Now let's think, which country has recently been exposed to have hacking tools that deliberately leave little breadcrumbs to make it appear someone did the hack, has been doing its best to railroad the peace process in Korea and has a knack of performing cyber attacks on foreign soil.
Surprise: Norks not actually behind Olympic Destroyer malware outbreak – Kaspersky
A close analysis of the code that took down part of the 2018 Winter Olympics computer network reveals a cunning plan to seemingly falsely pin the blame on North Korea. On the first day of the games in Pyeongchang, South Korea, the main website crashed, Wi-Fi networks around the events became unusable, and data was wiped from …
COMMENTS
-
-
-
Friday 9th March 2018 08:50 GMT Evil Auditor
Re: I don't think computers work the way you think they do.
Unless you only accuse those you are bias against?
I thought that's the first and general rule of this game, isn't it?
Anyway, for all I know it could have been Elbonians made it look like Russians made it look like Norks made the malware.
-
-
This post has been deleted by its author
-
-
-
This post has been deleted by its author
-
-
-
Thursday 8th March 2018 20:24 GMT Anonymous Coward
Re: Which country was banned from the 2018 Winter Olympics?
It was not the only country to have an axe to grind.
NK made one more country with similar capabilities look like complete and utter idiots during the games.
Superb analysis by the way. As usual - applause to Evgenij and his crew.
-
Thursday 8th March 2018 20:57 GMT Anonymous Coward
Re: Which country was banned from the 2018 Winter Olympics?
Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia
I'm more than happy to point the finger... what ya gonna do Putin? Nerve agents, wait what?
AC because... well... yeah... obvs
-
Friday 9th March 2018 13:25 GMT Anonymous Coward
Re: Which country was banned from the 2018 Winter Olympics?
Nerve Agent
While design of the Nerve agent in question is originally Russian the components can be obtained from your neighbourhood dope dealer and up to a few years ago via mail order from AliBaba. Sure, officially access to the actual composition used to require top secret level clearance in USSR (and Russia). You realize that the person who is in intensive care in Salisbury had that clearance? Do you? Do you also realize that with so many retired people with that clearance working for the residents of Kensington and Chelsea in the beatiful city of Londongrad even the mob's dog knows how to mix it up now?
If you have not guessed what is the nerve agent in question let me help you a bit (I actually have an MSc in Chemistry from the days when we studied "Toxicology and toxic substances" which included how to synthesize the VX group).
1. The VX group has a very specific de-activation procedure. That procedure is not being followed in Salisbury. While there is a lot of people wondering around in protective gear nobody is carrying sprayers with [redacted due to UK mind crime statute].
2. Intoxication by VX group will stop your breathing very early on, before you go unconscious. You will not end up slumped on a bench with your daughter, you will be having your last gasps on the floor.
3. The antidotes for VX group and for the agent in question are different. However, the antidote administered for a suspected drug overdose works for the agent in question. The MI6 spy and his daughter (I admit - the Russian embassy did use a correct designation) are alive. They would not be if they were found hit with VX gas to the point where they are unconscious and the answer to this riddle is that the paramedics most likely administered standard "drug overdose" procedures.
4. If you are still to dumb to guess the nerve agent, I suggest googling for something north-easterly (especially in Russian).
-
Friday 9th March 2018 14:02 GMT Evil Auditor
Re: Which country was banned from the 2018 Winter Olympics?
Re Nerve Agent
Well, AC, call me too dumb. Then again, I don't have an MSc in chemistry either. So far, all I know -from the media- is that it was neither VX nor sarin. That leaves a few substances left which I remember from CW training, both persistent and non-persistent ones. But I've got no bloody clue if any of those had links to something north-easterly. From the little I've heard I'd guess something from the V series. But please, dear AC, enlighten us, the dumb.
-
Friday 9th March 2018 23:17 GMT Anonymous Coward
Re: Nerve Agent
Now that's a story that really begs the cui bono question. Who expects to benefit from a nasty diplomatic incident between UK and Russia?
As far as I can tell, neither country benefits. Nor do either country's ruling politicians. A rogue faction maybe, but that's not obvious either. Is there anyone looking for a distraction/scapegoat? One could point at a few candidates, but to suggest them would be a deep foray into conspiracy theory. Maybe for instance anti-corruption campaigners looking to provoke the UK government into clamping down on money-laundering.
-
Monday 19th March 2018 11:56 GMT Anonymous Coward
Re: Nerve Agent
>Who expects to benefit from a nasty diplomatic incident between UK and Russia?
Well those concerned might not have fully factored in the diplomatic dimension, but remember it wasn't long ago the certain members of the establishment suddenly woke up to undersea communication cables. So perhaps the beneficiaries are those who stand to gain from having a readily identifiable villain...
Mind you if Homeland plot lines are still base on and hence not too far from reality...
-
-
-
-
Friday 9th March 2018 17:24 GMT Anonymous Coward
Re: Which country was banned from the 2018 Winter Olympics?
Would that be the same VX that was developed and produced at Porton Down, 7 miles from Salisbury?
No. It is a Russian speciality with >170 dead last time it was used 15 years ago. Is that f**** enough for you to actually google it or I should point you directly in the Nord-Ost direction? Are you really that thick?
Its major difference compared to VX is that you may save the person if you apply the "this idiot had a drug overdose" protocol which is what the paramedics most likely did to the pair slumped on the bench.
If it was VX they would be on the mortuary table same evening. They are alive which narrows down what was used in this case quite a bit. The fact that the guys in the orange suits are not spraying around a solution of what you often find in a type of household chemical narrows it down even further.
By the way the police has already unintentionally spit it out that it is that. They said a nerve agent which is more rare than VX. The conjecture here is that this may somehow lead to the lab where it was "synthesized" which is utter bull as there are 100s of labs in China spitting out the key components and shipping them to your local dope dealer.
-
-
-
Friday 9th March 2018 17:27 GMT Anonymous Coward
Re: Which country was banned from the 2018 Winter Olympics?
Narcan - is there nothing it cannot do?
Correct. Instead of Atropine which is the standard antidote for VX.
Now, which Russian "nerve agent" has narcan as an antidote - used in an actual incident. You get a cookie if you can google it in one statement.
-
-
Monday 19th March 2018 11:49 GMT Anonymous Coward
Re: Which country was banned from the 2018 Winter Olympics?
>Intoxication by VX group will stop your breathing very early on, before you go unconscious. You will not end up slumped on a bench with your daughter, you will be having your last gasps on the floor.
This was the aspect that got my attention.
My (limited) understanding of nerve agents suggested that if they had been targetted with a military grade agent with the intent to kill, it would have been quick acting, so effectively they must have been sitting on the park bench when a person unknown walked by and simply sprayed the area. This leaving a defusing cloud of stuff that would affect passers-by to varying degrees - hence why a total of 21 people were treated, in the case of the policeman, he probably walked right into the middle of the cloud and breathed the air directly around the victims.
I hence think the various press stories about, it being in the car, at the restaurant etc. etc. to be misdirections, probably due to the press trying to make sense of an investigation that they are distinctly being kept on the outside of.
-
-
-
-
-
Thursday 8th March 2018 21:38 GMT Kevin McMurtrie
It's practice. This one appears be specifically testing whether or not the victim can be made to waste effort fighting the wrong opponent. Economies have regular up and down swings. Say Trump deregulates every greedy mega-corp in America and then starts his trade war. You'd have a combination of a collapsing economy with American core businesses engaging in high risk and fraudulent activity. Now hack the hell out of everything - publish trade secrets, wreck farming hardware, drain bank accounts, knock out power, fluctuate inventory, and use propaganda to obstruct recovery and misplace blame. The results could be bad enough that the US needs foreign investment to sustain life. Countries that once viewed the US and oppressive or competitive would now be using it for profit.
-
Thursday 8th March 2018 23:20 GMT Destroy All Monsters
Economies have regular up and down swings.
No they don't unless they are printing money to implement "recovery".
The results could be bad enough that the US needs foreign investment to sustain life.
Foreign "investment" (i.e. stocking of rankly toxic T-bills) IS the only thing that keeps the US alive.
Countries that once viewed the US and oppressive or competitive would now be using it for profit.
Although (or because) he knew the score, Obama gave 38 billion US taxpayer trinkets to a certain very rich country. Thank you for noticing.
-
-
Thursday 8th March 2018 23:19 GMT Anonymous Coward
The purpose is the purpose. It is inscrutable and forever, like Rodina.
Gratuitous link to "Red Right Hand" by Nick Cave and The Bad Seeds
-
Friday 9th March 2018 04:55 GMT Mark 85
I'm trying to figure out just exactly what Russia/Putin's angle actually is?
Chaos, confusion, and then when everything is stirred up... take back the bits that broke off from the USSR. Or not. Who knows? Why did they apparently (according to most sources) meddle or attempt to meddle in the last election? There may be a plan from them for something that will benefit them.
Then again, it could have been China or some other country that's been stirring things up and continuing to do so. Troubling times, indeed.
-
-
Thursday 8th March 2018 22:28 GMT alain williams
No one will read this new report ...
other than a few nerds. However at the time the politicos made great hay of it being the Norks - which suits their political ends of portraying Kim Jong-il as being the current root of all evil and a great nuclear threat - not ½ as many words spoken when Putin did the same last week.
I'm not saying that Kim is a nice bloke, but lets start to compare him to Bashar al-Assad, Robert Mugabe, ...
-
This post has been deleted by its author
-
Friday 9th March 2018 11:42 GMT Anonymous Coward
Re: No one will read this new report ...
"I'm not saying that Kim is a nice bloke, but lets start to compare him to Bashar al-Assad, Robert Mugabe,"
One of these is not like the other.
Assad is not a nice person. Churchill was not a nice person. Had the Germans invaded Britain, poison gas was just one of the things we planned to use along with sabotage (which would have resulted in massacres of civilians this being German modus operandi) and you can imagine that part of the country would stay under Government control and would find itself bombing German-held areas in towns and cities, with many civilian deaths.
People forget or are not reminded that Syria is being invaded by foreign forces, proxies for Israel, Saudi and the United States. Whereas Mugabe and Kim are in countries that, frankly, nobody would want to invade.
-
Friday 9th March 2018 12:43 GMT CrazyOldCatMan
Re: No one will read this new report ...
Syria is being invaded by foreign forces, proxies for Israel, Saudi and the United States
You sure about that? Because from where I'm sitting the people doing the fighting look like proxies of Russia and Iran.
And calling ISIS or the other fundamentalist groups "proxies of Israel or the US"? Can I have some of what your'e smoking? Saudi, maybe.
-
-
-
Thursday 8th March 2018 23:10 GMT Florida1920
Russia?
It's hard to see how Russia would benefit from shifting the blame to North Korea. Russia is one of the few countries with trade relations with North Korea.
What country would gain the most from making North Korea look guilty? And likely has an agency with the skills to make a malware attack look like a Russian attempt to spoof a North Korean attack?
Which country's president has been engaging in an escalating ego-war with the North Korean head of state? And which country seems implicated in trying to manipulate a certain Western country's presidential election? Two birds with one malware attack? As an American I hate to think we might do something like this during the Olympics. But we've done worse.
-
Thursday 8th March 2018 23:46 GMT BinkyTheMagicPaperclip
Re: Russia?
A large part of the reason for NK entering the Winter Olympics was to improve relationships with South Korea, and provide leverage to reduce sanctions. If you posit that eventually Korea will be re-unified (or at the very least for a start the shared economic area re-opens), the benefactor is not likely to be Russia.
