Targeted Cyber Threats Aren’t Just Attacking Iran

This week the news has been focusing on the computer threats called Stuxnet and Flame. Both have actually been around a few years but were not a problem to most Windows or Mac users. These threats have gotten attention lately because of a trend towards “targeted” computer infiltrations.

Stuxnet was designed to “worm” its way on to Windows computers specifically in Iran and then target specific computer devices which may be used to process the nuclear fuel, Uranium. International observers indicate that Stuxnet was likely responsible for the eventual destruction of 10% of the centrifuge machines at Irans Natanz nuclear facility. Flame is a newer, larger version but may be more detectable because it seems overly ambiguous.

Many cyber researchers, myself included, feel that Stuxnet and other worms targeting Iran were developed in Israel and supported by the U.S. Department of Homeland Security. By reverse engineering Stuxnet subtle clues backing this theory can be found encrypted in the code. If the developers wanted to blame our government these clues would have been more obvious.

On June 1st, the New York Times reported they had additional proof of our involvement. They claim a cyber sabotage program had been started under the George W Bush administration. During his first months as president Barak Obama ordered the expansion of the program, coded-named “Olympic Games”.  Instead of writing more about Stuxnet and Flame like everyone else, I think it’s more important to focus on targeted attacks in general.

Targeted attacks aren’t just being used against countries who are part of the axis of evil.  Businesses are being targeted by competitors, candidates running for office are targeted by their opposition, celebrities targeted by reporters and now we’re seeing an increase in targeted attacks on individuals who are tricked into installing Rogueware also called Exhortionware or Ransomware.

We’ve had reports of individuals targeted on the phone with callers claiming to be from Microsoft. Typically, the caller reports that a virus has been detected on your computer. They offer a solution which requires giving them access to your computer so they can fix the problem for free. While you might think people wouldn’t fall for this trick, obviously enough users are convinced by their story to make it worth the time and effort. The virus always turns out to be worse than expected.  You’ll need to pay around $400 if you want your computer back. Even then you can expect your computer to include a quiet infection so that it still provides remote access.

Individual Targets
The extremely scary part is you’re no longer a name and number on a list. The bad guys have been doing their homework and they know about you before you hear their voice on the phone. Even if you don’t fall for their story, the feeling of a stranger knowing personal details calling your home will give most people an uneasy feeling of being violated.

A recent phone call to our home was designed specifically for me. The caller knew my name, address, my IP address, what kind of machine I had and even my professional background. My caller identified himself as Walt, and claimed to be a support tech for the Microsoft MVP program.  He knew I was an MVP and explained this was a new way of reaching out to MVPs. He claimed Microsoft was testing a new security solution but due to NDA restrictions I couldn’t download it. The only way to get this top secret program was to allow Walt access to my computer so he could install it.

This isn’t the first time I’ve been a target. In what you might call the glory days of AOL being an former employee with the screen name “BillP” made me a frequent target. Some assumed my account had special privileges or access to internal areas. Of course, back then all someone had to do was call AOL customer service and convince them they were Bill Pytlovany. Customer service would reset my passwords and they’d have access to my account. Eventually, AOL locked down my accounts and for a while I had the benefit of a RSA key to get online.

I suspect this recent attacker may have been hoping I had something under a Microsoft NDA because of my MVP status. It’s also possible Walt was someone looking to access my WinPatrol source code. I have shared my experience with other MVP’s in case they receive similar phone calls.  I admit, I make a lot of my personal information available. I do this so WinPatrol customers feel confident knowing they’re dealing with a real person. It’s a choice I’ve made but also means I have to spend some time looking over my shoulder and keeping my eyes open to imaginative attacks.

 

Included Links:

Gizmodo: Hack Politician and Son Arrested for Political Hack 5/24/2012

NY Times: Obama Order Sped Up Wave of Cyberattacks Against Iran 6/1/2012

Microsoft: About “Most Valuable Professional”