Windows Flaw Allowed Hackers To Spy On NATO, Ukraine, Others

An anonymous reader writes: Reuters reports that a cybersecurity firm has found evidence that a bug in Microsoft's Windows operating system has allowed hackers located in Russia to spy on computers used by NATO, Ukraine, the European Union, and others for the past five years. Before disclosing the flaw, the firm alerted Microsoft, who plans to roll out a fix on Tuesday. "While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime. For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight."

Hilarious

Russians using American software to spy on NATO. The irony is mind blowing.

Re:Hilarious

[nukenerd]

... unsolicited email is bad, NATO and other sensitive document handling people, ok?

If NATO or any other agency working on defence or international relations issues receives an unsolicited email purporting to list pro-Russian extremist activities, then they certainly should open it. That is part of their job - to remain in touch with these affairs. Chances are it is a hoax or scam, but they should still check. Otherwise it would be like the fire brigade refusing to pick up the emergency calls phone in case it is a hoax.

OTOH, they should open such emails in a sandbox suchas a VM, preferably in a non-Windows environment. They are professionals - they should be able to handle this sort of thing.

Read here for a more detailed perspective

Read here for a more detailed perspective
http://www.isightpartners.com/2014/10/cve-2014-4114/

Re:Read here for a more detailed perspective

[fgrieu]

In addition to isight's blog
there's an article in Wired

Sensationalize much?

[palemantle]

1 - ISight claims this has been a five year campaign and then add that "hackers began only in August to exploit a vulnerability found in most versions of Windows". So where did the "five year" timeline come from?

2 - "Russian hackers target NATO, Ukraine and others" the article screams and then we find this wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian:
"Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here".

Sounds like a bunch of FUD to me

Re:Sensationalize much?

[benjymouse]

1 - ISight claims this has been a five year campaign and then add that "hackers began only in August to exploit a vulnerability found in most versions of Windows". So where did the "five year" timeline come from?

2 - "Russian hackers target NATO, Ukraine and others" the article screams and then we find this wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian:

Sounds like a bunch of FUD to me

While I suspect that ISight (like all "security research" companies) deliberately stirs the pot (it helps generate awareness of their products), they do not actually claim that the specific vulnerability has been used for 5 years.

One could imagine that the "Sandworm" operation has been ongoing for 5 years. If they continually and persistently try to infiltrate NATO and other organizations they will probably use whatever opportunity presents itself. They actually also try to exploit vulnerabilities that have long been patched, hoping to hit an unpatched machine.

So while they do try to sensationalize, it is conceivable that the hacker group is older than just the most recently used vulnerability.

I wonder how long the NSA

[wiredog]

has had this one on the shelf, without disclosing it?

Re:I wonder how long the NSA

[TheRaven64]

That's the real question. And again, the NSA needs to answer the following question:

Were they sufficiently technically incompetent that they didn't discover an attack that the Russians have been using, or were they sufficiently inept in a more general intelligence sense that they didn't realise that leaving US and allied machines vulnerable might be a problem?

Re:I wonder how long the NSA

[skgrey]

If they did have the exploit (and they probably did) the issue is visibility - they know they have this exploit, and probably a lot more, that can be used to easily get access to a system. How do you only patch "friendly" computers? Alerting Microsoft that this issue exists means that they will push out the patch to everyone, they simply aren't going to write patches for "friendly" computers. There allegiance is to the market, not to the country.

That's probably the big problem the NSA has in general - they have all these great exploits, but others could have them as well. They are the method for being able to do some of the critical things they need to do to get access, especially abroad, but the second they disclose they potentially lose their ability to utilize them. It becomes a spy race at that point - get as much important data as you can while hoping the "bad guys" aren't doing the same or are slower at it.

I wonder if the NSA ever feels a little guilty, knowing they have these exploits and could get them patched, and ultimately one of the could be used to do something very, very bad.

Re:I wonder how long the NSA

[king+neckbeard]

Since the security of Microsoft systems became a significant factor in national security. Perhaps they could shift their efforts of illegally tipping off DEA agents into security audits of software vital to our infrastructure, since that would actually protect the security of the nation.

Governments

[ruir]

Using foreign proprietary technology and using in particular Windows are retarded. What are they really expecting?

