Tag Archives: Kazakhstan

Former Soviet Bloc, Allies, Under Lurid Attack

Trend Micro researchers David Sancho and Nart Villeneuve have written up an interesting attack they’ve dubbed LURID on diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in the former Soviet bloc and its allies. (Only China was not a Soviet bloc member or ally in the list, and it was the least affected by the attack.)

Although they don’t say, or speculate, about the attacker, it’s not hard to conclude who might be particularly interested in what the attacks are able to dig up:

Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets.

Russia had 1,063 IP addresses hit in the attacks; Kazakhstan, 325; Ukraine, 102; Vietnam, 93; Uzbekistan; 88; Belarus, 67; India, 66; Kyrgyzstan, 49; Mongolia, 42; and China, 39.

The campaign has been going for at least a year, and has infected some 1,465 computers in 61 countries with more than 300 targeted attacks.

Dark Reading quotes Jamz Yaneza, a research director at Trend Micro, as saying it’s probably a case of industrial espionage. But who by? ”This seems to be a notable attack in that respect: It doesn’t target Western countries or states. It seems to be the reverse this time,” Yaneza says.

Other tidbits from the Dark Reading report: Definitely not out of Russia, according to Yaneza. David Perry, global director of education at Trend Micro, says could be out of China or U.S., but no evidence of either. So it could be either hacktivists or industrial espionage. Yaneza says attackers stole Word files and spreadsheets, not financial information. “A lot of the targets seemed to be government-based,” he says.

My tuppennies’ worth? Seems unlikely to be hactivists, at least the type we think of. This was a concerted campaign, specifically aimed to get certain documents. Much more likely to be either industrial espionage or pure espionage. Which means we might have reached the stage where groups of hackers are conducting these attacks because a market exists for the product retrieved. Or had we already gotten there, and just not known it?

Either way, Russia and its former allies are now in the crosshairs.

More reading:

Massive malware attacks uncovered in former USSR | thinq_

Cyberspy attacks targeting Russians traced back to UK and US • The Register

Domain Names as a Tool for Political Control?

A case that addresses all sorts of issues, and, at the same time, none of them. Reuters.com reported a few days ago that

The authorities in Kazakhstan, angered by a British comedian’s satirical portrayal of a boorish, sexist and racist Kazakh television reporter (Borat Sagdiyev ), have pulled the plug on his alter ego’s Web site. Sacha Baron Cohen plays Borat in his “Da Ali G Show” and last month he used the character’s Web site www.borat.kz to respond sarcastically to legal threats from the Central Asian state’s Foreign Ministry.

A government-appointed organization regulating Web sites that end in the .kz domain name for Kazakhstan confirmed on Tuesday it had suspended Cohen’s site. “We’ve done this so he can’t badmouth Kazakhstan under the .kz domain name,” Nurlan Isin, President of the Association of Kazakh IT Companies, told Reuters. “He can go and do whatever he wants at other domains.” Isin said the borat.kz Web site had broken new rules on all .kz sites maintaining two computer servers in Kazakhstan and had registered false names for its administrators.

Actually Borat has been around for a while, saying these things, as have Kazakh officials been trying to put the record straight about their country, but it appears to be a U.S. series, a movie in the works and an appearance at the MTV Music Awards that has been the catalyst for the Kazakhs to take action:

Cohen, as Borat, hosted the MTV Europe Music Awards in Lisbon last month and described shooting dogs for fun and said his wife could not leave Kazakhstan as she was a woman. Afterwards, Kazakhstan’s Foreign Ministry said it could not rule out that he was under “political orders” to denigrate Kazakhstan’s name and threatened to sue him.

Kazakhstan has also hired two PR firms and, according to the London Times, earlier this month published a four-page ad in the New York Times. Cohen must be lapping up the free publicity.

Reporters without Borders are upset about this abuse of the country domain name , linking it to the alleged stage-managed closure of opposition Kazakh web site Navi.kz, calling it censorship and beyond the competence of bodies that manage domain names:

In this way, it infringes the principles set out by ICANN, which requires that the management of the ccTLDs should be fair and non discriminatory.

Oddly, a piece in today’s IHT (which also, intriguingly, carries a 4-page ad for Kazakhstan; the story originally appeared in Wednesday’s European edition) quotes the Kazakh foreign ministry spokesman, Yerzhan Ashikbayev, as denying it was the government that had blocked the site. Whoever made the decision, this isn’t exactly censorship. Borat just moves his website here, and loves the attention. That’s not to say there aren’t plenty of examples of government crackdowns on press freedom, including using the the Kazakh network information centre (KazNIC) to harass the opposition website Navi into changing domain name — twice. It can now be found at Mizinov.net. If Borat’s case does nothing else, it might raise public concern about political manipulation of those last two letters after the dot.