Decade-Old Espionage Malware Found Targeting Government Computers

alancronin writes "Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe. TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as 'secret' from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab. Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit an unnamed 'Hungarian high-profile governmental victim.'"

How many of these could be out there?

[dunkmark]

It is possible that any number of threats could be out in the wild. How would we really know?

Re:How many of these could be out there?

It is possible that any number of threats could be out in the wild.

How would we really know?

There are probably plenty of these types of things out there. As new computers come into an organization the older ones get handed down to those lower on the totem pole. Unless you have some kind of disaster you don't replace everything all at once. Even with a diaster many can end up restoring the infection from a backup, or an infected laptop happened to be out of the office. Once connected to the network things start to spread again.

On the bright side, with this one, MiniDuke, et al, plenty of government IT people will be working overtime again this weekend.

Re:How many of these could be out there?

How would we really know?

Which part of "Microsoft product" did you not understand?

Re:How many of these could be out there?

Cute attempt at humor I guess, but it neither answers nor implies an answer to the question.

Re:How many of these could be out there?

By definition, reconnaissance malware must "phone home". If you want proper security, deactive all mass storage devices including USB ports and monitor firewall traffic. Blacklist all the popular shit from gmail to facebook. Nobody needs that on a computer handling confidential data. MITM encrypted tcp connections so you can inspect the traffic for suspicious stuff. Have a dedicated "social PC" for facebooking in every office. That one is on an entirely different net.
So all you need to do is diligent monitoring of the firewall traffic to detect malware infections. Remove anything from Adobe. Educate and indoctrinate users about risks and acceptable procedures.

I really don't get why they did not do this. I assume some polish general took secrets on a thumb drive to his home PC and they realized the problem ten years later.

Re:How many of these could be out there?

Plus, use plain iptables or packetfilter for your firewall. Checkpoint is a bad idea as you then make Israeli spooks your gatekeepers (there is a direct lineage to Unit 8200-Israel SIGINT). From what I have seen in Europe, this appears to be the objective though. Israel Inc have a prerogative to do all sorts of stuff which are not ok for others, it seems.

Re:How many of these could be out there?

[poofmeisterp]

It is possible that any number of threats could be out in the wild.

How would we really know?

Apparently the same way the governmental bodies did. Wait. LOL

Re:How many of these could be out there?

[Medievalist]

I say we take off and nuke the place from orbit.

It's the only way to be sure.

Re:How many of these could be out there?

Infact it does answer the question.

ie How would we really know? ---> With microsoft you NEVER really know.

decade long op!?

[TaoPhoenix]

That's rather disturbing - that the best defense that money can buy failed to pick up a spy op for an entire decade!! I don't even know what to make of this news. Do you SysAdmin types out there have some input? Wouldn't you have noticed suspicious activity *sometime* sooner than a decade?

Re:decade long op!?

Netware 3.12 running behind drywall.

Re:decade long op!?

[erroneus]

Suspiscious based on what criteria?

1. We aren't allowed to use open source and so we have to "trust" every 'signed binary' which executives and leaders want to use. If we could use open source, we could at least read the source and even compile it to ensure the source we read was the binary which was compiled.

2. When the malware doesn't do "harm" to anything, the symtoms of malware are non-existant. No pop-up ads, no unusual crashing (see note about being unable to use open source... the 'other' operaitng system crashes often enough for inexplicable reasons that no one suspects malware as the cause any longer) and when a commonly used utility program which performs remote access is used, how can it be detected as malware?

Arguably, that it was proprietary and commercial software which was exploited is pretty disturbing. But at the same time, that software makers (and other device and product makers, and service providers too) frequently enter into deals with government to spy on people is unfortunately very common. That the "white-hat" (heh, I accidentally typed "white-hate"... apropos?) nation called the USA has compromised global communications with Echelon and more recently with the much celebrated NSA wiretapping, does not help matters.

I think no one appreciates the value of trust. Once it's lost, it's lost. What amount of trust in government... any government... may have existed, it is gone for most of us. The unenlightened? Well... they still watch MSM (mainstream media, I have come to know these initials). What hope have they against that?

