Digital Fingerprints on Red October Spyware Point to Russia ... or Do They?

By Clayton, Mark | The Christian Science Monitor, January 15, 2013 | Go to article overview

Digital Fingerprints on Red October Spyware Point to Russia ... or Do They?


Clayton, Mark, The Christian Science Monitor


In one of the largest cyberespionage networks ever uncovered, cyberspies operating through a global web of computer servers have over five years siphoned libraries' worth of diplomatic and proprietary data, sensitive documents, e-mails, and passwords from hundreds of government and industry sites worldwide.

Dubbed Red October, the cyberspy campaign began in 2007, targeting networks inside embassies and research institutes, trade and commerce offices, and energy, aerospace, and defense firms in more than 20 countries. Most targets were in Eastern Europe, but some were in North America and Western European, according to Kaspersky, the Moscow-based cybersecurity firm that unveiled Red October this week.

Besides vacuuming up data and stealing electronic files, the Red October spyware is a utility-knife-style malware that can also infiltrate smartphones, networking equipment, and removable hard drives. After stealing data, it then wipes away any trace it has ever been on those devices.

Even so, tidbits found inside the malicious software code led Kaspersky researchers to reach a startling conclusion: The cyberspies, whoever they are, have a strong connection with their motherland.

"We strongly believe that the attackers have Russian-speaking origins," the company's report concludes. "We've counted several hundreds of infections worldwide all of them in top locations such as government networks and diplomatic institutions. The infections we've identified are distributed mostly in Eastern Europe, but there are also reports coming from North America and Western European countries such as Switzerland or Luxembourg."

First on the list with the most infections is Russia, where the Red October malware has been detected on 35 systems. Next come Kazakhstan, Azerbaijan, and on down to 11th-place United States, with six infections, Kaspersky reported. Some others, including Canada, Britain, and China, had no infections listed.

view_extra

With the malware's digital signatures revealed, updated antivirus software has now made Red October largely ineffective. But at its height the espionage web was extraordinarily complex. Attackers created more than 60 domain names linked to dozens of server computers located mostly in Germany and Russia. That chain of servers served as "proxies" to hide the locations of the mini- mothership servers and, finally, a central "mothership" server.

"The ... infrastructure is actually a chain of servers working as proxies and hiding the location of the true 'mothership' command and control server," the report said.

For complexity, the Red October cyberspy network is on par with recent cyberespionage campaigns involving Flame malware, said Igor Soumenkov, a malware expert with Kaspersky Labs, in an interview with the Monitor's Fred Weir. The Flame spyware was detected in Iran, Sudan, Israel, Syria, Saudi Arabia, Lebanon, and Egypt last year. Flame, however, has been linked by Kaspersky and Symantec to the Stuxnet cyberweapon directed to attack Iran's nuclear centrifuge complex in 2009.

Even so, Red October "can hardly be referred to as state- sponsored. It is unknown whether the collected data was used by attackers themselves, or was sold to other interested parties," Mr. Soumenkov said.

Technical obfuscation crafted by Red October's creators kept Kaspersky researchers from reaching the "mothership" and determining who was behind the malware.

Many other uncertainties remain about Red October, and one question concerns which institutions and embassies were actually targeted. The Kaspersky data show that a foreign embassy in the US was infected. But which one? And do all those infections in Russia imply that Russian government institutions were victimized, or rather foreign institutions operating inside Russia?

Kaspersky officials say their investigation is ongoing and won't release target names, something that may give many clues about the identity of the perpetrator. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

Digital Fingerprints on Red October Spyware Point to Russia ... or Do They?
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.