Windows Flaw Allowed Hackers To Spy On NATO, Ukraine, Others

An anonymous reader writes: Reuters reports that a cybersecurity firm has found evidence that a bug in Microsoft's Windows operating system has allowed hackers located in Russia to spy on computers used by NATO, Ukraine, the European Union, and others for the past five years. Before disclosing the flaw, the firm alerted Microsoft, who plans to roll out a fix on Tuesday. "While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime. For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight."

I wonder how long the NSA

[wiredog]

has had this one on the shelf, without disclosing it?

Re:I wonder how long the NSA

[TheRaven64]

That's the real question. And again, the NSA needs to answer the following question:

Were they sufficiently technically incompetent that they didn't discover an attack that the Russians have been using, or were they sufficiently inept in a more general intelligence sense that they didn't realise that leaving US and allied machines vulnerable might be a problem?

Re:I wonder how long the NSA

[skgrey]

If they did have the exploit (and they probably did) the issue is visibility - they know they have this exploit, and probably a lot more, that can be used to easily get access to a system. How do you only patch "friendly" computers? Alerting Microsoft that this issue exists means that they will push out the patch to everyone, they simply aren't going to write patches for "friendly" computers. There allegiance is to the market, not to the country.

That's probably the big problem the NSA has in general - they have all these great exploits, but others could have them as well. They are the method for being able to do some of the critical things they need to do to get access, especially abroad, but the second they disclose they potentially lose their ability to utilize them. It becomes a spy race at that point - get as much important data as you can while hoping the "bad guys" aren't doing the same or are slower at it.

I wonder if the NSA ever feels a little guilty, knowing they have these exploits and could get them patched, and ultimately one of the could be used to do something very, very bad.

Re:I wonder how long the NSA

[king+neckbeard]

Since the security of Microsoft systems became a significant factor in national security. Perhaps they could shift their efforts of illegally tipping off DEA agents into security audits of software vital to our infrastructure, since that would actually protect the security of the nation.

Governments

[ruir]

Using foreign proprietary technology and using in particular Windows are retarded. What are they really expecting?

Security

Put your computers in a locked room.

Do not attach your computers to an external network.

If you don't trust your employers, don't attach your computers to any network.

Lock the door to the computer room and allow no one but trusted individuals entry.

Lock the door.

We knew this in 1975 when I worked at Burroughs. We knew this in 1973 when I was in charge of changing the paper tapes used for batch printing. Why don't we seem to know this today?

No mention of Kaspersky link to FSB

Article fails to mention that Kaspersky anti-virus maker themselves has been linked to Russian state security services and computers using Kaspersky may contain back doors accessible to FSB.

Re:People must be blind

[Ol+Olsoc]

User clicks on a malicious PPT file, which installs a backdoor. Don't people check task manager for unscrupulous executables running on their systems?

I'm envisioning a CEO at the big yearly meeting checking for "unscrupulous executables" when he starts his PowerPoint presentation.

This is the problem with you apologists. You have all of these excuses for Microsoft's flaws, and all of your "I can't believe that you didn't (insert really unlikely geek action performed by normal user here) , so it's all your fault."

If almost everyone is too stupid to use Microsoft OS, despite normal or high intelligence, maybe it really isn't their problem.

Re:Anyone using Windows deserves it

[BronsCon]

I'll start with your last comment first. Your files, online and off, may have never been modified or deleted by someone other than yourself but that doesn't mean they haven't been hacked. A good hack leaves no trace and an expert hacker would copy your files without altering them.

Everything else you say... well... It's true that Linux often lags in support for the newest video and graphics cards, and some cheap shit scanners that only ship with binary blob drivers (I've experienced this and Linux was doing me a favor, when I got it working on Windows and saw the crap quality, I realized this), but it sure beats the pants off Windows in support for pretty much everything else. Cant' really beat CUPS for printer support, for example; at the office, we have a networked HP laser printer, pretty old but still functions flawlessly so why replace it? It's a good thing we're a Linux and OSX house, because our Win7 testing box doesn't have a driver for it. I don't have time to list every instance of this I've encountered, so I've provided one example on each side, take that however you will.

I'm not sure what 1990's technology you were running Linux on when you supposedly tried it in the past, but font rendering has been decent in most Linux distros for at least a decade. I haven't seen X eat CPU since I started using a supported accelerated graphics card (e.g. anything from Intel and anything not brand new from AMD or nVidia) and, honestly... you're gonna say Linux has ugly DEs while using that tiles interface? If you don't like your DE on Linux, you install a different one, or configure it however you want. Done. Don't like the Windows DE? Do what most people do, skip the upgrade and forego patches until MS releases something you do like again. Have fun with that.

As for hours, days, and weeks of wasted time on Windows, yes, if you're managing more than a handful of machines and aren't a super-competent admin, it happens. Look at any school or government IT department for examples. Of course, it happens with any OS; Linux has a decent enough community that you can usually find someone to help you out of a bind if you get stuck, though; maybe I wasn't in the right communities, but I never had that when I was a hardcore Windows user. Once you get your system set up the way you like, regardless of OS, you can image it so it's quick to clone or restore; upgrades are a bit easier with Linux, though, IMO, since a new release of your distro may introduce a new DE, but you're welcome to keep using the old one if you like it. Really nice after you've spent the time to customize it.