Archive for Russia

BREAKING: REvil Apparently Shut Down By Russian Law Enforcement

Posted in Commentary with tags , on January 14, 2022 by itnerd

This comes as a bit of a surprise, and I have to admit that I am still somewhat skeptical at this. But word is hitting the wires that REvil who is best known for their high profile ransomware attacks and even grabbing the schematics of 2021 MacBook Pros has been taken down by Russian law enforcement. The FSB posted this early today announcing the arrests. But for the benefit of those who don’t read Russian, I have this translation for your reading pleasure.

While no doubt welcomed by some, this comes at a very convenient time given the tensions between Russia and the US as well as other NATO countries. My guess is that this is nothing more than a token gesture. Now if the Russians were willing to extradite these individuals to the US to face justice, then maybe I would take it more seriously. Thus I am going to take this announcement with more than a pinch of salt. 

Russian Hacker Group Accused Of Targeting COVID-19 Vaccine Research In Canada, U.S. and U.K

Posted in Commentary with tags , , on July 16, 2020 by itnerd

Given the times that we live in, a vaccine is the top thing the planet must do in terms of getting the planet out of the COVID-19 pandemic. So it doesn’t exactly come as a shock that research into a vaccine is a target for hackers that belong to nation states. Case in point is the news that Russian hackers have targeted COVID-19 research:

A hacker group “almost certainly” backed by Russia has tried to steal COVID-19-related vaccine research in Canada, the U.K. and the U.S., according to intelligence agencies in all three countries.

The Communications Security Establishment (CSE), responsible for Canada’s foreign signals intelligence, said APT29 — also known as Cozy Bear and the Dukes — is behind the malicious activity.

The group was accused of hacking the Democratic National Committee before the 2016 U.S. election.

The group “almost certainly operates as part of Russian intelligence services,” the CSE said in a statement released Thursday morning in co-ordination with its international counterparts — an allegation the Kremlin immediately denied.

No shock that the Kremlin denies this as I am sure that nation sates don’t want to be associated with the activities of the hacker groups that they covertly sponsor as it gives them plausible deniability. This is important because Russia has a history of stealing intellectual property. David Masson, Director of Enterprise Security, Darktrace goes into more details about that:

The Soviet Union, and now its successor Russia, has a long and established history of stealing other countries’ intellectual property in order to satisfy national interests. In this instance, we are being warned about an APT (APT 29) linked to the Russian Intelligence Services using cyber-attacks to obtain information on COVID-19 research from medical organizations around the world. Given the recent warning from the US/UK and Canada combined, we can consider that these three countries have been victims of such attacks.

Russia is also facing the effects of this global pandemic and will be seeking “help” in order to deal with it now and in the future. Trying to gain an advantage in the fight against COVID-19 could well lead to theft of research from around the world in order to avoid otherwise necessary investment in time, money and effort (which may not be available). In the modern era, cyber-attacks have proven to be a very cost-effective way of obtaining information that may well be very difficult to get ahold of by other means. Currently the crown jewels in the COVID-19 fight will be a vaccine, so information and research on this subject are extremely valuable.

Medical research organisations, especially those working in academia often operate in a climate of trust and collaboration and will be seen as easy targets by groups such as APT29 who will exploit this. We can expect further attacks and further warnings as the pandemic wears on.

#Fail: In An Effort To Block Telegram, Russia Takes Down Other Services As Well…. But Not Telegram

Posted in Commentary with tags on April 18, 2018 by itnerd

This isn’t going to look good for Vladimir Putin and his friends. I say that because the Russian government in its quest to block Telegram, accidentally shut down several other services as well. But ironically, they haven’t really stopped access to Telegram:

Russian authorities are freezing up vast swathes of the country’s online world in what critics call a heavy-handed — and so far unsuccessful — attempt to block a popular messaging app, Telegram.

The head of the communications watchdog acknowledged Wednesday that millions of IP addresses unrelated to Telegram have been blocked since a court ordered last week that the app be taken offline.

The move created trouble for millions of companies and consumers, and was described by some as “carpet bombing” the internet to get after one small company. Telegram was still available in Russia despite authorities’ frantic attempts to hit it by blocking other services, but many users are preparing for the worst, setting up proxies to circumvent the ban.