Re:decade long op!?

the 'other' operaitng system crashes often enough for inexplicable reasons that no one suspects malware as the cause any longer)

- would like to know what OS is this, cause my windows 7 install is rock-solid since I installed it on 2011...

Re:decade long op!?

would like to know what OS is this, cause my windows 7 install is rock-solid since I installed it on 2011...

Seconding this question. After Windows 2000 (which was rock solid not only compared to 98 and ME, but also Linux of the time), the only instance I've seen of a crash-happy Windows has been related to physical hardware defect. (Usually of the video card variety. Don't buy cheap gaming-class cards for your sensitive systems. :p)

tl;dr: The 90s called, GP, and they say to tell you that your baseless Microsoft hatred was boring and stale even in that decade, let alone in 201X.

Re:decade long op!?

Defense is Big Business is Just About Money. Many if not most officers perceive this whole thing as a big-fat show they will never take serious. It's about selling polished turd for maximum money. It is not about "buying the correct solution".

The correct solution clearly would be to use open source or even to develop software in the military themselves. It would be quite basic, primitive and secure. They don't trust the private sector to design ciphers for exactly the same reasons.

NSA SE Linux is one of the few honest attempts to in government computing. But you know what ? It's deeply flawed because the procurement colonel won't get a cushy job after his military career from SE Linux.

Re:decade long op!?

The initial argument was invalid. Just because something does not crash means absolutely nothing security-wise. HP-UX was long considered a "rock-solid" operating system until sombody discovered you could crash entire HPUX servers by sending an "oversized" ping packet from a random Windows machine.

Stuxnet was possible because Windows security is abysmal.

Re:decade long op!?

[Bigbutt]

I currently have a pair of nVidia 560's driving 4 monitors which have a video driver not responding issue pretty regularly and the system gets lost periodically (spinning cursor and can't get to the other monitors). Occasionally I'll come back and find the system has rebooted for no apparent reason.

Prior to that, I had a pair of AMD 4xxx (4870? don't remember for sure now) cards also driving the 4 monitors. During boot, the system would blue screen on the ati driver pretty much every time I turned on the system. It would take several reboots before the system stabilized enough to get to the login screen. Once up though, it stayed up with no errors. Rebooting it might cause it to go through the ati blue screen process again though. Once I had the left monitor get flaky. It did this when I just had the one card driving 2 monitors as well and I sent it back to DiamondMM but it was returned as technically fine so the drivers were crap.

I'm tempted to put the AMD cards back in the system since at least once it was up it'd stay up.

This was a Windows XP Pro system when I built it in 2008 then I installed Windows 7 but the blue screens continued. It's annoying enough that I mostly use my iPad vs turning on the computer or my old Mac G4 laptop.

[John]

Re:decade long op!?

As far as you know.

Re:decade long op!?

[belligerent0001]

I thought I was the only one left in the world running the archaic Netware achitechture...lol. any idea on how to virtualize it?

Re:decade long op!?

The 90s called,

Did you warn them?

Re:decade long op!?

If we could use open source, we could at least read the source and even compile it to ensure the source we read was the binary which was compiled

Or maybe not.

Of course, you could argue, "well, that wouldn't happen if I could see the source code of the compiler!" but then malware-authors can just shift the problem back one level into the hardware.

Open Source is not a guarantee of security. It can help, sure, but it is not a panacea. In fact, it can even be counter-productive if anyone can see the source-code since then they can see vulnerabilities you may have missed. Which is not to say that closed-source is necessarily any better, but one should not assume that open source is always the answer.

Re:decade long op!?

A combination of certain bios power management settings and certain drivers causes hell on earth for Windows 7 and up, just to add my anecdotal experience. Flip a setting and the system transforms from a perfectly stable machine to one crashing regularly from the desktop.

Re:decade long op!?

[erroneus]

I'll respond to this but not to the others.

That YOUR instance works great is fine. My instance also works flawlessly. The problem is often blamed on "third party software." Great. While the actual cause may actually be third party software as is demonstrable by the removal of (or omission of in a system reload) that doesn't escape the fact that the OS itself is vulnerable to 3rd party software crashing the OS. This is a kind of important rule of a good OS not to be vulnerable to 3rd party software causing it to crash.

And here's a great example of what I mean: In the past, I have had my laptop running Linux fail. The video chip failed. But I had applications and processes running in the background which I didn't want interrupted. So what did I do?

I was able to SSH into the machine which was STILL RUNNING despite the fact that the video was completely out. I was able to monitor the progress of the software and shut it down without problem, then shut down the computer as well. I was hoping it was some sort of [proprietary] software glitch in the driver, but alas, the video chip had died and I could get no video from the display or from the VGA port. The machine had to be replaced.

Now I ask you this. If this were Windows, would a video driver failure, especially one which started as a hardware failure, do you think the machine would have continued running or do you think the whole machine would have been taken down with it? (Rhetorical question, we all know the answer.) So now I point out that if other OSes can withstand hardware failures by crashing only the affected components (in this case, my X session was killed and the applications running under X also killed) why doesn't Windows? And if the OS on common PC hardware is capable of this level of resilience, why is Windows not? I get that speed and power and blah-blah-blah are imporant... on DESKTOP machines. But the problem is that Microsoft took a desktop OS and uses it as a server OS. Arguably, you can say that's not true -- the NT kernel was intended to be used for servers and stuff like that. Okay great. It still falls short. Drivers live in ring-0 and they don't (all) need to be running there.

I have argued this point numerous times with the same failing arguments presented. At the end of the day x86 hardware, when running a properly engineered OS, can compartmentalize all peripheral devices to the point that a crash on any given controller or whatever, will not crash the whole OS. I have experienced this often enough in Linux to know this works nicely. (I once had a vmware guest running Linux and had the storage fail... the damned thing kept running and when I SSH'd into the machine, it showed me HDD controller failures and stuff. It was pretty awesome.) So once again, WHY NOT WINDOWS?! Why can 3rd party software, whether they are drivers or applications, crash the damned OS?!

Re:decade long op!?

Money can't buy defence.

Re:decade long op!?

That's rather disturbing - that the best defense that money can buy failed to pick up a spy op for an entire decade!! I don't even know what to make of this news. Do you SysAdmin types out there have some input? Wouldn't you have noticed suspicious activity *sometime* sooner than a decade?

Oh lord, now who says sysadmins in governmental positions have to be knowledgeable? AFAIK they must only possess a degree of some kind which means they can memorize book material and answer questions. With a little money, knowledge-oriented papers can be purchased, as well. For the final exams, purchased material can be memorized the repeated with mnemonic techniques.

Psh. Full understanding of the technical feeds mouths not.

Sarcasm? Not this time.

Re:decade long op!?

[endus]

Because there's not really a great financial incentive to make the changes. The OS works well enough for what it is. The OS works well enough to garner pretty good market share. It could be better, but its pretty stable...stable enough to do its job.

It all comes down to money in the end.

Re:decade long op!?

Reflections on Trusting Trust (Ken Thompson, 1984): http://cm.bell-labs.com/who/ken/trust.html

Re:decade long op!?

[endus]

1.) You aren't allowed to use open source software because there's often no support or "community" support for it. With closed source products you can also require the company selling the software to have an independent code review done and (depending on your clout) provide some version of the results to you for review. If you could use open source, you would cost an enormous amount of money doing code review on someone else's code. No one wants to spend the money to do this, because it would only prevent a tiny minority of compromises.

If you "trust" all the software you install, whether it's open or closed source, you have already lost the battle.

2.) The symptoms of this malware would be readily apparent. TeamViewer traffic was picked up and flagged by default in the last signature based IDS I had access to. Why do you think it's impossible to install malware on open source products? Are you going to do a complete code review every time a new version or patch comes out? Are you running HIDS software on every single machine in your organization to prevent modification of the binary after its installed? What are you doing to prevent phishing and spear-phishing attacks which are the means that most attackers use to get a foothold in an organization and have been for more than 40 years now?

Your notion of "trust" is wide eyed and unrealistic. Security must be layered and standardized. It also must be practical, effective, financially reasonable, and comprehensive. This notion of open source software as the magic bullet that would have prevented this is incredibly silly.

