back to article Iran? More like Ivan: Brit and US spies say they can see through Turla hacking group's facade

British and US spies have blamed Russian hacker group Turla for masquerading as Iranian hackers to launch recent attacks mostly on government systems in the Middle East. The joint advisory comes from the UK's National Cyber Security Centre (NCSC), part of GCHQ, and the US's National Security Agency (NSA). It warned that Turla …

  1. amanfromMars 1 Silver badge

    Better the devil you know, eh, rather than the possible partner you ignore to offend?

    "We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them." ....... Paul Chichester, NCSC's Director of Propaganda Operations

    The clear message shared there is that eventually, some probable considerable time after the fact, will a silent scapegoat and powerful enemy be cloaked in capabilities that render it a target for further foreign interests and almighty investment?

    1. Anonymous Coward
      Anonymous Coward

      Re: Better the devil you know, eh, rather than the possible partner you ignore to offend?

      It seems using the word propaganda is offending some people here so I would suggest using a politically correct substitute like communications, public relations and so on. I know it's the same thing but it sounds way much better for us, the righteous.

      1. amanfromMars 1 Silver badge

        Invisible and Impotent Straw Men R Them

        It seems using the word propaganda is offending some people here so I would suggest using a politically correct substitute like communications, public relations and so on. I know it's the same thing but it sounds way much better for us, the righteous. .... Anonymous Coward

        I can certainly believe that, AC, although righteous has one surely veering into the dark and dismal realms of the delusional rather than anything else more satisfying and enlightening.

        I thank you for the comment though which is a courtesy and opportunity which both the ignorant and the arrogant who give a silent down vote, thus to be rightly and righteously ignored and considered decidedly and designedly unhelpful, fail spectacularly to grasp and avail themselves of.

        Whether they be just slow learners or have permanent crippling learning difficulties is always something to consider if interested in providing an excuse or valid reason for such obvious timidity whenever so much is freely offered on El Reg.

    2. phuzz Silver badge
      Alien

      Re: Better the devil you know, eh, rather than the possible partner you ignore to offend?

      Soooooo, is this supposed to let us know that the Russians have hacked amfm?

      1. amanfromMars 1 Silver badge

        Re: Better the devil you know, eh, rather than the possible partner you ignore to offend?

        Soooooo, is this supposed to let us know that the Russians have hacked amfm? ....phuzz

        Hacked or backed, phuzz, for that is a much more interesting question to ponder and enjoy surely?

  2. Anonymous Coward
    Anonymous Coward

    35 countries in the middle east?

    17 seems to be more like it...

    https://www.google.com/search?q=how+many+countries+in+the+middle+east

    1. Danny 2 Silver badge

      MENA

      35 countries in the middle east strongly indicates it was a US press release. From Wikipedia:

      Secretary of State John Foster Dulles defined the Middle East as "the area lying between and including Libya on the west and Pakistan on the east, Syria and Iraq on the North and the Arabian peninsula to the south, plus the Sudan and Ethiopia."

      The journalist Robert Fisk described being stopped by a Lebanese border guard on his first foreign assignment. He introduced himself as his paper's middle east correspondent, and the official asked in all seriousness, "And where is this middle east?"

      Because for them of course they are pretty central.

      1. Anonymous Coward
        Anonymous Coward

        @Danny2 - Re: MENA

        Yeah, basically it's the area that can be bombed by US without the need for complicated logistics.

        1. Danny 2 Silver badge

          Re: @Danny2 - MENA

          Well, it is increasingly risky to bomb certain MENA nations (not Saudi Arabia) now they've bought Russian missile defences.

          I'm not sure why anyone downvoted you without explaining why, your comment wasn't partial or political.

          Neither was I trying to be when I pointed out that was the equivalent of American English.

  3. Anonymous Coward
    Anonymous Coward

    But actually......

    ......it was GCHQ masquerading as Chinese hackers masquerading as Russian bad actors masquerading as the NSA masquerading as Russian hackers masquerading as Iranians.

    *

    Phew!!!

    *

    So every group of government bad actors was involved, directly or indirectly in this shambles in 2017.

    *

    ....and it was really GCHQ at the bottom of it all. And that's why GCHQ are choosing to blame the Russians today....so no one will suspect that GCHQ is the real culprit.

    *

    Oh yes....but the public need to understand that things have moved on since 2017....things ARE MUCH MORE COMPLICATED TODAY!

