Kaspersky Hack Reveals Conflict Between Spy Agencies, Security Firms

By Robert Lemos  |  Posted 2015-06-25 Print this article Print
Spy Battle

Certainly the defense-oriented companies understand attackers' strategies and techniques, but they are not immune to compromise, F-Secure's Tikkanen said.

"With targeted attacks, there’s always someone with a big enough budget and enough resources to make them a very scary adversary for anyone, including us," he said.

Kaspersky's rivals have different views about the sophistication of the latest attack. To F-Secure, the attack was "advanced, but nothing groundbreaking," while Symantec called the attack "fairly unprecedented."

When dealing with nation-state attacks, which can be so sophisticated that they escape initial detection, companies need to focus on spotting the telltale signs of compromise. A variety of anomalies should appear within networks under attack, which should tip off a victim that an attacker is in their network, Rob Sadowski, director of technology solutions for RSA, told eWEEK.

"Organizations are being attacked every day, and they are being compromised every day," he said. "The absolutely most important capability that companies need today is the capability to detect and respond to these attacks, so that the attacker does not get out with the information."

The trend of governments attacking private companies will continue, he said. Moreover, it is not just about security firms, but any company that has sensitive technology information that can be used in an attack.

"If you have something of value, especially to some of these more advanced actors who use cyber-attacks to accomplish their objectives, you need to recognize that," Sadowski said.

Case in point, the component of Duqu 2.0 that kept it from being deleted had a valid digital signature stolen from another company, Hon Hai Precision Industry Co. Ltd., also known as Foxconn Technology Group.

The company manufacturers mobile devices and electronic components for Acer, Apple, Dell, Google, HP, Huawei, Microsoft, Sony and other major companies. By stealing a valid digital certificate from a well-known company, the attackers greatly increased the chances they will be able to plant spy programs onto their targets' systems without notice.

"Stealing digital certificates and signing malware on behalf of legitimate businesses seems to be a regular trick for the Duqu attackers," Kaspersky Lab's researchers wrote in their analysis of the persistence module. "We have no confirmation that any of these vendors have been compromised, but our indicators definitely show that the Duqu attackers have a major interest in hardware manufacturers such as Foxconn, Realtek and Jmicron."

Kaspersky Lab also stressed that the battle between government intelligence groups and security firms is not just about business. Governments will continue to seek out ways to bypass security technology to monitor citizens individually and on a mass scale.

"We would like to stress the need for security companies to work together as a community and fight for user privacy, the right to privacy on the Internet, thwart mass surveillance and make the world a safer place," the company stated.




Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel