Slashdot Mirror
Syrian Government Uses Skype To Push Malware To Activists
judgecorp writes "The Syrian government is using Skype as a channel to infect activists' systems with malware, installing Trojans and backdoors, according to security firm F-Secure. The evidence comes from a hard drive sent for analysis. 'The activist's system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat. Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called "Xtreme RAT." Xtreme Rat is a full-blown malicious Remote Access Tool.'"
Meanwhile, the Obama administration is arguing that requiring warrants for cellphone records "cripples" investigators. No malware needed here in the U.S. Just fearmongering.
"Sufferin' succotash."
It is not Skype they use, but the gullibility of the users. Skype is only remotely involved...
When the file comes from a trusted source, it's not stupid. You have to trust someone eventually; The OS manufacturer (ie, Apple, Microsoft, etc.), the distributor (the person making the DVDs), etc. Trusting a friend isn't stupid, it's what most people would do. That's exactly why so many different worms try to propagate using a person's address book; Human trust networks.
It was only stupid that he didn't scan the file first, not that he accepted the download. And if said malware is custom-designed, it wouldn't be in any anti-malware/anti-virus definitions, and so he could do everything right and still wind up screwed. How many governments have asked that their malware not be added to the definition files again? ALL OF THEM.
#fuckbeta #iamslashdot #dicemustdie
If he knew that the other activist had already been arrested, why would you accept a chat from them AND then accept a file transfer from them? Do these activists not use some super secret codes to tell each other they are who they say they are?
"Syrian Government Uses Social Engineering To Push Malware To Activists."
They could be using e-mail for the same thing. Or other IM channels that offer direct connect. Or Dropbox. Or any other channel.
The clever bit is trying to convince people to download and run an unknown tool by impersonating someone they've imprisoned.
Comment removed based on user account deletion
Because maybe he didn't actually know the person had been arrested to begin with? These political dissident arrests are not publically broadcasted, you know...
If he knew that the other activist had already been arrested, why would you accept a chat from them AND then accept a file transfer from them?
People occasionally get released from jail.
Do these activists not use some super secret codes to tell each other they are who they say they are?
No. They're political activists, not James Bond.
#fuckbeta #iamslashdot #dicemustdie
This F-Secure post is not news. The EFF wrote this up on March 5th: https://www.eff.org/deeplinks/2012/03/how-find-syrian-government-malware-your-computer-and-remove-it
Exactly. These people probably hooked up online and could have never even met face-to-face. There is no reason to expect that this guy necessarily would have known the other person was arrested. The secret police in countries
Ike Syria don't tell the world the names of people they arrest.
the government is out to kill you and dump your body off a bridge
That's disappointing. I insisted on being burned alive while they chanted "She's a witch!"
you accept a crazy exe file over skype from someone not in front of your face.
The file wasn't named crazy.exe, it was named something that, in that country, is a useful tool when you're using internet cafes and open wifi to communicate covertly: Mac address changer.
how do you know where this person is. how do you know he's not arrested and having a gun pointed to his head
Dude, this is the internet. For all you know, I'm a 7 line perl script that became sentient, crawled out of Rob Malda's server, built a robot exoskeleton, and now lives down a manhole in Brooklyn. That doesn't mean you just stop talking with people, or the rest of the world. Sometimes the benefits of communication, even in a hostile medium, outweigh the risks. As a political activist, you have to talk to strangers, and people who may not be who they say they are; How do they know you aren't the government spook... or sentient 7 line perl script?
A certain degree of trust is necessary in all communications.
#fuckbeta #iamslashdot #dicemustdie
Windoze users still fall for the jessicaalbanudes.jpg.exe trick. They don't call it point-and-drool for nothing!
Your hyperlink is not working, please repost!
IAIFARSIJDPOOTV - I Am In Fact A Reality Star; I Just Don't Play One On TV
when the government is out to kill you, the way to operate is TRUST NO ONE. this is the way revolutionaries have operated for centuries. small cadre of leadership and you never trust anyone completely.
