Security

WikiLeaks drama alert: CIA forged digital certs imitating Kaspersky Lab

Vault 8 release says spooks used disguise to siphon off data


The CIA wrote code to impersonate Kaspersky Labs in order to more easily siphon off sensitive data from hack targets, according to leaked intel released by Wikileaks on Thursday.

Forged digital certificates were reportedly used to "authenticate" malicious implants developed by the CIA. Wikileaks said:

Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated.

Eugene Kaspersky, chief exec of Kaspersky Lab, sought to reassure customers. "We've investigated the Vault 8 report and confirm the certificates in our name are fake. Our customers, private keys and services are safe and unaffected," he said.

Hackers are increasingly abusing digital certs to smuggle malware past security scanners. Malware-slinging miscreants may not even need to control a code-signing certificate. Security researchers from the University of Maryland found that simply copying an authenticode signature from a legitimate file to a known malware sample – which results in an invalid signature – can result in antivirus products failing to detect it.

Learn client-server C programming – with this free tutorial from the CIA

READ MORE

Independent experts reckon the CIA used Kaspersky because it's a widely known vendor.

Martijn Grooten, security researcher and editor of industry journal Virus Bulletin, said: "The CIA needed a client certificate to authenticate its C&C comms, couldn't link it to CIA and used 'Kaspersky', probably just because they needed a widely used name. No CA hacking or crypto breaking involved. Clever stuff, but not shocking. Not targeted against Kaspersky."

Revelations about the abuse of digital certificates by the US spy agency came as Wikileaks released CIA source code and logs for a malware control system called Hive, as previously reported.

Security expert Professor Alan Woodward criticised the release with a reference to the Equation Group (NSA hacking unit)/Shadow Brokers leak. "Wikileaks is now releasing source for exploits in Vault 7. Do they remember what happened last time such exploit code was leaked? Standby for another WannaCry." ®

Send us news
29 Comments

Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway – report

Anonymous sources get into war-by-media counterbriefing

Colonial Pipeline's operators reportedly paid $5m to regain control of their digital systems and get the pipeline pumping oil following last week's ransomware infection.

News of the payoff was broken by Bloomberg – which not only cited anonymous sources but also mocked other news outlets' anonymous sources for saying earlier this week that the American pipeline operator would never pay the ransom.

"On Wednesday, media outlets including the Washington Post and Reuters reported that the company had no immediate intention of paying the ransom. Those reports were based on anonymous sources," gloated Bloomberg, while avoiding describing its unnamed "people familiar with the company's efforts" in the same terms.

Continue reading

Google Cloud and SpaceX buddy up to fling edgy data and cloud services via Starlink

Sign-ups open in second half of 2021

Google has linked arms with SpaceX to hawk data and cloud services through the Starlink constellation.

The deal will result in Starlink ground stations being located within (or probably on top of) Google's data centres and blasting the Chocolate Factory's cloud services out to the edge via Elon Musk's sky-scratching mega constellation.

The delivery of the internet service promised by Starlink will be supported by Google Cloud's private network. Thus even those in the most remote of areas will be unable to escape Google's services.

Continue reading

Guido van Rossum aiming to make CPython 2x faster in 3.11

'I got bored sitting at home while retired ... I chose to go back to my roots'

Language Summit Python creator Guido van Rossum this week told attendees at the Language Summit that he hopes to double performance in version 3.11.

The programming language is relatively slow in its default CPython implementation, though there are many ways to make it faster including performance-oriented alternatives like PyPy. Historically Van Rossum had seemed unconcerned about Python performance, favouring the simplicity of a compiler that is less well optimized.

Slides from the summit now posted [PDF] suggest a change of heart. "I got bored sitting at home while retired," he said. "I applied at Microsoft and got hired. I was given freedom to pick a project. I chose to go back to my roots. This is Microsoft's way of giving back to Python."

Continue reading

Take-home salary pay cut in 2021? Billionaire Michael Dell feels you, slices off most of own yearly pay

Paid fraction of his fellow execs, though he is worth $50+bn (just don't mention tax)

For a man’s whose net worth is estimated at $50.7bn Michael Dell isn’t short of spare change, but he was paid a fraction of what his corporate generals received in fiscal 2021 after agreeing to forgo a huge chunk of his salary.

The compensation packages received by the other Dell executives for the company’s fiscal 2021 ended 31 January swelled after the targets for revenue and profit were surpassed, according to material filed with the SEC for an Annual General Meeting of Shareholders scheduled for 22 June.

The filing reiterates that Dell, the founder, Chairman and CEO of the tech biz, agreed to forgo his base salary of $950,000 as of 2 May last year, the start of Dell’s Q2 of fiscal ’21.

Continue reading

Openreach slaps another 5 million premises on top of FTTP connection target, expects to pay 'minimal tax in the UK' over next few years

We'll hire 7,000 to get it done by 2026, says boss

BT's Openreach has promised to bring FTTP connectivity to 25 million premises by the end of 2026, an increase of 5 million against the previous target.

