Former Soviet Bloc, Allies, Under Lurid Attack

Trend Micro researchers David Sancho and Nart Villeneuve have written up an interesting attack they’ve dubbed LURID on diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in the former Soviet bloc and its allies. (Only China was not a Soviet bloc member or ally in the list, and it was the least affected by the attack.)

Although they don’t say, or speculate, about the attacker, it’s not hard to conclude who might be particularly interested in what the attacks are able to dig up:

Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets.

Russia had 1,063 IP addresses hit in the attacks; Kazakhstan, 325; Ukraine, 102; Vietnam, 93; Uzbekistan; 88; Belarus, 67; India, 66; Kyrgyzstan, 49; Mongolia, 42; and China, 39.

The campaign has been going for at least a year, and has infected some 1,465 computers in 61 countries with more than 300 targeted attacks.

Dark Reading quotes Jamz Yaneza, a research director at Trend Micro, as saying it’s probably a case of industrial espionage. But who by? ”This seems to be a notable attack in that respect: It doesn’t target Western countries or states. It seems to be the reverse this time,” Yaneza says.

Other tidbits from the Dark Reading report: Definitely not out of Russia, according to Yaneza. David Perry, global director of education at Trend Micro, says could be out of China or U.S., but no evidence of either. So it could be either hacktivists or industrial espionage. Yaneza says attackers stole Word files and spreadsheets, not financial information. “A lot of the targets seemed to be government-based,” he says.

My tuppennies’ worth? Seems unlikely to be hactivists, at least the type we think of. This was a concerted campaign, specifically aimed to get certain documents. Much more likely to be either industrial espionage or pure espionage. Which means we might have reached the stage where groups of hackers are conducting these attacks because a market exists for the product retrieved. Or had we already gotten there, and just not known it?

Either way, Russia and its former allies are now in the crosshairs.

More reading:

Massive malware attacks uncovered in former USSR | thinq_

Cyberspy attacks targeting Russians traced back to UK and US • The Register

Wagging The Journalist Tail

I’m a bit late on this, but if you’re a journalist it’s an interesting glimpse on just how much effort PR puts into spin: Microsoft’s PR agency sends its memo on a Wired journalist to the journalist himself (the dossier is here).

Much has been written about how it is normal practice to have PR closely monitoring a journalist, and we shouldn’t be surprised. True, I guess. What surprises me about the episode is the degree of influence/control those writing the memos assume they have over the process. Take these examples from the emails in the memo:

  • Spin: They are requesting a photo session with Jeff Sandquist {Microsoft’s director of platform evangelism} so we’ve secured the focus of our story. Translation: We wanted them to write about Sandquist and they are.
  • Interference: Fred will be writing early this week and we expect him to finish mid-week and will be in touch with him throughout the process. We should have a look at it early March and it should run late March for the April issue. Translation: We will be exerting influence over the writer as he writes.
  • Influence: We’re pushing Fred to finish reporting and start writing. Translation: We are exerting influence over the timing of the journalistic process.
  • Professional pressure: We will continue to push Fred to make sure there are no surprises. Translation: We will exert influence over the journalist to ascertain the content of the article and (implicitly) seek to remove anything we don’t like.
  • Personal pressure: I would hate for them to feel like the story somehow missed the true essence in which Channel 9 and 10 came to be…I know it would be pretty disappointing to them if those elements weren’t captured somehow. Translation: We will use all tools in our kit including personal feelings and guilt to ensure the journalist writes what we want.

We should point out that Chris Anderson at Wired has written about how Waggener Edstrom, the PR company, were not given a draft of the story, they were faxed a proof (i.e. a final version that cannot be corrected.) I can understand the sense in doing this, but I’d say it’s still one step too much (and it doesn’t quite gel with what Wired’s research director Joanna Pearlstein says in a comment, that “we do not share copies of stories with sources prior to publication, period.” Might be worth clarifying this.)

We should also be careful about concluding that just because the PR flaks think they’re heavily influencing the process, they may not be. The proof, of course, is in the pudding. Was the final story what they were aiming for?

Journalistic integrity is the issue. Jeff Sandquist, the subject of the story, has written about how Wired has been trying to apply the lessons of transparency learned from Microsoft to its own institution. This might or might not be true. Transparency is fine, but more important is opacity. PR shouldn’t be granted, or assume that they’re being granted, such extensive access to the journalistic process. That should be sacrosanct.

There’s a simple way of looking at this. Replace Microsoft as the subject with a government. Would a publication and its readers feel happy about this degree of involvement by officialdom in the framing of a story? I’m sure it happens, but as a reader I guess I’d just hope it doesn’t. As a reader I’d be saddened by all this; not because PR is doing something it shouldn’t, but that from the tone of the emails, it sounds as if PR assumes extensive rights to be intimately involved in the story. That means this kind of thing is common.

I’m a journalist, so my interest is simple: to ensure that what I write is what I think is correct and that I have managed to filter out as much as the spin as possible, so that what remains is as close to the truth as I can get it. For the record, I would never tolerate this degree of involvement in the process. Of course I’m lucky; I intentionally live and work a long way from anyone who can personally manipulate me through relationships, and although I write for The Wall Street Journal I’m no big fish. In fact, I have a lot of problems securing even basic stuff like a copy of Office 2007 to review; in the light of this episode I’m quite grateful. I’d rather be ignored than be subjected to this kind of pincer movement.

Bottom line: It’s sad that there’s no sense of irony here that so much effort is put into trying to control the message that is ‘there is no control’.