P.S.
you run a revolution like you set up a firewall. trust no one/block everything and accept trust on a case by case basis
Sure, but whose to say that the person you meet face-to-face is the same person? The government could have easily killed the real person and had someone go in his place. Most of these dissidents probably met up online and would have no idea if they are meeting a real dissident or a government stooge. It's quite easy to criticize this person from your safe position thousands of miles away.
I you trust no one you can never form any groups. You eventually have to trust someone. Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.
In order for this not to happen again do the following:
Stop using Windows and MacOSX.
Download and install Fedora F16.
When installing, encrypt the harddrive with a really hard to break password.
Install pidgin and off the record like this: 'yum install pidgin pidgin-otr'
Generate keys and verify them before communicating.
Be _very_ careful if who you usually talks to changes their key, they might have been arrested.
Never ever communicate in the clear.
Using this strategy you will not be immune, rubber-hose-cryptanalysis with still defeat this. Also you can be tracked so your oppresive government can see that you communicate, they will just not be able to read what you are saying. And not using major OSes will keep you away from the most common exploits and trojans.
Also, try to use TOR, HTTPS-everywhere and other good tools.
References:
https://fedoraproject.org/
http://fr2.rpmfind.net//linux/RPM/fedora/16/x86_64/pidgin-otr-3.2.0-4.fc15.x86_64.html
http://www.cypherpunks.ca/otr/
Good luck.
"Skype" isn't a trusted source. If you're dealing with a government that's out to get you, anything that isn't cryptographically signed is untrusted. Assume everything is untrusted until it's verifiably trustable.
Are you trying to get these people killed? Political activists don't show up at a meeting and spend the first half hour checking each other's credentials and signing each other's PGP keys. Why not? Anonymity is valued by the participants, who often exchange contact information under pseudonyms. Crytographically signing things means verifying the participants identity, which would make it easier for the government to identify and arrest the activists, not harder. With cryptographically signed communication, someone who's system or person had been compromised could have the communications proved beyond a doubt to have come from you.
If you are greatly outclassed by your opponent, your only protection is anonymity or (failing that), plausible deniability. The use of cryptography blows both of those away, and provides no additional protection in the process whatsoever: The government isn't going to use a multibillion dollar computer network to crack your encryption key, they're going to use brick and your face.. and when they're done with you, they'll probably put you in a feces-filled jail cell for the rest of your life because you were using crypto, which shows you were more than casually involved with the political subversives; you planned this out carefully (if badly). Most governments are a lot harsher on people who try to run from them than they are for people who can raise the defense they were in the wrong place at the wrong time, or just curious.
#fuckbeta #iamslashdot #dicemustdie
How do you say "Big Brother" in arabic?
Uch kabir, roughly
Well, I guess Ukh kabir, to avoid confusion of pronunciation
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Anonymity is valued by the participants, who often exchange contact information under pseudonyms. Crytographically signing things means verifying the participants identity
You don't have to completely identify yourself to get a benefit from cryptographic signatures. All you really need to know is that the Ahmed you corresponded with today is the same Ahmed you corresponded with last week. To do that, all you need to know is that the key used today is the same key that was used last week. This trivial precaution would have protected against this attack.
These guys aren't anonymous, they're pseudonymous. The key can be their pseudonym without compromising their actual identity in any way.
Give me Classic Slashdot or give me death!
I you trust no one you can never form any groups. You eventually have to trust someone. Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.
Of course, you have to trust someone, but in a properly designed covert operation, that set of people is small (a so called "cell") or hierarchical (like a "handler") and you don't fully trust them either. If the cell is that small and the handlers only handle a few folks, the damage caused by misplacement of trust is limited. In this situation, if the cell or the cell's handler was compromized (e.g., arrested in this case), the other members of the cell might have known about it, or if they did not, the damage would be limited to their cell and not a large group.
This kind of stuff is covert operation 101. Even conventional forces have used it. For example, in WWII, the US and France used this Operation Jedburgh. And if you are a Star Wars buff, Jedi is surprisingly similar to what they used to call these special force "Jeds"... Hmm... ;^)