To meet its loftier goal, the telco pledged to increase its FTTP build rate from 3 million premises each year to 4 million. This, company boss Philip Jansen said, will result in the direct creation of 7,000 new jobs.

Speaking on BT's quarterly conference call, Jansen claimed the company had renewed confidence it would be able to scale up its build numbers thanks to a tax break for full-fibre builds, which he described as a "really good move," as well as regulatory reforms introduced in Ofcom's Wholesale Fixed Telecoms Market Review (WFTMR), which limited pricing controls on new fibre-based products.

Continue reading

As Samsung breaks ground on new EUV semi foundry, SK Hynix mulls expanding its logic and contract fab businesses

Analyst: 'Company may need to license 7nm and below process tech'

With the world facing a drought of crucial semiconductor components, Samsung Electronics has said it plans to dig a fresh borehole in the form of a new production facility, expected to open in Q2 next year.

Construction has already begun on the new production line, dubbed P3 and based in the city of Pyeongtaek. Samsung said the facility will be tasked with producing 5nm logic semiconductors and 14nm DRAM using EUV lithography tech.

Continue reading

Colonial Pipeline was looking to hire cybersecurity manager before ransomware attack shut down operations

Good luck to whoever got that gig

Stricken US bulk hydrocarbon conveyor Colonial Pipeline advertised for a new cybersecurity manager a month before that ransomware attack forced operators to shut down the pipeline as a pre-emptive safety measure.

The job advert came to light in the wake of the ransomware attack, which shut down one of America's largest pipelines on Friday 7 May.

"Employees find exciting opportunities to grow and develop their careers at a stable company which offers a generous compensation and benefits package that includes annual incentive bonuses, retirement plans, insurance coverage and a host of other features that support a happy, active, productive and rewarding life," says the advertisement (also available here).

Continue reading

James Webb Space Telescope runs one last dress rehearsal for its massive golden mirrors before heading to launchpad

A few final tests then it's bags packed for French Guiana – and about time too

ESA, CSA and NASA's James Webb Telescope opened its giant primary mirror one last time on Earth ahead of being packed up for long awaited launch later this year.

The 6.5m structure, comprised of 18 hexagonal mirrors, was commanded from the Northrop Grumman testing control room in California to expand and lock itself into place in the same way it will in space. The only difference will be the addition of some equipment to simulate the gravity (or lack thereof) of where it will spend its operational life.

The test is the team's final checkpoint in a series of qualifications aimed at ensuring the telescope and its multitude of parts (including the 132 actuators and motors used to deploy and focus the mirrors) will withstand the rigours of launch and a lengthy mission near the Earth-Sun L2 Lagrange point.

Continue reading

Man paralyzed from neck down uses AI brain implants to write out text messages

Read my blips

Video A combination of brain implants and a neural network helped a 65-year-old man paralyzed from the neck down type out text messages on a computer at 90 characters per minute, faster than any other known brain-machine interface.

The patient, referred to as T5 in a research paper published [preprint] in Nature on Wednesday, is the first person to test the technology, which was developed by a team of researchers led by America's Stanford University.

Two widgets were attached to the surface of T5’s brain; the devices featured hundreds of fine electrodes that penetrated about a millimetre into the patient’s gray matter. The test subject was then asked to imagine writing out 572 sentences over the course of three days. These text passages contained all the letters of the alphabet as well as punctuation marks. T5 was asked to represent spaces in between words using the greater than symbol, >.

Continue reading

Oops, says Manchester City Council after thousands of number plates exposed in parking ticket spreadsheet

They are personal data, you know. Wait – you did know that, right?

Exclusive Manchester City Council exposed online the number plates of more than 60,000 cars slapped with parking tickets, breaking data protection laws as it did so.

In what appears to be a sincere if misguided attempt to provide public accountability over parking wardens, the council publishes income from parking tickets online in the open data section of its website.

One Register reader, however, spotted a problem: in three of the 20,000-row spreadsheets, published every month between 2018 and early 2021, drivers' number plates were detailed alongside precisely where and when they were hit with parking tickets and which parking warden issued them.

Continue reading

'Biggest data grab' in NHS history stuffs GP records in a central store for 'research' – and the time to opt out is now

'More data, more breadth, more depth... it's the whole f&*king deal'

Updated The NHS is preparing for the "biggest data grab" in the history of the service, giving patients little information or warning about the planned transfer of medical records from GP surgeries in England to a central store for research purposes – and with no prospect of the data being deleted.

Campaigners and doctors have expressed alarm that such a wide-ranging data haul is in the offing when health services and patients are still swamped by the effects of the COVID-19 pandemic, with little time to focus on the details of data privacy.

The 55 million citizens of England will need to opt out of the involuntary scheme before it is introduced to prevent the entire history of their GP visits being slurped, campaigners told us. Opt-out forms are here [.docx]. We understand you will need to give this form to your GP practice before 23 June.

Continue reading