Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Flaw Allowed Hackers To Spy On NATO, Ukraine, Others

Posted by Soulskill on from the hand-in-the-cookie-jar dept.

An anonymous reader writes: Reuters reports that a cybersecurity firm has found evidence that a bug in Microsoft's Windows operating system has allowed hackers located in Russia to spy on computers used by NATO, Ukraine, the European Union, and others for the past five years. Before disclosing the flaw, the firm alerted Microsoft, who plans to roll out a fix on Tuesday. "While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime. For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight."

5 of 97 comments (clear)

  1. Sensationalize much? by palemantle · · Score: 4, Interesting

    1 - ISight claims this has been a five year campaign and then add that "hackers began only in August to exploit a vulnerability found in most versions of Windows". So where did the "five year" timeline come from?

    2 - "Russian hackers target NATO, Ukraine and others" the article screams and then we find this wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian:
    "Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here".

    Sounds like a bunch of FUD to me

    1. Re:Sensationalize much? by benjymouse · · Score: 4, Interesting

      1 - ISight claims this has been a five year campaign and then add that "hackers began only in August to exploit a vulnerability found in most versions of Windows". So where did the "five year" timeline come from?

      2 - "Russian hackers target NATO, Ukraine and others" the article screams and then we find this wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian:

      Sounds like a bunch of FUD to me

      While I suspect that ISight (like all "security research" companies) deliberately stirs the pot (it helps generate awareness of their products), they do not actually claim that the specific vulnerability has been used for 5 years.

      One could imagine that the "Sandworm" operation has been ongoing for 5 years. If they continually and persistently try to infiltrate NATO and other organizations they will probably use whatever opportunity presents itself. They actually also try to exploit vulnerabilities that have long been patched, hoping to hit an unpatched machine.

      So while they do try to sensationalize, it is conceivable that the hacker group is older than just the most recently used vulnerability.

      --
      Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  2. @AC (#48138981) - Re:Not unexpected.... by nukenerd · · Score: 3, Interesting

    Bill [Gates] also said 640k should be enough memory for anyone (I have the audio recording!)

    Really? Please could you give a link to that. People have argued over and over whether he really said that. He denies it himself, so it would be very interesting if a recording exists and can be made public.

  3. Re:Hilarious by nukenerd · · Score: 4, Interesting

    ... unsolicited email is bad, NATO and other sensitive document handling people, ok?

    If NATO or any other agency working on defence or international relations issues receives an unsolicited email purporting to list pro-Russian extremist activities, then they certainly should open it. That is part of their job - to remain in touch with these affairs. Chances are it is a hoax or scam, but they should still check. Otherwise it would be like the fire brigade refusing to pick up the emergency calls phone in case it is a hoax.

    OTOH, they should open such emails in a sandbox suchas a VM, preferably in a non-Windows environment. They are professionals - they should be able to handle this sort of thing.

  4. Re:Anyone using Windows deserves it by Cabriel · · Score: 3, Interesting

    If one uses Windows he deserves what he gets!

    Ok. I'll bite.

    - Hours, days, weeks of waisted time in Installations configurations and updates.

    My system installs configuration updates at night or in the background and only reboots when I'm not using it, so no wasted time.

    - Bad style, and ugliness

    Subjective. I quite like the style and presentation of Windows all the way through Windowss 8.1 although Metro apps are a slight nuisance, but I've never used any open source tool that has better style than its Windows-equivalent, including Apache/Libre/Open Office, The GIMP, Firefox, nor anything made by Google (and if you try to claim Google Docs is somehow better than MSOffice, I guess everyone will now how full of shit you are).

    - Slowness and retarded technology

    Well, slowness is measurable, but as with your first false claim, it doesn't impact me in meaningful ways. "retarded" technology, however, is subjective and also not something someone should try to hold against MS given how many terrible, terrible OS tools exist.

    - Limited devices and architecture support

    Really? Really? OK. I'm done here.