Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Flaw Allowed Hackers To Spy On NATO, Ukraine, Others

Posted by Soulskill on from the hand-in-the-cookie-jar dept.

An anonymous reader writes: Reuters reports that a cybersecurity firm has found evidence that a bug in Microsoft's Windows operating system has allowed hackers located in Russia to spy on computers used by NATO, Ukraine, the European Union, and others for the past five years. Before disclosing the flaw, the firm alerted Microsoft, who plans to roll out a fix on Tuesday. "While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime. For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight."

9 of 97 comments (clear)

  1. Hilarious by Anonymous Coward · · Score: 5, Funny

    Russians using American software to spy on NATO. The irony is mind blowing.

    1. Re:Hilarious by nukenerd · · Score: 4, Interesting

      ... unsolicited email is bad, NATO and other sensitive document handling people, ok?

      If NATO or any other agency working on defence or international relations issues receives an unsolicited email purporting to list pro-Russian extremist activities, then they certainly should open it. That is part of their job - to remain in touch with these affairs. Chances are it is a hoax or scam, but they should still check. Otherwise it would be like the fire brigade refusing to pick up the emergency calls phone in case it is a hoax.

      OTOH, they should open such emails in a sandbox suchas a VM, preferably in a non-Windows environment. They are professionals - they should be able to handle this sort of thing.

  2. Read here for a more detailed perspective by Anonymous Coward · · Score: 4, Informative

    Read here for a more detailed perspective
    http://www.isightpartners.com/2014/10/cve-2014-4114/

    1. Re:Read here for a more detailed perspective by fgrieu · · Score: 5, Informative

      In addition to isight's blog
      there's an article in Wired

  3. Sensationalize much? by palemantle · · Score: 4, Interesting

    1 - ISight claims this has been a five year campaign and then add that "hackers began only in August to exploit a vulnerability found in most versions of Windows". So where did the "five year" timeline come from?

    2 - "Russian hackers target NATO, Ukraine and others" the article screams and then we find this wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian:
    "Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here".

    Sounds like a bunch of FUD to me

    1. Re:Sensationalize much? by benjymouse · · Score: 4, Interesting

      1 - ISight claims this has been a five year campaign and then add that "hackers began only in August to exploit a vulnerability found in most versions of Windows". So where did the "five year" timeline come from?

      2 - "Russian hackers target NATO, Ukraine and others" the article screams and then we find this wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian:

      Sounds like a bunch of FUD to me

      While I suspect that ISight (like all "security research" companies) deliberately stirs the pot (it helps generate awareness of their products), they do not actually claim that the specific vulnerability has been used for 5 years.

      One could imagine that the "Sandworm" operation has been ongoing for 5 years. If they continually and persistently try to infiltrate NATO and other organizations they will probably use whatever opportunity presents itself. They actually also try to exploit vulnerabilities that have long been patched, hoping to hit an unpatched machine.

      So while they do try to sensationalize, it is conceivable that the hacker group is older than just the most recently used vulnerability.

      --
      Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  4. I wonder how long the NSA by wiredog · · Score: 4, Insightful

    has had this one on the shelf, without disclosing it?

    --

    Best Slashdot Co
    1. Re:I wonder how long the NSA by TheRaven64 · · Score: 4, Insightful
      That's the real question. And again, the NSA needs to answer the following question:

      Were they sufficiently technically incompetent that they didn't discover an attack that the Russians have been using, or were they sufficiently inept in a more general intelligence sense that they didn't realise that leaving US and allied machines vulnerable might be a problem?

      --
      I am TheRaven on Soylent News
    2. Re:I wonder how long the NSA by king+neckbeard · · Score: 4, Insightful

      Since the security of Microsoft systems became a significant factor in national security. Perhaps they could shift their efforts of illegally tipping off DEA agents into security audits of software vital to our infrastructure, since that would actually protect the security of the nation.

      --
      This is my signature. There are many like it, but this one is mine.