Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Babar' Malware Attributed To France

Posted by Soulskill on from the white-flag dept.

sarahnaomi writes: The NSA, GCHQ, and their allies in the Five Eyes are not the only government agencies using malware for surveillance. French intelligence is almost certainly hacking its targets too — and now security researchers believe they have proof. On Wednesday, the researchers will reveal new details about a powerful piece of malware known as "Babar," which is capable of eavesdropping on online conversations held via Skype, MSN and Yahoo messenger, as well as logging keystrokes and monitoring which websites an infected user has visited. The researchers are publishing two separate but complementary reports that analyze samples of the malware, and all but confirm that France's spying agency the General Directorate for External Security (DGSE) was responsible for its creation.

65 comments

  1. A nice piece of... by Arkh89 · · Score: 5, Funny

    The first ever malware to work only 35 hours a week...

    1. Re:A nice piece of... by NotDrWho · · Score: 5, Funny

      Is anyone going to talk about the elephant in the room?

      --
      SJW's don't eliminate discrimination. They just expropriate it for themselves.
    2. Re:A nice piece of... by Anonymous Coward · · Score: 1

      I forget, which elephant is that?

    3. Re:A nice piece of... by Anonymous Coward · · Score: 2, Informative

      Why do people seem to view short work weeks as a bad thing ?
      I understand that dedicating a long time to work is sometimes necessary, but being proud of it ? That's stupid. It's like admitting one's own inefficiency.

      BTW, France doesn't have the shortest work week. In fact, 35 hours is typical for an European country.

    4. Re:A nice piece of... by Anonymous Coward · · Score: -1

      It's nice of you to bring your mother with you but we're kind of busy talking about nothing here.

    5. Re:A nice piece of... by ShanghaiBill · · Score: -1, Offtopic

      Why do people seem to view short work weeks as a bad thing?

      There is nothing inherently wrong with a 35 hour work week. But the "theory" behind the French policy, that it would create jobs for the unemployed by spreading around the lump of labor, is nonsense. Real economies don't work that way. In France, unemployment went UP after the shorter work week was enacted. France is deep in debt, has relatively low productivity, and high unemployment. The last thing they need, as a nation, is more leisure time.

      If an individual wants to work fewer hours, they certainly should have the flexibility to negotiate with their employer to arrange that. But making it a mandatory national policy was not a good idea, and even many in the "socialist" administration, including the president, have criticized it.

    6. Re:A nice piece of... by Anonymous Coward · · Score: 0

      http://en.wikipedia.org/wiki/B...

    7. Re:A nice piece of... by king+neckbeard · · Score: 3, Insightful

      Hard work is basically a religion to large swaths of the US.

      --
      This is my signature. There are many like it, but this one is mine.
    8. Re:A nice piece of... by Anonymous Coward · · Score: 2, Informative

      It did create jobs, multiple studies show it. So yes, real economy works that way.

    9. Re:A nice piece of... by sconeu · · Score: 4, Funny

      The malware also doesn't work at all during August, and will randomly go on strike.

      It also immediately surrenders to the first AV program to find it.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    10. Re:A nice piece of... by Impy+the+Impiuos+Imp · · Score: 2

      Somehow malware named Babar doesn't geel so threatening.

      NSA: Note to self - call our next drop Curious George

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    11. Re:A nice piece of... by greatpatton · · Score: 4, Informative

      Low productivity? Per hour French productivity is 25$, US one is 24.6$. It's clear that French productivity is bad.... US debt is 102% of GDP compare to France 93% (reference FT: http://www.ft.com/cms/s/0/28c0...).

    12. Re: A nice piece of... by Anonymous Coward · · Score: 0

      Nah they should totally call it 2 Stupid Dogs. It's less of a lie than calling the NSA "curious."

    13. Re:A nice piece of... by rtb61 · · Score: 1

      Would that elephant be that while those agencies were all so busy working on those hacks, they were doing nothing at all to protect us from them. In fact it would have gone against their own personal, individual benefit and future career prospects to protect us from those security failings ie they were actively working against the interests of the own state and citizens in order to attack other states and their citizens. The stupidity continues as does the failure of various justice departments to prosecute because yes, when those tools turn around and attack their own citizens they have committed a computer crime and should be prosecuted.

