Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Flaw Allowed Hackers To Spy On NATO, Ukraine, Others

Posted by Soulskill on from the hand-in-the-cookie-jar dept.

An anonymous reader writes: Reuters reports that a cybersecurity firm has found evidence that a bug in Microsoft's Windows operating system has allowed hackers located in Russia to spy on computers used by NATO, Ukraine, the European Union, and others for the past five years. Before disclosing the flaw, the firm alerted Microsoft, who plans to roll out a fix on Tuesday. "While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime. For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight."

13 of 97 comments (clear)

  1. Hilarious by Anonymous Coward · · Score: 5, Funny

    Russians using American software to spy on NATO. The irony is mind blowing.

    1. Re:Hilarious by nukenerd · · Score: 4, Interesting

      ... unsolicited email is bad, NATO and other sensitive document handling people, ok?

      If NATO or any other agency working on defence or international relations issues receives an unsolicited email purporting to list pro-Russian extremist activities, then they certainly should open it. That is part of their job - to remain in touch with these affairs. Chances are it is a hoax or scam, but they should still check. Otherwise it would be like the fire brigade refusing to pick up the emergency calls phone in case it is a hoax.

      OTOH, they should open such emails in a sandbox suchas a VM, preferably in a non-Windows environment. They are professionals - they should be able to handle this sort of thing.

  2. Read here for a more detailed perspective by Anonymous Coward · · Score: 4, Informative

    Read here for a more detailed perspective
    http://www.isightpartners.com/2014/10/cve-2014-4114/

    1. Re:Read here for a more detailed perspective by fgrieu · · Score: 5, Informative

      In addition to isight's blog
      there's an article in Wired

  3. Sensationalize much? by palemantle · · Score: 4, Interesting

    1 - ISight claims this has been a five year campaign and then add that "hackers began only in August to exploit a vulnerability found in most versions of Windows". So where did the "five year" timeline come from?

    2 - "Russian hackers target NATO, Ukraine and others" the article screams and then we find this wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian:
    "Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here".

    Sounds like a bunch of FUD to me

    1. Re:Sensationalize much? by benjymouse · · Score: 4, Interesting

      1 - ISight claims this has been a five year campaign and then add that "hackers began only in August to exploit a vulnerability found in most versions of Windows". So where did the "five year" timeline come from?

      2 - "Russian hackers target NATO, Ukraine and others" the article screams and then we find this wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian:

      Sounds like a bunch of FUD to me

      While I suspect that ISight (like all "security research" companies) deliberately stirs the pot (it helps generate awareness of their products), they do not actually claim that the specific vulnerability has been used for 5 years.

      One could imagine that the "Sandworm" operation has been ongoing for 5 years. If they continually and persistently try to infiltrate NATO and other organizations they will probably use whatever opportunity presents itself. They actually also try to exploit vulnerabilities that have long been patched, hoping to hit an unpatched machine.

      So while they do try to sensationalize, it is conceivable that the hacker group is older than just the most recently used vulnerability.

      --
      Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  4. I wonder how long the NSA by wiredog · · Score: 4, Insightful

    has had this one on the shelf, without disclosing it?

    --

    Best Slashdot Co
    1. Re:I wonder how long the NSA by TheRaven64 · · Score: 4, Insightful
      That's the real question. And again, the NSA needs to answer the following question:

      Were they sufficiently technically incompetent that they didn't discover an attack that the Russians have been using, or were they sufficiently inept in a more general intelligence sense that they didn't realise that leaving US and allied machines vulnerable might be a problem?

      --
      I am TheRaven on Soylent News
    2. Re:I wonder how long the NSA by skgrey · · Score: 3, Insightful

      If they did have the exploit (and they probably did) the issue is visibility - they know they have this exploit, and probably a lot more, that can be used to easily get access to a system. How do you only patch "friendly" computers? Alerting Microsoft that this issue exists means that they will push out the patch to everyone, they simply aren't going to write patches for "friendly" computers. There allegiance is to the market, not to the country.

      That's probably the big problem the NSA has in general - they have all these great exploits, but others could have them as well. They are the method for being able to do some of the critical things they need to do to get access, especially abroad, but the second they disclose they potentially lose their ability to utilize them. It becomes a spy race at that point - get as much important data as you can while hoping the "bad guys" aren't doing the same or are slower at it.

      I wonder if the NSA ever feels a little guilty, knowing they have these exploits and could get them patched, and ultimately one of the could be used to do something very, very bad.

    3. Re:I wonder how long the NSA by king+neckbeard · · Score: 4, Insightful

      Since the security of Microsoft systems became a significant factor in national security. Perhaps they could shift their efforts of illegally tipping off DEA agents into security audits of software vital to our infrastructure, since that would actually protect the security of the nation.

      --
      This is my signature. There are many like it, but this one is mine.
  5. @AC (#48138981) - Re:Not unexpected.... by nukenerd · · Score: 3, Interesting

    Bill [Gates] also said 640k should be enough memory for anyone (I have the audio recording!)

    Really? Please could you give a link to that. People have argued over and over whether he really said that. He denies it himself, so it would be very interesting if a recording exists and can be made public.

  6. No mention of Kaspersky link to FSB by Anonymous Coward · · Score: 3, Insightful

    Article fails to mention that Kaspersky anti-virus maker themselves has been linked to Russian state security services and computers using Kaspersky may contain back doors accessible to FSB.

  7. Re:Anyone using Windows deserves it by Cabriel · · Score: 3, Interesting

    If one uses Windows he deserves what he gets!

    Ok. I'll bite.

    - Hours, days, weeks of waisted time in Installations configurations and updates.

    My system installs configuration updates at night or in the background and only reboots when I'm not using it, so no wasted time.

    - Bad style, and ugliness

    Subjective. I quite like the style and presentation of Windows all the way through Windowss 8.1 although Metro apps are a slight nuisance, but I've never used any open source tool that has better style than its Windows-equivalent, including Apache/Libre/Open Office, The GIMP, Firefox, nor anything made by Google (and if you try to claim Google Docs is somehow better than MSOffice, I guess everyone will now how full of shit you are).

    - Slowness and retarded technology

    Well, slowness is measurable, but as with your first false claim, it doesn't impact me in meaningful ways. "retarded" technology, however, is subjective and also not something someone should try to hold against MS given how many terrible, terrible OS tools exist.

    - Limited devices and architecture support

    Really? Really? OK. I'm done here.