Re:decade long op!?

I work for a government contractor as a sysadmin. The site is so segmented that, as the sysadmin, I have no access or information of the security systems installed on my servers. This is normal for the government. Segmentation, or compartmentalization, is the form of security that is used. It does restrict the sysadmin from watching and noticing "stuff".

Re:decade long op!?

[erroneus]

interesting you think their market share is due to sufficient quality.

Re:decade long op!?

1.) You aren't allowed to use open source software because there's often no support or "community" support for it.

Yeah, right. Open source software just appeared out of thin air without anyone or any community supporting it. I forgot, most open source software life cycles end at the release of version 1.0! Yours is just the typical uniformed corporate IT manager drone response.

Re:decade long op!?

[endus]

Not really. Your implication is that your opinion on the matter trumps what companies spending millions and millions of dollars believe is valuable.

Most enterprises run both Windows and open source operating systems these days. They do this because each is better suited to different tasks, not because of some ideological crusade.

Re:decade long op!?

[endus]

My response is that of an engineer who has run into multiple instances where open source software was tried in enterprise scale implementations and there were serious issues which we were not able to get a resolution for. Posting a message about performance problems with an agent running on domain controllers for an 80,000 node network and hoping that someone will eventually get around to fixing it is not what most companies consider, "support". They are looking for someone's feet to hold to the fire. Not that that model works 100% of the time, either (I'm looking at you Cisco!), but for the most part it does. It also provides a company with (some) assurance that the project isn't going to just die and leave them in the lurch.

Meanwhile, I continue to see heavy use of open source operating systems which are supported by various vendors in areas where it makes sense to use them. Sometimes commercial closed source products work better, sometimes they don't.

There has been a failure (in some areas, but not others) to respond to what the market has asked for with open source products. In many cases this is probably because the originators of the project really aren't seeking worldwide market domination, which is an extremely laudable way of going about things. In others, it's because the community doesn't acknowledge what is important, or isn't aiming to accommodate certain levels of implementations. Writing products for small to medium businesses is a lot easier than writing them for titanic enterprises. There's nothing wrong with making that distinction, and there's nothing wrong with leaving those markets for closed source projects to jump on.

What there is something wrong with is making the decision an ideological black and white choice and ignoring the requirements of the project completely.

Re:decade long op!?

[erroneus]

Microsoft is a convicted monopolist. It was shown not only that they abused their monopoly position, but pulled numerous tricks to get there. You are either new to IT or you've been smoking something. Everyone should know Microsoft's history by now.

Re:decade long op!?

In short, you are a shill doing your F.U.D.

Re:decade long op!?

Proper compartmentalization is the only proper strategy for achieving modest security. You can do it wrong, though.

Re:decade long op!?

[endus]

You're obviously very young or have worked for smaller companies, which is why you think that their status as "convicted monopolist" makes any difference to anyone. If their products didn't fill a need which there was not a better product available to fill, trust me, they wouldn't retain the business they do.

No one cares about ideology or even ethics. What they care about is making money. Windows fits into some big but very specific niches, and it performs that role extremely well. That's why it's still around.

That's also why it's been pushed out of certain segments of the market: because it *doesn't* do certain things very well. The key is the evaluation of the requirements of the project to determine what is the best fit.

Working in security, I deal with it all, all the time. I would say that operating system is probably the least important factor in judging the success of an implementation. One company I worked for had a network that was divided in half. Half the network was the officially supported infrastructure and included both windows and linux. Windows was 100% of the desktop infrastructure, and a mixture of OSes powered the server infrastructure. It worked amazingly. It accommodated extreme-novice users, who had way more important things to worry about than what OS was on their desktop, extremely well. Once they got their patching routine down, it was surprisingly resistant to worms and viruses. It was actually extremely impressive.

Then there was the other side of the network which ran from datacenters in closets and servers under peoples desks. It was a mixture of windows and linux and I would say a solid 60% of it was dismally run. Constant compromises and virus infections. Extreme resistance to common sense security precautions. Blatant outrage when servers were taken offline because they were affecting other life-and-death critical machines, etc. No patching at all. A complete lack of understanding of what they were even running, much less what version. I could go on and on.