      --
      Chaos - everything, everywhere, everywhen
    14. Re:A nice piece of... by quenda · · Score: 2

      You mean sophisticated malware in the hands of a known terrorist organisation?

      Two of the DGSE killers were caught and imprisoned in New Zealand, but the French government threatened crippling EU trade sanctions if they were not released.

    15. Re:A nice piece of... by SuricouRaven · · Score: 1

      Presumably they named it thus because it never forgets.

    16. Re:A nice piece of... by Anonymous Coward · · Score: 0

      abruti !

  2. "all but confirm" English lesson by Anonymous Coward · · Score: 0

    reports that analyze samples of the malware, and all but confirm that [the DGSE] was responsible for its creation.

    Those two reports do everything except confirm that the DGSE was responsible? Can somebody explain this English expression to a non-native speaker?

    1. Re:"all but confirm" English lesson by king+neckbeard · · Score: 1

      Basically, we have very strong reasons to believe this is the case, but we don't have enough evidence yet to say conclusively that they are responsible. The researchers are likely saying that they clearly did it, but backing off just a bit to not be at risk of getting sued.

      --
      This is my signature. There are many like it, but this one is mine.
    2. Re:"all but confirm" English lesson by everett · · Score: 1

      They present a lot of information that will lead to that conclusion, but do not themselves state that the conclusion is fact.

      --
      Sig withheld to protect the innocent.
    3. Re: "all but confirm" English lesson by Anonymous Coward · · Score: 0

      This means they make the strongest case possible that it was the work of the DGSE, but fall short of actually proving it. Strange turn of phrase, but makes *some* sense.

    4. Re:"all but confirm" English lesson by handy_vandal · · Score: 1

      "All but confirm" means "everything up to, but not actually, confirming".

      So the "all but" includes "strongly suggests", "gives reason to believe", and similar suggestive (but non-confirming) phrases.

      In other words: "We can't confirm (prove) the assertion, but we strongly believe in the assertion."

      "Everything short of" is a similar phrase.

      --
      -kgj
    5. Re:"all but confirm" English lesson by Anonymous Coward · · Score: 0

      It's weasel words. It could mean they think, but lack real evidence, that DGSE did it, or it could be a wording so that, if dragged into court, they can claim they never implicated DGSE in anything. Much like the whole Equation Group thing.

    6. Re:"all but confirm" English lesson by Anonymous Coward · · Score: 0

      Riiight. Because that's what spy agencies do when you do something they don't like... they sue. :)

    7. Re:"all but confirm" English lesson by Anonymous Coward · · Score: 0

      They present a lot of information that will lead to that conclusion, but do not themselves state that the conclusion is fact.

      That's how science proceeds. Inductive reasoning.
      When it comes to the military industrial complex the French are much more secretive and duplicitous than the Americans. You think the military industrial complex is bad in the US of A ? You've seen nothing baby. The relation between the French state and the arms/defense industry in France is many many times worse. And there is no fucking oversight.

    8. Re:"all but confirm" English lesson by ColdWetDog · · Score: 1

      And there is no fucking oversight.

      Aue contraire - the Israelis would disagree with you on this particular matter.

      --
      Faster! Faster! Faster would be better!
    9. Re:"all but confirm" English lesson by nobuddy · · Score: 1

      In a sealed room with only one way in or out, you have a corpse, you have a person standing over the corpse covered in blood and holding the murder weapon. A camera outside shows that both entered the room together and no one else has been in to or out of the room.
      However, you did not see them drive the knife in to the person causing death. You have all but confirmed this is the killer.

  3. Ruined! by Anonymous Coward · · Score: 0

    They've ruined the good name of a respectable elephant, in this very room!