-
Friday 9th March 2018 02:04 GMT Florida1920
Re: Russia?
If you posit that eventually Korea will be re-unified (or at the very least for a start the shared economic area re-opens), the benefactor is not likely to be Russia.
Really?Moon Jae-in Making Friends By Importing More Gas
During his successful campaign to become South Korea's president, Moon Jae-in promised to dramatically increase South Korea's natural gas consumption.
Within weeks of taking office, he took several concrete steps towards fulfilling that promise. He announced the near-term closure of 10 coal plants, he allowed the operating license to expire as scheduled for South Korea's oldest nuclear plant, he reopened discussion of a long envisioned project to build a natural gas pipeline from Russia through North Korea and he ordered construction to be halted on Shin Kori 5 & 6, two new APR-1400 nuclear reactors.
-
Friday 9th March 2018 05:19 GMT Anonymous Coward
Re: Russia?
Just one more interesting item to add to the mix. Russia needs a happy Kim Jong Un willing to allow construction of a natural gas pipeline between Russia and South Korea. Not sure how that clarifies things unless the flipside is the truth. Russia needing Kim Jong Un gone as he's got better relations with China (doubtful)?
I used to do intelligence analysis while I was in uniform. If one thing has become absolutely true, it's that the Internet provides information overload so coming up with an accurate, probable assessment is more difficult today. There were more constrained actions on all the players back then. Now? Who the fuck knows what's accurate even about yesterday let alone far into the future.
-
Friday 9th March 2018 10:20 GMT Anonymous Coward
Re: Russia?
"Now? Who the fuck knows what's accurate even about yesterday let alone far into the future."
I strongly agree, no public sources seem reliable now.
But the word 'now' is significant. It does not simply seem like nostalgia - things have changed, but is that change due to 'natural' consequences of information overload or is it the result of intent? That's difficult to say too, but if it was the result of intentional action then it was well thought out and executed, at least at the start. But perhaps a more important question to ask right now is: who is trying to exploit it? And the answer to that seems to be: everyone.
Funny thing is, with human nature being what it is, I suspect that this will also be biting the players too and I doubt that none of them have any real control anymore. Although 'obviously' unlikely, this could be intentional too - that's how messed up things seem right now.
I think it is likely that none of the players will be happy with this situation for very long though; chaos and anarchy are anathema to the agencies when they don't control it.
-
-
-
-
Friday 9th March 2018 11:17 GMT Cuddles
Double bluff
Of course, there's absolutely nothing to stop North Korea from framing themselves. It could be someone who wants to make it look like North Korea did it, or it could be someone who wants to make it look like someone wants to make it look like North Korea did it, and so on. Basically, the only thing we actually know is that the code exists, anything regarding who wrote it and why is pure speculation.
-
Friday 9th March 2018 14:11 GMT Anonymous Coward
No more anonymous hacks then?
Quote: "But the wiper function’s Rich header, which contains some metadata, included hints to the development environment the code was written in."
*
So yet another reason to write malware in assembler....or in C, and then strip anything metadata-like out of the assembler before assembly.
*
So much for the "sophistication" of these hacks.....it's just too hard to make the delivered payload anonymous...so let's put in some header which might looks as though the source code belonged to someone else.....the Israelis or the NSA or GCHQ or the Russians or......
Signed: A Dinosaur
-
Friday 9th March 2018 19:33 GMT Claptrap314
Re: No more anonymous hacks then?
Even when I wrote in asm, I used libraries. I assume that the attributions to the various actors run along the lines of identifying reused code. It would be really expensive to develop new tools that reimplement core functionality on a tool-for-tool basis. Expensive because once you've got the expertise to do it once, it's going to be hard to rewrite it again without reusing your own techniques...
Sure, the big boys could do it. In theory.
-