The point is, shitty administrators make for shitty implementations regardless of OS. Good administrators make for good implementations, regardless of OS. Good administrators choose the best tool for the job and use it. Shitty administrators are ideologues who will force a tool to do a job that it's not that good at.

Re:decade long op!?

I don't find it disturbing.

I have a folder full of malware on my desktop PC. Every time a file coming across my desk got flagged I zipped it up and stuck it in there. I've been doing that for about 15 years.

I've noticed that most things drop off the radar of modern malware detection tools pretty quickly. The only tool that reliably finds the nasties is still ClamAV. I also noticed that the difference between "commerical" tools and ClamAV is the scan speed. The commercial scans complete in tens of minutes for the entire machine. The Clam scan takes hours. There are four reason I don't run Clam exclusively...

1. It is frozen treacle up hill slow - scanning the whole PC takes all night and renders it unusable.
2. It doesn't have an real-time protection mode.
3. It has a terrible false-positive rate.
4. It seems to lag behind the commercial vendors in catching very new threats.

So it't not disturbing they didn't notice anything. They brought into the popular notion that a single tool is enough to save you.

Re:decade long op!?

[whoever57]

You're obviously very young or have worked for smaller companies, which is why you think that their status as "convicted monopolist" makes any difference to anyone. If their products didn't fill a need which there was not a better product available to fill, trust me, they wouldn't retain the business they do.

And you don't understand the concept of monopoly abuse. There were few "better products" because Microsoft used its monopoly power to suppress them. Microsoft did not make products that were better than the competition, instead, they used illegal means to prevent the competition from developing and releasing competing products.

Re:decade long op!?

[endus]

And you don't understand the concept of monopoly abuse. There were few "better products" because Microsoft used its monopoly power to suppress them. Microsoft did not make products that were better than the competition, instead, they used illegal means to prevent the competition from developing and releasing competing products.

So, go make a better product then.

I saw a fair number of products in process that may have provided a better experience in particular areas, but none that seemed to have the same goals as Windows had in mind. OS X is a pretty good example on the desktop. In some contexts it is a better product, but it's not enterprise focused.

We can cry foul all day, but that's the way life goes. Move forward.

Stupidity knows no bounds.

[BadMoles]

I'm sorry but if you're stupid enough not to be able to see the Teamviewer Icon in your systemtray, you kinda deserve to be hacked...

Re:Stupidity knows no bounds.

[SuricouRaven]

They probably used a patched version that doesn't put the icon there.

Re:Stupidity knows no bounds.

They probably used a patched version that doesn't put the icon there.

Boss of mine in the past wanted to view the computer screens of salespeople to see why sales were way down. ResHack to make the icon transparent (but still appear next to the clock) and removal the associated mouse-over and menu entries made the VNC viewer renamed 'lsass.exe' undetectable to the non-savvy (which meant all of them). On connect, the screen would flash once but they all thought it was typical Windows/LCD monitor behavior. Having saved connection entries on the boss' computer that did not allow interaction but rather view-only mode made it the best tool he used. :)

Poland?

[Jacek+Poplawski]

Is this country Poland?

Re:Poland?

Yes.

A strong push for open source in government

[Morgaine]

I suspect that as more malware and backdoors are discovered in systems used by government, the penny will begin to drop more frequently. Closed source is incompatible with security, by definition, since you cannot validly trust what you cannot see.

Companies have the luxury to risk their security by placing their trust in a corporation and in closed source brands, and to pay the price of failure. But governments do not have this luxury, because failure compromises the security and sovereignty of a nation.

The push for open source in government will be gaining impetus in the years ahead as more national infrastructure becomes networked and the security risk becomes evident. Each report of espionage malware found is just another data point highlighting the insecurity of closed source systems.

It's a reasonable guess I think that government perceptions are changing because of this, and open source is slowly becoming non-optional.

