In the world of professional hackers, it is always advisable to blur his tracks or set so-called false flags, hints that point to someone else. The Russians are now operating at a whole new level - say the Americans and British.
In a joint statement released today, the NSA and the National Cyber Security Center, part of the British intelligence agency GCHQ, describe how they come to this view. The allegedly supported by the Russian state hacker group Turla (also known as Snake, Uroburos, Venomous Bear or Waterbug) has hacked allegedly supported by the Iranian state hacker group Oilrig. It then used its infrastructure and spyware to hack ministries, military and scientific institutions in more than 35 countries. The Iranians, Western services believe, probably have not heard of it.
It is remarkable for several reasons:
- A GCHQ representative told the Financial Times that Russia's operations would clarify what kind of "hustle and bustle" state-backed hackers were working on. How reassuring the idea is for ordinary citizens that intelligence services on the Internet are already on their feet, is another matter.
- Attribution, the attribution of hacker attacks, has always been difficult and even more difficult when offenders now even hijack the tools of other perpetrators. This is the first message from NSA and National Cyber Security Center.
- Her second message is: You do not deceive us, we have even better hackers. It's pretty much the same in a joint statement.
- The fact that NSA and GCHQ make their findings public shows how attribution works today. The intelligence services are opening up a bit for cooperation with IT security companies and are increasingly exchanging information. Not for nothing does the Turla and Oilrig statement refer to a June report by Symantec that anticipated the thesis of the hijacked Iranians. Incidentally, a central marketplace for the exchange of information is the VirusTotal platform, which belongs to Google. For example, US services are uploading the code of newly discovered malicious software so that anti-virus companies can customize their detection tools and even track down state espionage programs.
- The Reuters news agency has asked the GCHQ if it does not go the same way as the Russians, after all, the SPIEGEL already described in 2015 on the basis of the Snowden documents. Unsurprisingly, the British did not want to comment.
If you want to know more about false flags, I recommend the article "The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History" by "Wired" author Andy Greenberg. He describes in epic length the efforts of IT security experts to solve the hack that almost ruined the 2018 Winter Olympics in Pyongyang, South Korea. Guess who was behind it.
You like web world topics? Then subscribe to posts like this one. The newsletter start menu is free and ends up every Monday afternoon in your mailbox.
Strange digital world: Speech recognition at the limit
Google's new smartphone, the Pixel 4 (here you will find our detailed test), includes an extremely practical app for journalists. It is called a recorder and can transcribe conversations during recording. So far this only works in English. To try it out, I set up my test device in English and played a long interview that I had conducted a few days earlier with an IT security expert in English and recorded with another smartphone.
Matthias Kremp / THE MIRROR
Google's new Pixel 4
The result has saved me a lot of work on the one hand and on the other a certain pleasure. For as good as the recorder worked in general, with the technical terms and names that are part of the topic, he had his problems. For example, he interpreted the ransomware SamSam as Samsung every time, which, according to Transcript, resulted in a fascinating conversation that firstly never took place and that, secondly, brought a complaint from the South Korean company when it was released.
Anyway, that was kind of reassuring - anyway, I'm not afraid anymore that an artificial intelligence will take away my job in the foreseeable future.
App of the Week: "Bad North"
tested by Tobias Kirchner
The strategy game "Bad North" works great on the smartphone. The player must ensure that a small island is protected from Vikings. For this to succeed, it is important to place the defenders again and again correctly, so that they fend off the incoming boats. There are commanders who take on special tasks. If they fall in battle, they are gone and must be laboriously earned to upgrade the units. That provides motivation. Add to that a minimalist yet beautiful style with an atmospheric sound.
For 5.49 euros, from Raw Fury: iOS, Android
Foreign links: Three tips from other media
- "The Lines of Code That Changed Everything" (English, ten minutes of reading)
An Informative Journey Through Computer History: "Slate" has put together 36 code snippets that have changed the world - from the Apollo 11 mission's lunar module rescue program to "Hello World" to the computer virus, which consisted of only eleven characters. - "First Data Storage Beacons for NRW" (two minutes of reading)
Ali Baba, Jupp, Odin, Theo and Mr. Rossi - these are the names of the data storage detection dogs of the North Rhine-Westphalian police. They are to find hidden smartphones, USB sticks and other storage media, which they succeeded in the case of the child abuse of Lügde also. Deutschlandfunk spoke with the dog handler. - "We have to understand this as international terrorism" (three minutes of reading)
Netzpolitik.org has interviewed Miro Dittrich of the Amadeu Antonio Foundation. He says that he penetrated deeper into the online structures of German right-wing extremists than the German security authorities would have done. He calls for more infiltration of right-wing forums, even though it is "really hard" to understand their cultures and ciphers.
I wish you an interesting week
Patrick Beuth
Publishers offer
SPIEGEL ACADEMY
University course with certificate - Cyber Security
Secure the Internet of Things against Cyberattacks! Find out more here.