    1. Re:Ruined! by Anonymous Coward · · Score: 0

      Actually, I was thinking about Babar, the Moghul emperor Granted, it's sometimes spelt differently. But if that was the reference, then it was perfectly appropriate

  4. Could have been worse by OzPeter · · Score: 4, Funny

    It could have been the Asterix malware. That shit doesn't just spy on you, it beats the crap out of of you - and then has a nice feast to celebrate!

    --
    I am Slashdot. Are you Slashdot as well?
  5. But of course... by Anonymous Coward · · Score: -1

    'Babar' is the French way of saying "I Surrender."

  6. Isn't slashdot's reaction interesting... by StevenMaurer · · Score: -1, Flamebait

    Post something about the NSA spying, and the article attracts screaming spittle-flecked screeds declaring it THE WORST EVER!! NAZI NAZI NAZI NAZI!!!1!!!1!.

    Something about France's SIGINT services doing the exact same thing? A bunch of "surrender" jokes.

    This proves that all the whining about the NSA has little to do with actual worries (as if anyone in the government actually cares about their porn viewing habits), and more to do with overwrought anti-Americanism.

    1. Re:Isn't slashdot's reaction interesting... by Anonymous Coward · · Score: 3, Insightful

      There must be a commercial break on Fox News. You better get back, you might miss something.

    2. Re:Isn't slashdot's reaction interesting... by Anonymous Coward · · Score: 0

      You don't know how many people are afraid to even comment on this article, because you never hear from them.

      Quite sure visiting slashdot already puts you on the watchlist. You know a lot about computers, that means you probably understand encryption and are potentially a terrorist.

    3. Re:Isn't slashdot's reaction interesting... by king+neckbeard · · Score: 1

      I think it's more to do with the inevitability of the French=Surrender Monkeys meme. Personally, I think this makes it all the more evidence that this is a government practice that we need to eliminate. Those behind this malware are criminals and we should see them as such.

      --
      This is my signature. There are many like it, but this one is mine.
    4. Re:Isn't slashdot's reaction interesting... by Anonymous Coward · · Score: 0

      I think the main thing this proves is that most people on slashdot are from the US, so they obviously are more fearful of their government spying on them than they are of other governments.

    5. Re:Isn't slashdot's reaction interesting... by mrchaotica · · Score: 4, Insightful

      As an American, I have the right, duty and obligation to complain about the NSA's illegal bullshit because they're (ostensibly) claiming to represent me as a citizen, while acting against my interests as a citizen. France, on the other hand, is a sovereign foreign nation, in which I have no standing to complain.

      The spying is bad no matter who's doing it, but it's the French citizens' job to fix France's spying, not mine, just as it's American citizens' job to fix the USA's spying, not theirs.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    6. Re: Isn't slashdot's reaction interesting... by Anonymous Coward · · Score: 0

      Weird, I thought visiting Slashdot meant you either:
      A) Want to catch up on last months news
      B) Want to troll comments.

    7. Re:Isn't slashdot's reaction interesting... by SuricouRaven · · Score: 1

      They surrendered in WW2 and still can't live it down, but aside from that the meme isn't accurate. Their special forces are usually considered some of the best in the world, and the french resistance certainly managed to make the Nazi occupiers lives difficult.

      The English still remember kicking French arse at Agincourt, of course. Even if it was six hundred years ago. We didn't just win - we won by such a margin as to give them humiliation that will last a thousand years.

    8. Re:Isn't slashdot's reaction interesting... by fgouget · · Score: 1

      This proves that all the whining about the NSA has little to do with actual worries (as if anyone in the government actually cares about their porn viewing habits), and more to do with overwrought anti-Americanism.

      Quite the opposite. It proves that the anti-French sentiment is so strong in the US and UK that it drowns any rational discussion.

  7. Lord forbid.... by nrasch · · Score: 1

    Lord forbid a security researcher share list of user name and passwords, or a journalist post a link to a database dump, or a college student download a large number of academic journal articles through MIT's computer network.... These evil computer hackers need to be put away forever to protect the children, moral people everywhere, and our pristine government that can do no wrong. The death penalty probably won't be too good for them!