Re:A strong push for open source in government

I suspect that as more malware and backdoors are discovered in systems used by government, the penny will begin to drop more frequently. Closed source is incompatible with security, by definition, since you cannot validly trust what you cannot see

Bullshit. Open or closed source has no direct bearing on the ability of an attacker to infect a binary. Open source provides more eyes on a given bug or problem, but once compiled and running its the exact same problem.
The article mentions use of a modified signed binary. So tell me how open source is going to remedy that? Unless you're recompiling from scratch (your entire tool chain, plus dependencies) on each launch, you're just as fucked as the next guy. Are you going to checksum the binary in memory each time a method is called? Are you going to encrypt/decrypt on each call? What's to stop an attacker from modifying your checksum code in the same manner as CD checks on games are trivially broken?
The only thing open source is really going to do for you is ensure that if you compile from source, the attack didn't originate from that source. So what?

Re:A strong push for open source in government

Your reasoning is based on the implicit assumption that governments have information security as their highest priority. I can tell you that MONEY trumps all of that. Commericalware plus commercial firewalls and other "security solutions" entail more money, more scope for kickbacks to uniformed and civil politicians.

That's why your reasoning is entirely faulty.

Re:A strong push for open source in government

Open or closed source has no direct bearing on the ability of an attacker to infect a binary.

That is a false statement. Infection doesn't happen by magic. A binary can't be infected if there is no pathway for infection.

With open source you can check for the existence of such pathways, easily. And if the open source software in question is public, then a million eyeballs will be doing that checking for you as well, even if you don't have the time or manpower to do it yourself.

The difference in security with closed source is immense.

Re:A strong push for open source in government

The fact it's open source IS (or can be) the pathway. If it's a small piece of software that does a specific function that's not of use to many people, your million eyeballs shrink rapidly. And what you're left with (IMO) is a handful of eyeballs thinking "I don't have the time/skills for this, it's open source, I'm sure someone will have looked over it" while no one actually does. Or someone auditing the code but not the stuff around it, or maybe the code as distributed is clean and will compile into a clean and functioning binary, but the scripts around it actually add some malicious steps if certain criteria are met. Open source isn't a magic bullet.

Re:A strong push for open source in government

We're talking binaries here. A running binary is a running binary, no matter the philosophy behind creating it. It is technically true that attack vectors are more easily spotted in an open source piece of software (provided that the community around it is actually looking at it). However, that has no relevance to the running binary. Once launched, bugs or no, it is a binary same as any other.

Remember, it is not the amount of bugs in a piece of code that enables an attack vector, it is the fact that there is a bug in the first place. It doesn't really matter if the software is otherwise completely flawless, who made it and what they believed in.
A false statement, if you want to go there, is to state

With open source you can check for the existence of such pathways

Easy is a subjective word, and any piece of software with any degree of complexity is by no means "easy" to review. Especially from scratch. And again, what do you do when your open source software is not directly involved in the attack vector? What if your gcc is outputting tainted code? How is that going to help you? It's turtles all the way down.

Re:A strong push for open source in government

We're talking binaries here. A running binary is a running binary, no matter the philosophy behind creating it

All binaries are not created equal. A binary made from open source code cannot have direct support for a deliberate backdoor nor blatantly obvious security holes because they would show up, whereas a binary made from closed sources most certainly can have both, and very commonly does.

This is obvious. If you can't see it yourself then you're just not thinking clearly about the issue.

More likely of course you're deliberately dismissing the incontrovertible, for reasons unstated.

Re:A strong push for open source in government

[jader3rd]

With open source you can check for the existence of such pathways, easily.

Your statement kind of assumes that every little shop can afford someone so deeply intimate with C++, and every known security hole that it is "easy" for them to check. It is certainly not easy for the vast majority of places to crack open the source code and go "oh look, a hole!".

Re:A strong push for open source in government

We're talking binaries here. A running binary is a running binary, no matter the philosophy behind creating it

All binaries are not created equal. A binary made from open source code cannot have direct support for a deliberate backdoor nor blatantly obvious security holes because they would show up...

You're assuming that anyone bothers to look for vulnerabilities in the source. This is only guarantied to be true if you do so yourself (and have the skills to do it effectively).

In the real world this means "open source is more secure" is as useless an attitude as "security through obscurity".

