classified the virus, named after one of its major components, as “a cyber-espionage toolkit”.

The malicious malware spies on transactions in banking systems and steals passwords and credentials to social networks, emails and instant messaging accounts. It can also collect system configurations.

Though Gauss seems to be specifically designed for several Lebanese online banking systems, it can also go after Citibank and PayPal users.

It is not immediately clear who may be behind the new Trojan virus, but Kaspersky Lab says the “nation-state sponsored” toolkit has features characteristic of Flame, DuQu and Stuxnet malware, which targeted machines in Iran.

After looking at Stuxnet, DuQu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories,‘” Kaspersky Lab said in their report on Thursday. “All these attack toolkits represent the high end of nation-state-sponsored cyber-espionage and cyber war operations.”

The researchers cannot say whether Gauss was meant to simply spy on account transactions, or to steal money from targets. But given the high probability of a nation-state actor behind it, the virus may be a counterintelligence tool, which could be used to trace funding of various groups or individuals.

Gauss has attacked over 2,500 personal computers in the Middle East. Only one attack has so far been reported in Iran (image from http://www.securelist.com)
Gauss has attacked over 2,500 personal computers in the Middle East. Only one attack has so far been reported in Iran (image from http://www.securelist.com)

The virus is yet to be fully exposed, as the Moscow-based internet security company is still trying to crack its payload, a section that sends and receives instructions from an outside source once it has infiltrated a system. The company is asking for assistance from any cryptographers since the payload is highly encrypted and its purposes remain unclear.

The virus was first spotted in June this year while Kaspersky Lab was looking for variants of Flame. Gauss appears to have been most active from May to July 2012, until its control and command infrastructure stopped functioning. Now the virus is in a dormant state.

Still, the malware, apparently created back in 2011, managed to spread much farther than Flame, which attacked around 700 PCs across the Middle East this spring.

Flame and Stuxnet are widely speculated to have been ordered by the US and Israel to hit Iran’s nuclear program. Western officials gave a tentative confirmation the CIA, the National Security Agency and the Israeli military were all involved in developing the Flame spying toolkit.

As for the Stuxnet attack, which in 2010 damaged uranium enrichment centrifuges in Iran, Washington has so far declined to comment on if it was behind the sabotage.

Now Gauss, which shares parts of its code with Flame, appears to add to the US and Israel’s presumed cyber arsenals.

August 10, 2012 Posted by | War Crimes | , , , , , , , | 1 Comment

Israel hints it created Flame malware

Press TV – May 30, 2012

Israeli Deputy Prime Minister Moshe Ya’alon has strongly hinted that Israel was involved in creating the computer virus Flame — a new Stuxnet-like espionage malware — to sabotage Iran’s nuclear plans.

Speaking in an interview with Israel’s Army Radio on Tuesday, Ya’alon expressed support for the creation of the virus and similar tools, saying it “opens up all kinds of possibilities.”

He also noted that it is reasonable for anyone who sees Iran as a threat to take such steps, saying that “whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them.”

Ya’alon made the remarks only hours after a Russian lab discovered the new virus.

The computer security firm Kaspersky Lab, one of the world’s top virus-hunting agencies, said the virus is being used as a cyber weapon to attack entities in several countries.

The Kaspersky Lab has also announced that the worm is the most malicious ever and is designed to gather intelligence, adding that it can turn on PC microphones to record conversations taking place near the computer, take screenshots, log instant messaging chats, gather data files, and remotely change settings on computers.

“The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date,” said the Moscow-based Kaspersky Lab, adding that a government or a coalition of states must be behind it.

Stuxnet — discovered in 2010 — was also a computer worm. It targeted Siemens industrial software and equipment in several countries.

May 29, 2012 Posted by | Wars for Israel | , , , , | 1 Comment