    However, should the government want to hack us, destroy our privacy, intercept and tamper with postal packages, harm the computing environment in general by embedding back doors and exploits into software/hardware, etc. by all means this is perfectly OK. Hell, we should be grateful they are doing this for us poor pleebs since we can't think for ourselves. I mean this is the government; they know what's best for us.

    So kill the "hackers" for doing something that doesn't even remotely approach the level of invasiveness described by this article and others, but let the government do anything they like in the name of "security" and "safety." Or hell, maybe even because they just feel like it. Who are we to question our betters?

    This crap makes me sick.

    1. Re:Lord forbid.... by chipschap · · Score: 1

      These evil computer hackers need to be put away forever to protect the children

      I believe they are also responsible for global warming.

  8. DERP weasel words DERP! I are in 1st graide by Anonymous Coward · · Score: 0

    Herp a derp WEASEL WORDS i are so cute

  9. Isn't the name alone proof enough? by SuperKendall · · Score: 2

    I mean, who else is going to craft malware named after french speaking elephant.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Isn't the name alone proof enough? by Anonymous Coward · · Score: 0

      I'm waiting to upgrade to the next release, Haddock.

    2. Re:Isn't the name alone proof enough? by XxtraLarGe · · Score: 2

      I mean, who else is going to craft malware named after french speaking elephant.

      Ivory Coast (Côte d'Ivoire) seems to have more tie-ins...

      --
      Taking guns away from the 99% gives the 1% 100% of the power.
    3. Re:Isn't the name alone proof enough? by havana9 · · Score: 1

      I mean, who else is going to craft malware named after french speaking elephant.

      Next malware, derived from a japanese one wil be called Albator.

  10. International protest month by future+assassin · · Score: 1

    Everyone get online and start talking about terrorism to flood the snoopers.

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
    1. Re:International protest month by MobSwatter · · Score: 1

      Protest?

      Great idea, then the NSA can justify a bigger black budget in a country that has been floating on credit since it went bankrupt in 1971 as a direct result of what the mob did in the late 50's/early 60's beyond turning national security into a fucking joke. It is completely understandable as to why they did what they did to Snowden, and not in a good way. The more people they push towards the edge, the more that will start playing it like they have nothing left to lose. Think Bosnia.

  11. Meaningful Oversight by Etherwalk · · Score: 3, Interesting

    This proves that all the whining about the NSA has little to do with actual worries (as if anyone in the government actually cares about their porn viewing habits), and more to do with overwrought anti-Americanism.

    No, it doesn't.

    We are more concerned about the NSA doing it because it has a bigger budget and because, for a lot of slashdotters, it's our government that's doing it. It's still a subject for humor, but nevertheless a real social policy concern. I've met a lot of great guys who work in law enforcement whom I would generally trust not to abuse the powers created by massive surveillance, but the problem arises when too much trust is given and there isn't enough oversight of how it is used. As it is, the public is not given any believable claim to even the existence of meaningful oversight.

    That means bad actors within the system can use it to spy on people they know, on their own ex-wives, for example. And while they might get severely disciplined if they're caught, the public hasn't been told how likely it is that they're caught.

    It also means the system can be used to blackmail VIPs, power-brokers, reporters, and legislators. While most of the people involved would not use it for that, it only takes one or two people to be willing to do that and a lack of *perfect* oversight and reporting for a system like this to utterly threaten and destroy any notion of representative government.

    Imagine you have a database of every Congressman's phone calls, or even every third or fourth phone call that happens to be to someone within a three-hop warrant of a terrorist.

  12. Out on Limb by Anonymous Coward · · Score: 0

    This may be reaching but could it be possible that majority of actual hacking, (not some bullshit script to get other users data by varying query strings or guessing the naming pattern of files stored under a directory that aren't enumerated etc....) is done by government sponsored agents? Could the majority or close to it of malware out there be ultimately funded by governments? The rate of stories like the OP keep up and I am going to have trouble believing this isn't only possible but probably.

  13. In other news... by Anonymous Coward · · Score: 3, Funny

    The 'Bieber' malware has been attributed to Canada, which is capable of infecting all news websites with inane celebrity gossip.

