Your browser is obsolete!

The page may not load correctly.

Anti-virus fallacies

Антивирусная неправда

Other issues in this category (39)
  • add to favourites
    Add to Bookmarks

Let me introduce myself — I am a Russian hacker

Read: 17565 Comments: 2 Rating: 10

Wednesday, June 13, 2018

It is believed that hacking is a "profession" for young people. But statistics refute this statement. For example, one hacker group had a member who was 63 years old when he committed a crime!

Dmitry Chepchugov, the head of the Administration for Combating Crime in the High Technology Sphere ("R" Administration) of the Moscow Central Directorate for Internal Affairs, related that the pensioner had been unhappy with the amount of his pension payments.

This event is worthy of being recorded in the Guinness Book of World Records! Russian programmers have always been highly qualified, but, unfortunately, not all of them earn money legally. However, they are rarely caught red-handed—many more Russian programmers have been arrested in the USA. And, disconcertingly, this theme of "Russian hackers" is escalating in politics.

The British and United States governments released a joint Technical Alert about the malicious cyber-activity being carried out by Russians. They encouraged all enterprises (public, private, critical infrastructure providers, ISPs, etc.) to review the security of their networks and to report any signs of malicious cyber activity being conducted at the request of (who do you think?) the Russian government.

But how can "all enterprises" know that the malicious activity going on is being spread by "Russian hackers"? Are hackers really so polite in Great Britain that they introduce themselves before each hacking attempt they make?

In this first joint-security statement, British and American representatives officially declared that they are "highly assured" that "Russian hackers, supported by the state, are responsible for compromising network infrastructure devices such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS)".

Confidence is a good thing, but where is the evidence?

We’ve written more than once about how it's extremely difficult to determine a hacker's country. All the more so since the cybercriminals themselves try to cover their tracks (indeed, if such words as "balalaika" or "vodka" are mentioned, does this really mean that Russians are involved?).

Cybercriminals disguise themselves as Russian hackers, imitating the Russian language in commands. This was reported in research conducted by BAE Systems specialists Sergei Shevchenko and Adrian Nish.

The security specialists analysed malware that cybercriminals had used to attack banks in Poland. It contained a large number of Russian phrases, supposedly indicating the nationality of the hackers.

In fact, most of words were written by someone who was obviously not a native speaker. The research states that the fraudsters used a Google service to translate those words into Russian.

We can read inverse statements in news posts: "the good command of English is evidence that the hackers were from Western countries...". And advanced specialists can automatically insert into their code signs that will identify their nationality or country.

The release says that the UMBRAGE group, a subdivision of the center’s Remote Development Branch (RDB), has been collecting and maintaining a “substantial library of attack techniques ‘stolen’ from malware produced in other states, including the Russian Federation”.

As WikiLeaks notes, the UMBRAGE group and its related projects allow the CIA to attribute identified cyberattacks to others by “leaving behind ‘fingerprints’ of the very hacker groups from whom these attack techniques were stolen”.

Or hackers can work on behalf of citizens of another country:

According to the US Cyber Consequences Unit report, cyberattacks against Georgia were conducted in close connection with Russian criminal gangs—no connection was found with the state government.

To attack Georgian websites during the war last year in August, Russian hackers used identifying data of Americans, modified Microsoft software for system administrators, and the Twitter and Facebook social media sites.


The Anti-virus Times recommends

It very easy to ratchet up mutual hatred with the help of "obvious" evidence. But then how do you clear up the misunderstandings between peoples?


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.