When security gets physical: Mossad boss hints at less-than-subtle Stuxnet followup

Plus: Alleged Trickbot developer cuffed by US agents


In brief The outgoing head of Israeli foreign intelligence service Mossad has suggested that Stuxnet wasn't the only spanner in the works his agency put into Iran's nuclear programme.

In an interview last week, Yossi Cohen intimated that Iran's uranium-enrichment centrifuges at the Natanz facility had been physically destroyed in the past year, requiring a rebuild. Although Cohen did not explicitly take credit for the sabotage, he made it clear Israel was bent on stopping Iran from building nuclear weapons.

It is said a marble base, on which the centrifuges were placed, was supplied with explosives hidden inside that were set off to ruin the factory. There were indeed reports of blasts at Iranian nuclear sites in 2020, which were attributed to Mossad.

He also intimated that the assassination of Mohsen Fakhrizadeh, one of Iran's top nuclear scientists, using what the Iranians described as a machine gun controlled by "an intelligent satellite system," may have been carried out by Israel.

"If the man constitutes a capability that endangers the citizens of Israel, he must stop existing," Cohen said.

This kinetic approach is a far cry from a decade or more ago, when a combined US and Israeli operation covertly installed the Stuxnet malware on the air-gapped computer systems used to control some of Iran's centrifuges. The sophisticated malware surreptitiously interfered with the centrifuge speed to derail Iran's uranium fuel enrichment process.

Fujifilm says FU to ransomware

While the likes of Colonial Pipeline and JBS are willing to pay many millions to organised ransomware gangs, Fujifilm has apparently taken a different approach.

Last week the Japanese conglomerate confirmed it had been the victim of an online intrusion and shut down all external communications and part of its internal network. Two days later it said this was a ransomware hit, but reportedly the biz isn't paying up and will do this the hard way.

"Fujifilm Corporation in Tokyo does not comment on the demand but I can confirm we have not paid any ransom," a Fujifilm spokesperson told The Verdict. "Fujifilm does have backups in place as a part of its normal operation procedure aligned with its policy."

Which is frankly admirable, and good security practice. Ransomware scumbags have made bank when companies, or their insurers, decide it's cheaper to pay up rather than sort out the issue, but once you've had malware on a system chances are there are other software nasties in there and you'll have to reformat anyway – if you follow best practices.

Alleged Trickbot malware developer indicted

The US government scored a rare win when it managed to collar what it alleges is a malware developer, and she doesn't fit the stereotypes.

In February, Latvia national Alla Witte, 55, was arrested in Florida, and the US has now filed a 47-count indictment against her in an Ohio federal court. She's accused of developing code for the Trickbot malware botnet and building ransomware to send to infected PCs.

"The defendant is accused of working with others in the transnational criminal organization to develop and deploy a digital suite of malware tools used to target businesses and individuals all over the world for theft and ransom," said Deputy Attorney General Lisa Monaco earlier this month.

"These charges serve as a warning to would-be cybercriminals that the Department of Justice, through the Ransomware and Digital Extortion Task Force and alongside our partners, will use all the tools at our disposal to disrupt the cybercriminal ecosystem."

According to social media posts, Witte, who went by the name Max online, grew up in Russia, studied mathematics and worked as a teacher in the 1980s, before getting into computers and coding at the turn of the century. She's accused of joining the Trickbot network in 2015, acting as a key programmer, and potentially faces a lifetime in prison if convicted.

Slilpp knotted

Meanwhile, police around the world moved this week to take down the infamous Slilpp online souk.

The marketplace, in operation since 2012, sold stolen credentials and email accounts to the highest bidder and ran a wire transfer payments system. US authorities estimate it caused over $200m in damage to US citizens and in a coordinated attack its servers and command systems were seized by US and European police. More than a dozen individuals have been charged.

"The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims," said Acting Assistant Attorney General Nicholas McQuaid of the Justice Department's Criminal Division. "The department will not tolerate an underground economy for stolen identities."

RSA spins off fraud wing as Outseer

Barely a year after being sold by Dell to private equity player Symphony Technology Group for $2.1bn, RSA is separating its fraud and monitoring business units into a separate company.

You may remember STG from such buyouts as McAfee's enterprise business, which it paid $4bn in cash for in 2020, and has been making other enterprise security acquisitions. Now it has set up Outseer, a combination of RSA's Adaptive Authentication monitoring system and its FraudAction threat detection unit run by Reed Taussig, who joined RSA's Fraud & Risk Intelligence unit late last year.

"Outseer's reason for being isn't just focused on eliminating payments and account fraud," he said. "These fraudulent transactions are often the pretext for more sinister drug and human trafficking, terrorism, and other nefarious behavior. Outseer has the ability to help make the world a safer place." ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021