    1. Blockchain commentard
      Big Brother

      Mwah ha ha

      More complicated than declaring it was me all along? I'd originally hacked GCHQ, then pretended to be Chinese etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: Mwah ha ha

        No need to hack GCHQ. Just go to one of their Microsoft Partner seminars, and while they're boring you about DR and failover, you have unfettered access to their network.

  4. Yet Another Anonymous coward Silver badge

    Better the devil you know

    It does mean a lot of overtime for Mr W. Smith to change all the history again

    Remember we have always been at war with eurasisa - eastasia are our friends and allies

    1. Wellyboot Silver badge

      Re: Better the devil you know

      Citizen, you have been misinformed by the lies of Goldstein, Mr Smith is diligently correcting the misinformation put about by our enemies.

  5. GnuTzu

    Oh, a couple of questions here. Um, did we want them to know we could figure them out, and how we could figure them out? Did they want to increase tensions in the Middle East? Perhaps that question is a bit rhetorical. Just how many political rabbit holes are there here? Which then leads us to ask, how much of this can actually be trusted?

    1. Venerable and Fragrant Wind of Change

      did we want them to know we could figure them out

      A good point, of course. With all kinds of permutations, like we-know-that-they-already-know. Probably internal US politics somewhere there: I wonder if the reprieve for Iran might be associated with the recent boot for Bolton and/or yesterday's announcement that Netanyahu isn't about to form a new government? Not that I'd want to rule out those events being connected, causally or otherwise.

      Which then leads us to ask, how much of this can actually be trusted?

      That at least is easy, as noted by several commentards.

  6. Anonymous Coward
    Anonymous Coward

    And all this information from

    organizations with a solid reputation for honesty and transparency.

  7. Anonymous Coward
    Anonymous Coward

    Attribution is hard. Attribution made even harder by.....

    The CIA's Marble Framework:

    https://wikileaks.org/ciav7p1/cms/page_14588467.html

  8. Will Godfrey Silver badge
    Unhappy

    A pox on all their houses.

    Even more relevant today than when the expression was first thought of.

    Please excuse the license taken with the inexact quote

    1. Venerable and Fragrant Wind of Change

      Re: A pox on all their houses.

      Please excuse the license taken with the inexact quote

      That would be your blend of Falstaff with Romeo&Juliet?

  9. Anonymous Coward
    Anonymous Coward

    I wish people would stop speculating on attribution

    Attribution of a hack is one of those things that is impossible to figure out with the current state of the Internet and the political climate. Even when the action isn't malicious, attribution can still be nightmarish. Like just this last week I had some security consultants in to complete an audit / penetration test of our infrastructure. The consultant was an employee of an Indian subsidiary of a Dutch corporation. That consultant had finished their component of the audit and begun working on their next client: a South African subsidiary of a UAE-based mining corporation.

    For all I knew, their actions could have been malicious, with plenty of evidence to implicate pretty much any nation in the attack. They were physically in the US, but are an Indian National, taking orders from a Dutch company. Or it could have been an agent from another nation posing as that company to establish a pen-testing contract and discover weaknesses for a later attack.

    To me, the only evidence I'd believe when it comes attribution would be if a nation state came out and confessed to doing it (And even then, that would be taken with a grain of salt).

    This attack feels like something that Russia would do (They pulled a lot of this kind of thing during the Cold War), but its also something that Israel, the US, and Iran have been known to do. For all we know, the attacks could have carried out by Iranians in Russia attacking their own infrastructure for the purpose of muddying the waters when they carry out another attack.

    What does confuse me is why they'd be using aspx, since there is no legal way for them to be using it in the first place as ASP.net is a Microsoft technology, a company that is forbidden from dealing with Iranian businesses. Choosing ASP.net, merits of the language aside, would severely limit their ability to acquire support and patches. Feels like they might have intentionally used something insecure so as to attract a compromise.

  10. Wellyboot Silver badge

    Or possibly they're just piqued..

    After a long and tortuous trail of hacking their way to the heart of the Iranian interior, Caruthers & Simpsons joy was short-lived when they found a pile of empty vodka bottles and a rude message waiting for them.

  11. Claverhouse Silver badge
    Meh

    The Loathly Others

    Be easiest if there were a permanent billboard stating the enemy du jour, which would automatically translate to attribution of all current bad stuff.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021