back to article TeamSpy snooped on governments, big biz undetected for 10 years

Computer security researchers say they have uncovered a decade-long espionage campaign against governments, businesses and human-rights activists in Eastern Europe and beyond. We're told the spying operation was partially pulled off by subverting TeamViewer - a legitimate tool for remotely controlling computers and holding …


This topic is closed for new posts.
  1. NomNomNom

    "such as blocking access from corporate machines to known command-and-control servers operated by hackers"

    haha seriously?

    1. Anonymous Coward


      It is known fact that hackers always reuse IP addresses and hostnames for command and control servers.

  2. 1Rafayal

    I am going to pre-empt Eadon and call this an EPIC WINDOWS SECURITY FAIL.

    Seriously though, is the security flaw here to do with Windows, or the way in which it is administered?

    I know a lot of IT departments go all out when trying to secure critical servers - but I also know from experience that the same level of protection is not afforded to the humble Windows based PC.

    How many people have managed to get local admin rights on their work Windows machine so they can listen to Spotify or install some software to use with their mobile? Quite a few I would imagine - I am semi guilty of the same thing. And how many of these Windows users have access to secure Windows servers using something like RDP?

    I dread to think.

    Then throw in something like TeamViewer, which many will see as having a legitimate place on a work machine.

    I am glad its Friday tomorrow.

    1. Peter2 Silver badge

      The problem is the way that it's administered. I maintain that if you take an incompetent admin then it doesn't matter if the machines are running windows or nix. With users running as admins/root and the boxes not getting patched, both are vulnerable to being compromised.

    2. Anonymous Coward
      Anonymous Coward

      Why do you think trusted computing was invented? people may whine about it, but code signing can stop such software getting modified and executed.

      Don't say open source is invulnerable either, there's been a few near misses with that.

      Yes, it is a ball ache and stops people writing their own software and running it so easily, but this is an issue of trust. Once dickheads ruin things there's no going back. We used to be able to go online without firewalls once for instance.

      1. Chairo

        Why do you think trusted computing was invented?

        - to make sure the people have no control of what is running in their machine?

        - to turn "users" into "consumers"?

        - to ensure the producer keeps the device "ownership"?

        - to leverage the device ownership for squeezing out money?

        - Security? Sure, but not for the whining consumers - trusted computing is all about making sure any content stays firmly in the box and cannot be used, if the content owner sees fit to revoke the license for whatever reasons.

        On the other hand - trusted computing makes it more difficult to know what is going on inside the machine. Should the bad guys find a way to get their stuff running in the protected area, the end user is powerless to do anything against it. And trust me they WILL find a way. Organized crime can break any static security, given enough time.

    3. david 12


      Yes, I agree. In the same way that this:

      ( Researcher sets up illegal 420,000 node botnet for IPv4 internet map) is an EPIC LINUX SECURITY FAIL. And any mention of CISCO at is an epic cisco security fail. (Anything with an installed base that big is epic).

    4. This post has been deleted by its author

      1. 1Rafayal

        Re: TeamViewer

        Thats precisely my point, something like TeamViewer would be seen as a legitimate application to have installed.

        Back on the subject of security holes, I read an article in the 2600 recently that describes how to set up a proxy using putty and SSH, I wont go into the details here.

        The author describes this as a way of getting around companies IT policies and stresses that it shouldnt be used. Thing is though, anyone with half a brain can read this and implement it on their machine at work with very little trouble, or rights.

        The same process would work on Windows or Linux. (that is really going to make Eadon explode)

    5. Anonymous Coward
      Anonymous Coward

      Re: or the way in which it is administered?

      While I concur that too much of what you've described goes on, some of it still comes back to the software vendors and they way they release their software. Microsoft and Adobe are the big offenders here, with a healthy assist from Autodesk.

      Way back when MS released Win2000 we made a serious attempt to secure our network. Systems were only going to be deployed with User rights (not even Power User). And then we ran into the newest release of VB, which required administrative access to run. Not install, run. And since one of the divisions had about half its people using that ....

      Currently if you are using the Adobe Creative Suite you have to both have administrative privileges AND do a Run As Administrator for the software to run.

      And 2 years ago when I was trying to install the then current version of Autocad on Win7 64-bit system on our network I couldn't get it to work. Died every time at around 98% install, then rolled back everything it had done. Which made it a real PITA to try to troubleshoot. And the Autodesk people were never forthcoming with solutions. Eventually I found a forum posting elsewhere that said "move it off the network and install it on the standalone system." That worked, which meant it was running afoul of GPOs that were put in place to secure the network. At the time I had no clue at what the problem is, but the other day someone was having a problem installing a licensed copy of Google Earth (not the free one). The same solution worked and for Google Earth it was clearly a DRM problem (installer wants to write to the registry which is blocked), so I'm thinking its the same thing on the Autocad.

    6. Michael Wojcik Silver badge

      Seriously though, is the security flaw here to do with Windows, or the way in which it is administered?


      The DLL-dropping vector works in large part because Windows has a broken code-loading model. Using the same list of directories (PATH) for command resolution and dependency resolution was a mistake (one that Windows' direct predecessors in this area, OS/2 and SVR4 UNIX, did not make); searching the current directory before the path was a worse one. Microsoft has only recently partially remedied some of these problems with KnownDLLs, SafeLibrarySearchMode, and other tweaks.

      However, DLL-dropping attacks could be made much more difficult by applying better system administration procedures. Restricting administration access is an obvious one; using filesystem privileges in a sensible fashion is another. Intrusion- and malware-detection systems might have helped.

      But this is the point security experts have been making for years. Security is not an absolute; there are only degrees of security, represented by work factors associated with various modes of attack. If you want to improve your security, you have to understand what sort of attackers you're likely to face, what modes they're likely to employ, what vulnerabilities in your systems decrease their work factor, and what countermeasures you can use to increase it.

      So the only answer to a general question like "is the OS or the administrator to blame?" is "yes".

  3. IT Hack

    Me - so we've noticed that we have servers that are effectively unpatched.

    Techies - no...we patch them on a regular basis

    me - so when did you go through your last cycle of patching?

    Techies - about five years ago

    me - Nice!

    1. Crazy Operations Guy

      Lately I've been getting:

      The servers don't need patching, they are running Linux!

      They continue to say that even after I report that postfix on the DB servers is spewing spam all over the place (we are a sendmail shop, so there is no reason for postfix to even be installed, let alone sending out mail to world+dog)

      1. Anonymous Coward
        Anonymous Coward


        It's a mindset I've seen many times, the: I run Linux/UNIX therefore it's secure/unhackable. It's a very dangerous mindset to get into because it ends up with complacency. I've also seen it as a storage/backup guy, although here it's along the lines of: I've got RAID and backups, I don't need to be careful with my system, we can recover it if anything goes wrong. That's usually shortly followed by the realisation that although all the files are backed up, the pre-backup script to prepare the server hasn't been run for a month and the person the alerts were sent to notify stopped working at the company a year ago.

        My take is: Check your systems all the time, don't presume anything.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yup...

          There seems to be a presumption that open source is better and less vulnerable, That is as long as people don't sneak code into things and those downloading check the checksums (which not everyone does).

  4. Destroy All Monsters Silver badge

    I would REALLY like to see the dirt they must have netted showing official wrongdoing and corruption of all sorts. "They" might even have copies of many administrative documents that have been "accidentally" lost.

    Come on, evil anti-Western haxxors. Drop stuff onto pastebin, please.

    1. Anonymous Coward
      Anonymous Coward

      You seem to think that western governments are your enemy, I disagree, but that's ok. I will say though, that you're enemy's enemy isn't necessarily your friend.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021