Streetwise Professor

A few weeks ago I wrote about the Russian connections (plural) to the hacks of US retailers, notably Target.  There’s more where that came from.  There is strong circumstantial evidence that Russian hackers are targeting US and European energy companies (long considered to be important and vulnerable targets).  You’re shocked, no doubt:

Russian hackers appear to be targeting Western energy interests for cyber espionage, according to a report to be issued Wednesday by a security research firm.

Though researchers at CrowdStrike say they do not have definitive proof, they say they found links between command and control servers to Russian-language hosting services.

If true, it would be one of the first reports alleging Russian cyber efforts aimed at U.S. and European energy companies. Up to now, most reports have focused on the Chinese.

“They’re taking the Chinese playbook,” said Dmitri Alperovitch, CrowdStrike cofounder and chief technology officer.

. . . .

The researchers said they saw indicators in malware they analyzed that “tie back to possible Russian” hackers, and some of the command and control servers used were linked to Russia-based hosts. Also, the hackers were active during business hours in Moscow, the report said.

The hacking group, which CrowdStrike dubbed Energetic Bear, has been active since at least August 2012, said Adam Meyers, CrowdStrike’s vice president of intelligence. Energetic Bear is also targeting Japan, China and Turkey, Meyers said. He said the data harvested from the companies could be useful “in support of political or diplomatic operations involving the use of energy resources.”

This predates Snowden, but hey, it does suggest that he has indeed absconded to the land of opportunity for someone with his skills.  That is, if his delicate conscience isn’t too offended by this.  And if it is offended, how come he says nothing about any report of Russian cybercrime, given that there is a clear nexus between the Russian security forces and various hacking activities in Russia?

Another interesting dog that isn’t barking.  Again.  Kaspersky, of course.  Although he jumps all over hacks that apparently don’t originate in Russia, he is invariably silent on those that do.

Purely a coincidence, I’m sure.

Segueing to the story on the hack of Belgacom and European governments that Kaspersky supposedly discovered.  Appelbaum and others have been screaming on Twitter that there is evidence that NSA was behind the attacks, and what’s more, that a the NSA (or GCHQ) was guilty of an earlier hack, directed against a famous Belgian cryptographer, Jean-Jaques Quisquater.

First, the attacks on Belgacom and Quisquater originated in Asia.  Yes, the NSA is certainly capable of doing that.  But China is also obviously a candidate.

Second, regarding the Quisquater hack.  The linked article, and Appelbaum, et al, make a huge (il)logical leap.  Quisquater was targeted 6 years ago, in a low-tech phishing attack that any Nigerian hacker could have executed.  Moreover, Quisquater himself acknowledges that: (a) there are “12 to 15 different hypotheses” regarding the source of the attack; (b) he has no evidence it was launched by NSA; and (c) he has been told that this was not an NSA MO (although there is some ambiguity here as the researchers who informed Quisquater said it was not a “current” NSA technique).

But that doesn’t stop the hacker set from stating as fact that NSA is guilty.  This fits in very well in the ongoing disinformation operation/active measures being directed at NSA.