back to article 'A-Team'-style tactics: Legit tool welded to kitchen sink to make off-the-shelf snoop kit

A newly discovered hacking crew is creating all sorts of mischief, despite largely relying on off-the-shelf tools rather than custom malware. The Netrepser crew are targeting government agencies and organisations using a malware toolkit built around a legitimate, yet controversial recovery toolkit provided by Nirsoft. Cyber …

  1. Pascal Monett Silver badge

    Had to happen someday, right ?

    Professionals need network investigation tools, and proper investigation tools are just like surgeon's scalpels : they can cut off the cancer cells just as easily as they can cut through an artery.

    It has long been said that if your encryption scheme is correct, it doesn't matter if everyone knows how it works because that knowledge gives you no leverage in discovering what was encrypted without having the keys that were used.

    It would be nice if network security could get up to that level, but I don't think it can ever manage that and remain usable, easily manageable and remain fast.

    1. Anonymous Coward
      Anonymous Coward

      Re: Had to happen someday, right ?

      It has long been said that if your encryption scheme is correct, it doesn't matter if everyone knows how it works because that knowledge gives you no leverage in discovering what was encrypted without having the keys that were used.

      Yes, it's called Kerckhoffs' principle (Wikipedia insists on adding a further "s" to this - it appears I learned grammar for a different version of English), although I also like Claude Shannon's related maxim "the enemy knows the system".

      As a slight aside, I think it was necessary for Kerkhoffs to write in French despite being Dutch. For many, an article in Dutch would already look like it was encrypted :)

      1. W.S.Gosset Silver badge

        Red pen

        > Kerckhoffs' principle (Wikipedia insists on adding a further "s" to this - it appears I learned grammar for a different version of English)

        No, Wikipedia is (for once) correct. The "no apostrophe after an s" is a latter-day superiority-seeking attempt to create a new rule, similar to Fowler's "which=parenthetic, that=restrictive" or the Victorians' "don't split 'to' and its verb [can't bring myself to call that the infinitive]" bathoses. "Charles's", for example, is correct traditional English. Traditionally, the trailing genitive "s" (short for "es", same as German, even pronounced the same way) is only dropped where there would be 3 "ss/sz" sounds separated by the same vowel-sound: the final syllable would be exactly repeated. So, again, "Jesus's" is correct traditional English, likewise "process's", but "processes's" is not.

  2. Peter X
    Joke

    Forensic evidence

    ...particularly the fact that it is assembled out of publicly available tools leave no forensic evidence...

    It's a French car in the picture though - and there can't be many episodes where the team modify a Renault. Maybe they should start with that evidence?

    Or have I misunderstood the entire article?*

    *It's a Friday - I'm allowed to start early! :D

    1. Anonymous Coward
      Anonymous Coward

      Re: Forensic evidence

      Season 1 episode 10 according to IMCDB

      http://www.imcdb.org/vehicle_14333-Renault-LeCar-5-1981.html

      HTH

  3. Anonymous Coward
    Anonymous Coward

    Hmm

    Does the Netrepser crew have a big dude with a mohawk harcut on the team that refuses to use WiFi?

    1. Spoonguard
      Black Helicopters

      Re: Hmm

      refuses to use WiFi?

      but every week they find increasingly elaborate schemes to put Mr. BASE-T on a ethernet-wireless bridge

  4. John Smith 19 Gold badge
    Unhappy

    It's been known for years.

    Most flexible tools have a variety of uses. and most don't come labelled "especially handy for use by criminals."

  5. P. Lee
    Holmes

    Commercial products have been hacked together bits of code for years.

    Ah pity da fool who thinks otherwahse

    Icon: Close, but no cigar

  6. zxcvbnm

    I don't know much about this or nirsoft but they are an absolute godsend to relatives who don't know they even have passwords.

    God bless them

  7. Anonymous Coward
    Anonymous Coward

    Nirsoft?

    A lot of their stuff is detected as PUAs under Sophos at least...its not the stealthiest approach for malware. These lags must work fast because I usually show up at your desk if I spot a PUA rather quickly.

    These face to face grillings work well for deterring people from installing things willy nilly.

    Unfortunately I can't just remove local admin privileges because I support a bunch of numpty test and QA engineers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021