Clearly that was a #Fail. It’s also clear that Telegram is far more resilient than Russia expected. Thus there may be a lot more collateral damage inflicted as the Russians try to take Telegram down. And they’re likely not to give up as by doing so, they’ll be embarrassed. Thus expect this game to continue.

Security Company Who Discovered Russian Hack Trying To Profit From It

Posted in Commentary with tags , , on August 7, 2014 by itnerd

Yesterday I posted a story on the discovery of a cybergang who allegedly stole 1.2 billion passwords from a variety of websites. Today it has come to light that the group who discovered the hack, Hold Security is only going to notify website operators if they were affected if they sign up for its breach notification service, which starts at $120 per year. Here’s what IT World had to say:

Some security researchers on Wednesday said it’s still unclear just how serious the discovery is, and they faulted the company that uncovered the database, Hold Security, for not providing more details about what it discovered.

“The only way we can know if this is a big deal is if we know what the information is and where it came from,” said Chester Wisniewski, a senior security advisor at Sophos. “But I can’t answer that because the people who disclosed this decided they want to make money off of this. There’s no way for others to verify.”

Wisniewski was referring to an offer by Hold Security to notify website operators if they were affected, but only if they sign up for its breach notification service, which starts at US$120 per year. Individual consumers can find out through its identity protection service, which Hold Security says will be free for the first 30 days.

I’m a big believer that if you discover a flaw like this, you have a responsibility to disclose everything that you know as quickly as possible. If the party who is at the center of this doesn’t take the disclosure seriously, then you need to go public. To try and profit off of this is wrong. If there is a threat here, it is incumbent on Hold Security to get it out there as quickly as possible as the implications are huge if they don’t. I am of course assuming that this is real. The fact that no facts have been put on the table casts a shadow on their claim. That’s another reason why Hold Security should say what they know now.


Russian Cybergang Stole 1.2 BILLION Passwords

Posted in Commentary with tags , , on August 6, 2014 by itnerd

You read that title right. A group of researchers are claiming that a Russian cybergang has stolen a staggering 1.2 billion passwords from a variety of websites:

The US firm Hold Security said the gang which it dubbed “CyberVor” collected confidential user names and passwords were stolen from some 420,000 websites, ranging from household names to small Internet sites.

“As long as your data is somewhere on the World Wide Web, you may be affected by this breach,” Hold said in a statement on its website.

“Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family.”

The security firm, which specializes in research on large data breaches, said the cybergang acquired databases of stolen credentials from fellow hackers on the black market, and then installed malware that allowed them to gain access to many websites and social media accounts.

“To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords,” the researchers said.

Now, if this is true, this is truly frightening. A credit card can be easily canceled. But personal credentials like an email address, Social Security number or password can be used for identity theft. Because people tend to use the same passwords for different sites, criminals test stolen credentials on websites where valuable information can be gleaned. Thus this can quickly become very very bad for anyone affected.

My advice? If you’re paranoid, change your passwords now. This article can help you with that. I personally am waiting to see who was affected and what those sites are doing to inform affected users.

Apple Under Pressure In China And Russia Over Security Issues

Posted in Commentary with tags , , , on July 30, 2014 by itnerd

I’m betting that this isn’t going over very well at 1 Infinite Loop at the moment.

Russian officials are calling out Apple over their security issues. A Reuters report says that the Russian Government wants Apple along with SAP to hand over source code so that they can prove that they have no security issues:

The Russian proposal was voiced last week when Communications Minister Nikolai Nikiforov met Apple’s general manager in Russia, Peter Engrob Nielsen, and SAP’s Russian managing director, Vyacheslav Orekhov, the Communications Ministry said in a statement.

It said the proposal was designed to ensure the rights of consumers and corporate users to the privacy of their personal data, as well as for state security interests.

While couched in the language of protecting privacy, any Russian move to force these companies to divulge the inner workings of their software could pose a major threat to their viability if they were to lose control of the source code.