Re:A strong push for open source in government

[endus]

Most companies don't have the resources to do really good code review on their own software, much less on every piece of software that comes in the door. The government has (unfortunately) many more resources, and they also have the clout to get source code or request independent code reviews on software which they buy. Actually, independent code reviews and penetration testing are becoming a part of most customer contracts now anyway, even between two regular businesses.

Support. That's why companies and government agencies choose closed source. Open source products which you can get support for can usually get a decent foothold. Open source products for which there is no support or "community" support won't be able to become as widely adopted. It's really not this complex ideological war.

I have no idea why the comments in this article are so focused on open source. Well, yes I do, it's Slashdot....but this breach could have been prevented or detected any number of ways. I've seen suspicious TeamViewer traffic in IDS consoles before. Why were these agencies not implementing basic security controls?

Using open source software isn't the magic bullet to prevent compromises. Even in closed source environments phishing and spearphishing are widely used to gain a foothold on a network. This technique is suddenly impossible because of a financially impractical code review procedure for every piece of software that comes in the door? C'mon.

The answer to these compromises is the same as it's always been. Layered security, standardized procedures, visibility into network traffic and systems, preventing employees from installing non-supported non-auditable remote access software, monitoring and auditing, etc. If these agencies somehow have the resources to do code review on every piece of software in their environment then, sure, that's an awesome layer to add to the process...but it's an expensive layer and one that addresses a problem that isn't a big risk in the grand scheme of things.

Re:A strong push for open source in government

That would imply that _any_ of these significant and ongoing APT activities are enabled due to backdoors in closed source software.

I implore you to show me evidence of one such case, actually.

Re:A strong push for open source in government

So what your saying is:

If I'm too lazy to check it myself, I could be comprimised.

If I use closed source - I can't check it at all! - So I'm ok.

Yeah right.

Re:A strong push for open source in government

Your shilling actually adds some value besides the usual F.U.D. And yeah, close-source software supports their users very well. Especially when the users are Chinese intelligence rummaging though a Lockheed-Martin computer:

http://boingboing.net/2011/05/27/attack-on-rsas-secur.html

http://www.pcworld.com/article/237290/RSA_Hacking_Trail_Traced_to_China.html

Re:A strong push for open source in government

Even if ten different, capable developers look at some piece of FOSS, that's about 10 times more reviews than the typical close-source software will ever get.

Plus, I am not at the mercy of a sleazy corporation if I want a problem fixed, including security problems. I can hire an expert to do it or maybe even do it myself. That's invaluable.

But yeah, Mr shill, thanks for letting us know the sleazebag corporation MS is still alive and kicking in a corner of hell.

Windows only ...

[dgharmon]

"The attackers relied on a variety of methods, including the use of a digitally signed version of TeamViewer that has been modified through a technique known as "DLL hijacking" to spy on targets in real-time." link

"Secret"

Why are things labeled as "secret" to begin with? I'd just label everything as "secret", even things that are not. Yeah, yeah, security or obscurity, w/e.

Do YOU mean "this other operating system"?

That's "so secure" (NOT) from recent history 2011-2013? Take a read ("read 'em & weep"):

"Nearly nine out of ten security vulnerabilities in Windows computers last year were the fault of popular third-party applications, as opposed to Microsoft's own software." FROM -> http://www.theregister.co.uk/2013/03/15/secunia_vulnerability_research/

(And, that's "hot off the presses"/current...)

+

Linux STILL needs patches @ the core - all the way from kernel build 2.6 thru current ones (been there for ages on this one):

---

Linux STILL needs patching @ kernel level in 2013, thru ALL distros 2.6-3.8 current:

http://www.zdnet.com/linux-kernel-exploit-gets-patched-7000011844/

(Face facts, that THAT line of "b.s." of "Linux = Secure & Windows != Secure" just DOESN'T HOLD ANY WATER - the core of Linux STILL gets patched vs. vulnerabilities, just like Windows NT-based OS, & they ARE RELATIVELY THE SAME AGE too! Thus, proving (especially via ANDROID) that "the most used = most attacked"...)

