Here's 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ Details of 30 servers thought to be used by Russia's SVR spy agency (aka APT29) as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ. Russia's Foreign Intelligence Service "is actively serving malware (WellMess, WellMail) previously used in espionage campaigns targeting COVID …
Something is not being explained.
Can just 30 addresses really be a major problem? It should be real easy to block 30 addresses.
If not blocked by the local ISP, it can be blocked at the ISP outside Russia.
There are companies that sell real time reputation checking services - both as an ISP service and as a firewall feature.
It is easy to speak ill of Russia and China and forget the other players. There is no commitment from the USA, Israel, India and the EU to resist the temptation to hack their enemies.
Lead by example.
Those 30 addresses aren't directly causing the problem(s). Rather, they are being used to exploit tens of millions of compromised machines, which in turn cause the problem(s) being discussed.
These tens of millions of machines will remain a problem as long as the sheeple of the world are ineducable. Nobody will do anything to secure these compromised machines, as all sides use them.
Yes, you are correct. ALL countries engage in this kind of crap.
The only thing "leading by example" will do is remove a tool that the other side will happily continue to exploit. Not that I approve, far from it, but them's the facts.
Jake's a septic as you well know being an ex-pat, "our" (UK) lot are mentioned here:
"Just for good measure, the GCHQ offshoot also briefed national newspapers in November that they were countering the SVR's continuing efforts to break into British research institutions, hinting they were deploying a form of encryption malware (think ransomware without the ransom) against the Russians."
No need point fingers Mr Danny 2. I'm sure all Secret Services do all sorts of naughty things. It's what they do.
What keeps me up at night is that back in the day, Boris (the Russian ones, not our PM) and co had to brush up on how tall Salisbury Cathedral's spire is before flying over here to poison people. With internets, you can bang on the virtual door of any tom, dick and harry, anywhere in the world for day, weeks, months or more until you guess the password and then wreak havoc.
Correct. But Septics stick their fingers in their ears and go lalala
Bush signed a presidential order in 2002 allowing the NSA to monitor, without a warrant, domestic telephone calls and e-mail messages.
FISA created the kangaroo courts that currently dole out secret FISA warrants to legalise spying on Americans.
The PRISM surveillance programme.
The network of “Fusion” centres.
Ever heard of Snowden?
The Patriot Act. The Freedom Act.
The USPS spies on Americans by monitoring their social media.
The NSA shares data with the FBI.
And that is just domestically.
The "Order" was not to monitor the "content" of said phone calls or emails but to monitor the recipients of these communications so see of communications originating with the US to knows terrorist targets outside the US.
I agree that this is not a legal order as it violates the 4th amendment and we all know that "restricted surveillance operations" like this are fraught with the potential for abuse.
Also the last 2 Democrat administrations have taken Domestic Spying to new levels never seen in this country before.
Which leads to the question why can't you, or won't, just stamp it out?
"Can't" is very difficult. The US most certainly does not have the capability to do that without massive collateral damage (sorry, NSA trufans).
To really understand why you'd need to learn quite a lot about the current state of IT security, but you might start by reading some of the major IT-security blogs and mailing lists such as (just as examples, in no particular order) Full Disclosure, Threatpost, Brian Krebs' blog, Bruce Schneier's blog (or his CRYPTO-GRAM email newsletter), and Graham Cluley's blog. And also some of the more-rigorous research outlets such as Citizen Labs' publications and the research announced in Cambridge's Light Blue Touchpaper blog.
Or you could just read decent popular treatments such as Greenberg's Sandworm, which is a pretty good piece of investigative reporting. (I'm not usually a fan of Wired's output, but Greenberg does his research.)
As for "won't" – well, as it happens, a number of people have asked US Federal officials about why the US response to IT attacks has been so inconsistent and generally muted. The answers (when they aren't just the usual waffling bullshit) are pretty consistent: the US government doesn't want to advocate rules in this area that it doesn't want to abide by. Various agencies in the US believe we have good IT offensive capabilities and can develop better ones, so they aren't willing to take, say, attacks on civilian infrastructure (like the Ukraine blackouts perpetrated by Sandworm / Voodoo Bear1) off the table. Those are likely to be very useful in future conflicts.
As for why the US government doesn't just happily rattle its sabre over these sorts of attacks and then go on to do the same thing ... well, that's a matter of geopolitics and diplomacy. Sometimes not appearing hypocritical is useful. Sometimes not making promises you don't want to keep is useful.
1Some reports have grouped Sandworm, aka Voodoo Bear, in APT28 (aka Fancy Bear), but there's evidence to suggest this is incorrect; specifically that Fancy Bear and Sandworm / Voodoo Bear are separate GRU units which sometimes both contribute to specific campaigns.
"ALL countries engage in this kind of crap"
Then may all countries publish the CoC IP of their fellow counterparts!
If SVR has the equivalent IPs from the US, UK, or EU, let it publish them, I would welcome the data, and I'll check them the same way I checked the ones provided by RiskIQ.
If the addresses hosting the VMs are blocked then either the operators stop hosting them (probably not an easy decision to make) or the other commercial customers go elsewhere. Maybe they'll turn out to not be very commercial hosting businesses after all.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