  14. Category Mistake by Anonymous Coward · · Score: 0

    They say every country is doing surveillance and this post adds wood to the fire. But don't fall in the category mistake to equate NSA and GCHQ to the other countries. They have unlimited and growing budget, receive help from cloud companies, have build development teams that have created surveillance software that ran for 15 years under the radar. NSA, GCHQ surveillance is the most sophisticated, widespread and all encompassing, there are even 2 countries where ALL communications are being vacuumed by their systems, they also sell their services to oppressive regimes. Everyone else is a amateur compared to these two

  15. total hax, man by Anonymous Coward · · Score: 0

    haxxed by dem frenchies, no less. a-fucking-ma-fucking-zing.

  16. Beyond flimsy by aepervius · · Score: 2

    The "evidence" are : 1) babar & titi the names (babar from a children book published in 1931... and has pretty much international readership and has shows in canada) Or pretty damn simply a fan of soccer.

    2) MSIE misspelled as MSI which anybody could have done

    That is quiiiite flimsy. I hope they have more.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
    1. Re:Beyond flimsy by Anonymous Coward · · Score: 0

      Did you miss the leaked CSEC Powerpoint describing a malware called Babar suspected to be French? http://www.spiegel.de/media/media-35683.pdf

    2. Re:Beyond flimsy by Anonymous Coward · · Score: 0

      That link doesn't work.

  17. Guess they aren't after hackers by Ravaldy · · Score: 1

    I figure they are going after most users which will exclude hackers since they all use Linux or some form of to do their work.

  18. This malware invades Windows desktop machines by lippydude · · Score: 1

    This malware invades Windows desktop machines and aims at exfiltrating almost anything of value: it steals data from instant messengers, softphones, browsers and office applications .. A target machine is infected possibly through a drive-by or malicious e-mail attachments. Babar is deployed through a malware dropper, which installs the malware ...

  19. Microsoft Malware by Anonymous Coward · · Score: 0

    Is it still Malware if Microsoft does it?

  20. MSN Messenger by DJRikki · · Score: 1

    As long as my ICQ chats aren't vulnerable Im happy

  21. Titi username by fgouget · · Score: 1

    The report says "Titi is a French diminutive for Thiery, or a colloquial term for a small person".

    Well first it's Thierry with two 'r's, but I've never seen titi being used as a diminutive for it, though that's because nobody would stand to it being used in public. Then there's the titi parisien but I've never seen titi referring to a small person.

    But all this misses the point. Just like an uninspired English-speaking programmer will call his variable 'foo' and then 'bar' if he needs a second one, a French programmer will call his variable 'toto' (from the classic Toto jokes) and then 'titi' if he needs a second one (and then 'tata' but normally by the time he reaches tutu he realizes he really needs to straighten up ;-) ).

    So what this really tells us is that this developer has a collegue whose username is 'toto'.

    1. Re:Titi username by Anonymous Coward · · Score: 0

      Don't forget Titi is also the french name of Tweety (from Tweety and Sylvester) ; going with the children cartoon's meme, it gives somewhat credence to a french origin, because only a french person would link both characters that way. To foreigners, there's not the same topical connection between those names.

  22. That's two b's.. by Anonymous Coward · · Score: 0

    Yea but not right next to each other, I thought that's what you meant.

  23. Only real reason it attacks Windows is by Anonymous Coward · · Score: 0

    See subject: Windows is by far MOST USED on the planet - that's the only real one. Proving that Windows is the MOST WORTHY to attack - more possible victims on worldwide use patterns alone.

    * Every platform out there has ways in, & I figure that once they're shown, they're fixed @ most in 30 days time usually. One less security issue to worry about, every month.

    (One day? It's not going to be any for MS I wager: Give it 5-9++ years for Windows 7 & above)

    APK

    P.S.=> So - what happens after that? The lesser used platforms get attacked more since MS stuff will be patched fully vs. all possibles & MacOS + Linux (they're already getting a 'portent of things to come' that way on ANDROID for a decade++ now) will have to go thru a baptism of fire that MS already weathered...

    Will they? Time only can tell, but we'll see...

    ... apk