Given the current climate of relations between Russia and the west, this has got to be a ploy. At least one would hope so. And you can bet that there’s zero chance that this would ever happen. Though they did invoke the name of Edward Snowden to further force the issue:

“Edward Snowden’s revelations in 2013 and U.S. intelligence services’ public statements about the strengthening of surveillance of Russia in 2014 have raised a serious question of trust in foreign software and hardware,” Nikiforov said in the statement released late on Tuesday.

That’s not good. Neither is increasing pressure from China. Fang Xingdong who is the founder of Blogchina and web research consultancy Chinalabs as well as being the director of the Center for Internet and Society at Zhejiang University of Media and Communications is saying that Chinese officials should be banned from using the iPhone. Here’s a Google translated document (original version can be found here) that spells out his concerns:

Internet Lab founder Fang Xingdong told reporters that for the Apple exposed “reserved port” for a long time, consumers did not know, so there is a certain risk. He stressed that as a technical support side, Apple could get some of the data used for the sale, but this exposes data acquisition significantly exceeded the limits of technical support.

What he’s referring to is the infamous iOS backdoor gong show that blew up last week. I’m pretty sure that this is the last thing that Apple needs in a market it wants to make inroads into.

Clearly, Tim Cook and company have some work to do to put these fires out.

Russia Will Spy On Those Going To The Sochi Olympics

Posted in Commentary with tags , on October 7, 2013 by itnerd

The Guardian is reporting something that I have to admit caught me off guard:

Athletes and spectators attending the Winter Olympics in Sochi in February will face some of the most invasive and systematic spying and surveillance in the history of the Games, documents shared with the Guardian show. Russia’s powerful FSB security service plans to ensure that no communication by competitors or spectators goes unmonitored during the event, according to a dossier compiled by a team of Russian investigative journalists looking into preparations for the 2014 Games. The journalists … found that major amendments have been made to telephone and Wi-Fi networks in the Black Sea resort to ensure extensive and all-permeating monitoring and filtering of all traffic, using Sorm, Russia’s system for intercepting phone and internet communications. Ron Deibert, a professor at the University of Toronto and director of Citizen Lab, which co-operated with the Sochi research, describes the Sorm amendments as “Prism on steroids”, referring to the programme used by the NSA in the US and revealed to the Guardian by the whistleblower Edward Snowden.

Well, there clearly isn’t any Olympic spirit being displayed here.

What bothers me about this is that this sounds very cold war like, and the whole point of Russia going after these Olympic games is to prove that it has moved on and that they different. That clearly isn’t the case. What’s worse is that that IOC is apparently okay with this. They’re likely in too deep to go to any sort of plan “B.” But surely this sort of host behavior from a host country isn’t acceptable to them? Or perhaps the IOC simply doesn’t care because they got paid? Either way, it’s little wonder why the Americans are telling their citizens to leave their laptops and smartphones at home if they go to Sochi.

Perhaps at this point people should just stay home? This combined with the Russian’s attitude towards the LGBT community really make this Olympics a “must skip” event for me. Perhaps for many others as well.

Russia Bans iPad For Govenment Use….. Playbook Is A-OK Though

Posted in Commentary with tags , , , on July 31, 2011 by itnerd

Here’s an interesting reversal of fortune. The Apple iPad is apparently verboten in Russian government circles due to security concerns. However, the Blackberry Playbook which hasn’t exactly set the world on fire is good to go because of the fact it has FIPS-140-2 certification:

If true, the backing of the Russian government could prove to be another victory for RIM as it seeks to use its reputation of prioritizing security technology to position the BlackBerry PlayBook as the tablet of choice for businesses and governments, the way it originally marketed its BlackBerry smartphones.

Seeing as RIM has had nothing but bad news lately, this is great news for them. Assuming that this is true of course. If it is, you have to expect that El Jobso is not a happy camper at the moment.

Dude! Russia Is So Not Getting Dells!

Posted in Commentary with tags , on January 30, 2009 by itnerd

Picture this: At the World Economic Forum, Russian Prime Minister Vladimir Putin spent some time trashing the west, Dell CEO Michael Dell then asked if there was any way his company could help Russia with its computers.

What a lame sales pitch.

Putin then basically trashed the guy by saying that “We don’t need help. We are not invalids. We don’t have limited mental capacity.”


Here’s the video evidence. The rant starts at 1:24 into the video.