Re:People must be blind

well some malware has the ability to hide from task manager.
couple this with the fact that the average user will have something like 100 processes running on boot up, they won't trim down unnecessary stuff.
And has no idea what most of them are.

I am of the opinion MS needs to make the above process simpler by trimming down the number of processes that run by default. Obviously keep separate things that do need to run in different security contexts, but there are way too many processes that run by default.

@AC (#48138981) - Re:Not unexpected....

[nukenerd]

Bill [Gates] also said 640k should be enough memory for anyone (I have the audio recording!)

Really? Please could you give a link to that. People have argued over and over whether he really said that. He denies it himself, so it would be very interesting if a recording exists and can be made public.

Security

Put your computers in a locked room.

Do not attach your computers to an external network.

If you don't trust your employers, don't attach your computers to any network.

Lock the door to the computer room and allow no one but trusted individuals entry.

Lock the door.

We knew this in 1975 when I worked at Burroughs. We knew this in 1973 when I was in charge of changing the paper tapes used for batch printing. Why don't we seem to know this today?

No mention of Kaspersky link to FSB

Article fails to mention that Kaspersky anti-virus maker themselves has been linked to Russian state security services and computers using Kaspersky may contain back doors accessible to FSB.

Re:Anyone using Windows deserves it

[BronsCon]

I'll start with your last comment first. Your files, online and off, may have never been modified or deleted by someone other than yourself but that doesn't mean they haven't been hacked. A good hack leaves no trace and an expert hacker would copy your files without altering them.

Everything else you say... well... It's true that Linux often lags in support for the newest video and graphics cards, and some cheap shit scanners that only ship with binary blob drivers (I've experienced this and Linux was doing me a favor, when I got it working on Windows and saw the crap quality, I realized this), but it sure beats the pants off Windows in support for pretty much everything else. Cant' really beat CUPS for printer support, for example; at the office, we have a networked HP laser printer, pretty old but still functions flawlessly so why replace it? It's a good thing we're a Linux and OSX house, because our Win7 testing box doesn't have a driver for it. I don't have time to list every instance of this I've encountered, so I've provided one example on each side, take that however you will.

I'm not sure what 1990's technology you were running Linux on when you supposedly tried it in the past, but font rendering has been decent in most Linux distros for at least a decade. I haven't seen X eat CPU since I started using a supported accelerated graphics card (e.g. anything from Intel and anything not brand new from AMD or nVidia) and, honestly... you're gonna say Linux has ugly DEs while using that tiles interface? If you don't like your DE on Linux, you install a different one, or configure it however you want. Done. Don't like the Windows DE? Do what most people do, skip the upgrade and forego patches until MS releases something you do like again. Have fun with that.

As for hours, days, and weeks of wasted time on Windows, yes, if you're managing more than a handful of machines and aren't a super-competent admin, it happens. Look at any school or government IT department for examples. Of course, it happens with any OS; Linux has a decent enough community that you can usually find someone to help you out of a bind if you get stuck, though; maybe I wasn't in the right communities, but I never had that when I was a hardcore Windows user. Once you get your system set up the way you like, regardless of OS, you can image it so it's quick to clone or restore; upgrades are a bit easier with Linux, though, IMO, since a new release of your distro may introduce a new DE, but you're welcome to keep using the old one if you like it. Really nice after you've spent the time to customize it.

Re:Anyone using Windows deserves it

[Cabriel]

If one uses Windows he deserves what he gets!

Ok. I'll bite.

- Hours, days, weeks of waisted time in Installations configurations and updates.

My system installs configuration updates at night or in the background and only reboots when I'm not using it, so no wasted time.

- Bad style, and ugliness

Subjective. I quite like the style and presentation of Windows all the way through Windowss 8.1 although Metro apps are a slight nuisance, but I've never used any open source tool that has better style than its Windows-equivalent, including Apache/Libre/Open Office, The GIMP, Firefox, nor anything made by Google (and if you try to claim Google Docs is somehow better than MSOffice, I guess everyone will now how full of shit you are).

- Slowness and retarded technology

Well, slowness is measurable, but as with your first false claim, it doesn't impact me in meaningful ways. "retarded" technology, however, is subjective and also not something someone should try to hold against MS given how many terrible, terrible OS tools exist.

- Limited devices and architecture support

Really? Really? OK. I'm done here.