---

Apparently, I need to put out more on that note, so here goes (as to Linux's "fine security showing" over the past couple years now/current history):

---

2012:

New Linux Rootkit Emerges:

https://threatpost.com/en_us/blogs/new-linux-rootkit-emerges-112012

"A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems."

---

'FIRST ever' Linux, Mac OS X-only password sniffing virus spotted:

http://www.theregister.co.uk/2012/08/29/linux_mac_trojan/

---

Medicaid hack update: 500,000 records and 280,000 SSNs stolen:

http://www.zdnet.com/blog/security/medicaid-hack-update-500000-records-and-280000-ssns-stolen/11444

So, what's dts.utah.gov running everyone?

LINUX (and yes, it got HACKED) -> http://uptime.netcraft.com/up/graph?site=dts.utah.gov

What's health.utah.gov running too??

YOU GUESSED IT: LINUX AGAIN -> http://uptime.netcraft.com/up/graph?site=health.utah.gov

* Ah, yes - see the YEARS OF /. "BS" FUD is CRUMBLING AROUND THE PENGUINS EARS HERE & 2012's starting out just like 2011 did below!

===

2011:

KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (that's VERY bad - do you trust it now?)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com

---

London Stock Exchange serving malware:

Re:Do YOU mean "this other operating system"?

[myowntrueself]

Please, just cut to the chase and tell us how MyCleanPC will fix everything for us.

About TeamViewer

For the past few years I have regarded TeamViewer has highly suspect and not to be trusted. My peers seemed to hold a similar view.

Lately, there is a lot of favorable talk about TeamViewer. Has something changed? If so, what? Or, have we simply become inundated with noobs who will cluelessly run anything at all?

Re:About TeamViewer

For a computer processing confidential or secret data, Teamviewer or WebEx are clearly a no-go. All closed-source software processing such data must be firmly locked behind an open-source firewall such as iptables. Because we don't know how many exploits and backdoors are inside of them. Better avoid Adobe stuff completely and open Office documents in a sandbox.

mo3 doWn

Ifeel obligated to is dying. Fact:

Reduced to off-topic trolling, troll?

Can't disprove my verifiable & undeniable data here http://it.slashdot.org/comments.pl?sid=3566769&cid=43233201 ? Absolutely... & you're reduced to trolling b.s., nothing more, lol!

Thanks for proving THAT much for me - "onwards & upwards"!

---

"Please, just cut to the chase and tell us how MyCleanPC will fix everything for us." - by myowntrueself (607117) on Thursday March 21, @09:20AM (#43233499)

Clue: I have ZERO to do with "MyCleanPC"...

So - what's your point?

That when trolls like yourself are confronted by verifiable undeniable data contrary to your so-called "points" (fud spreading b.s. is more like it), such as what I utilized in the link above, you get reduced to off-topic trolling replies??

Absolutely.

---

* Not that a troll like you ever even HAS a valid point either!

(It's obvious you can't disprove mine, which were backed by said concrete, verifiable & undeniable data in the link above (from reputable sources))...

APK

P.S.=> See my subject-line above: Absolutely, as to the result here on YOUR part: You FAIL, troll!

Yes - that's what FACT + TRUTH do to "FUD" spouting trolls, every single time - it makes you "Run, Forrest - RUN!!!" or get reduced to mere off-topic 'trolling', nothing more... lol!

... apk

"teamspeak" user?

By any chance, does teamviewer software use a login named teamspeak? I noticed lots of ssh brute force attempts to login as a user named "teamspeak" and eventually added that name to my /var/lib/denyhosts/restricted-usernames so that the bullshit would get automatically identified sooner.

"Rinse, Lather, & Repeat" troll... apk

http://it.slashdot.org/comments.pl?sid=3566769&cid=43233707

* You FAIL, troll... & you know it, I know it, + anyone reading with 1/2 a brain does also!

APK

P.S.=> All the bogus downmods in the world can't help you vs. facts & truth I posted here originally -> http://it.slashdot.org/comments.pl?sid=3566769&cid=43233201 that YOU, troll, can't seem to disprove (since the facts I posted are backed from reputable sources).

... apk