A new bulletin from the Department of Homeland Security (DHS) warns that since 2011 a growing number of US computers and industrial control systems have become infected by a common Malware suite called BlackEnergy.
The BlackEnergy suite uses known exploits in MIPS and ARM systems to insinuate itself, and has the ability to install a wide variety of plugins which would allow it to take control of such systems or steal data, though so far most of the infected systems are not being exploited to any known harm.
Speculation among the computer security community is that the program’s widespread deployment is an effort by some group or groups to see just how much access they can theoretically gain with a comparatively simple piece of malware.
The DHS is, as usual, attempting to blame Russia for the incidents, though the evidence is pretty flimsy at this point. One of the known users of BlackEnergy is a group called Sandworm Team, which got its start targeting government sites in Eastern Europe. This led to speculation that the Sandworm Team might conceivably be working for the Russian government.
But the DHS doesn’t appear to have any specific evidence that Sandworm Team is behind these other attacks, and is simply drawing the connection because they’re using the same or similar software suites. It is not uncommon for successful malware suites to become adopted, or improved upon, by copycat groups.
More Commendable Context: http://scotthorton.org/interviews/2013/02/27/2271…
Jeffrey Carr, founder and CEO of Taia Global Inc., discusses why information security (InfoSec) companies are quick to blame China – often with little evidence – for hacking/espionage operations; Mandiant’s weak case against Chinese hacker group “A.P.T. Number 12″ for infiltrating the New York Times; and why critical thinking leads to the truth more often than the “gut feelings” of experts.
Odd that whoever this is would show their hand just as a test. So odd I don't believe it.
Perhaps this is a warning, pushback against US and friends who have been freely using such methods as warfare against several countries. So far, it has all been attack and none coming back. Now this is at least warning that free shots are over.
Those attacks would certainly be seen as a direct threat by even some countries not attacked, including not least China and Russia, both a bit paranoid even when they don't have such good reason. Then again, they may think the US has attacked them already in just this way (and maybe we did).
DHS might want to check with the FBI, CIA, DIA, NSA, ASA, and other three / four letter intelligence agencies known to spread malware (like Stuxnet). Then again, it's probably much easier, and certainly more politically correct, to blame Russia.
There is just as high a probability that the owners of the malware are US government officials as the Chinese or Russians. They may, in fact, be Russians but more likely Russian criminal groups (mafia) instead of Russian government agents.
pro tip: stop using your work computer to surf for porn
Criminal pot — that calls the kettle black
Comes now the creator and root cause of WEB war, the Empire that caused uranium centrifuges in Iran to self-destruct and it to accuse Russia of doing what such a corrupt Empire of ours could now be in the process of doing.
For a thing so impossible to trace as malware flying through cyberspace at the speed of light, surely the accuser of guild is off times the one with the most guilt.