It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Sophisticated malware dubbed 'The Mask' went undetected for the past seven years
page: 116
share:
Security researchers recently unearthed a spying tool that managed to go undetected for the past seven years. Dubbed “The Mask” by those at Kaspersky Lab, the malware zeroed in on a wide range of high-profile targets for the better part of a decade using techniques and code more sophisticated than anything previously found in the wild. Experts at Kaspersky say the malware specifically went after government agencies, diplomatic offices and embassies, research organizations and activists as well as those in the gas, oil and energy markets. It employed a combination of malware, rootkit methods and even a bootkit to remain undetected over the years.
Sophisticated malware dubbed 'The Mask' went undetected for the past seven years
This thing has been doing the rounds on our net for the past 7 years undetected! Makes you wonder as to what's really out there?
Me thinks that this has the stamp of some alphabet agencies agenda all over it!
edit on 12-2-2014 by andy06shake because: (no reason given)
Its a custom designed job that was designed not to be noticed and its always a game of chicken in the AV/Malware world where until you can see it you
can't defend from it properly (heuristics may help but not always guaranteed) and since its sent to targeted individuals it won't get the exposure
via quantity of infections to show up on the radar
But 7 years is very good - probably someone decomissioning a machine or having some lulz while messing at a low level noticed something strange and then investigated
But 7 years is very good - probably someone decomissioning a machine or having some lulz while messing at a low level noticed something strange and then investigated
reply to post by andy06shake
Be a breath of fresh air to know that this wasn't the NSA, however if it was then business as usual then
Be a breath of fresh air to know that this wasn't the NSA, however if it was then business as usual then
Maybe... the person or people, who programmed this virus could come up with a little beauty that could attack the nsa!!
The OP article says something about the origin possibly being a Spanish speaking country.
Zcustosmorum
reply to post by andy06shake
Be a breath of fresh air to know that this wasn't the NSA, however if it was then business as usual then
At one time I would have thought that meant not the USA, but nowadays I'm not so sure:
Furthermore, the tool was designed to target files with extensions that Kaspersky isn’t familiar with. The firm said such files are likely part of custom government software and might have been used for encryption.
Experts believe the team that created The Mask are even more talented than those that were behind Flame, another sophisticated virus that most believe was designed to attack Iran’s nuclear program.
The security firm found nearly 400 victims across more than two dozen countries although most were located in Brazil and Morocco. As such, they believe the attacks may have been launched from a Spanish-speaking country.
www.amerispan.net...
Of course even if the NSA is the origin, the appearance of having an origin in a Spanish speaking country could be a diversionary tactic to draw attention/suspicion away from the NSA, so I wouldn't rule them out. But whichever country did it, it sounds like a state-sponsored spying effort, and not some teenager doing it for lulz.
Recently, the Latino population has grown to encompass more of the country making it the largest minority group in the U.S. Spanish is not a foreign language anymore; it's the second language of the United States.
That's the thing with the cyber world we live in, it's difficult to point the finger of blame at the right person, organisation or state a lot of
the time.
An attack may be traced back to a country, but that doesn't necessarily mean it was carried out by anyone from that country, or with the knowledge of the government of that country. It's the same with any malware and spyware, it may indicate it was written by a speaker of a particular language, but that doesn't necessarily mean it was in fact done, as in this case, by a Spaniard. It's just camouflage and masking of the true perpetrators, to make the true origins difficult to pin down.
An attack may be traced back to a country, but that doesn't necessarily mean it was carried out by anyone from that country, or with the knowledge of the government of that country. It's the same with any malware and spyware, it may indicate it was written by a speaker of a particular language, but that doesn't necessarily mean it was in fact done, as in this case, by a Spaniard. It's just camouflage and masking of the true perpetrators, to make the true origins difficult to pin down.
reply to post by andy06shake
I think assuming that the virus was targeted at spanish speaking nations because the author/authors were spanish speakers, is somewhat obtuse. This is a virus which has gone totally undetected until now, due mostly to its sophistication. Sophistication of that degree means that the author/authors of this virus may be GENERALLY sophisticated, and that may extend as far as targeting nations which have a different first language than their own.
Also, there is the fact that people who author things like this often sell their services to the highest bidder, so the virus could have been authored and administrated as a commission piece, which means that the target may have nothing particularly to do with the codes author, but more to do with their sponsor. There are all manner of possibilities, and thats leaving aside intelligence community shenanigans!
Also, the article points out that 400 victims have been identified. This is unlikely to be the full extent of the penetration of this virus, into systems and companies, individuals, and governments which use them. If it DOES turn out that the targeting was so specific (when compared with the entire breadth of the internet) then that will be a tool through which the originator of this code might be identified, but I find it unlikely.
The other thing to consider, is the information which was stolen, and what its potential uses may have been. Tracking those documents and who stands to benefit from possession of them, and HOW they intend to benefit from them, will also be crucial in solving this case.
I think assuming that the virus was targeted at spanish speaking nations because the author/authors were spanish speakers, is somewhat obtuse. This is a virus which has gone totally undetected until now, due mostly to its sophistication. Sophistication of that degree means that the author/authors of this virus may be GENERALLY sophisticated, and that may extend as far as targeting nations which have a different first language than their own.
Also, there is the fact that people who author things like this often sell their services to the highest bidder, so the virus could have been authored and administrated as a commission piece, which means that the target may have nothing particularly to do with the codes author, but more to do with their sponsor. There are all manner of possibilities, and thats leaving aside intelligence community shenanigans!
Also, the article points out that 400 victims have been identified. This is unlikely to be the full extent of the penetration of this virus, into systems and companies, individuals, and governments which use them. If it DOES turn out that the targeting was so specific (when compared with the entire breadth of the internet) then that will be a tool through which the originator of this code might be identified, but I find it unlikely.
The other thing to consider, is the information which was stolen, and what its potential uses may have been. Tracking those documents and who stands to benefit from possession of them, and HOW they intend to benefit from them, will also be crucial in solving this case.
reply to post by Arbitrageur
What do Brazil and Morocco have to do with that conclusion -- they speak Arabic in Morocco and Portuguese in Brazil.
The security firm found nearly 400 victims across more than two dozen countries although most were located in Brazil and Morocco. As such, they believe the attacks may have been launched from a Spanish-speaking country.
What do Brazil and Morocco have to do with that conclusion -- they speak Arabic in Morocco and Portuguese in Brazil.
Correction.
Hell it could be anyone:
Foreign regimes use spyware against journalists, even in U.S.
Hell it could be anyone:
Mesay Mekonnen was at his desk, at a news service based in Northern Virginia, when gibberish suddenly exploded across his computer screen one day in December. A sophisticated cyberattack was underway.
But this wasn’t the Chinese army or the Russia mafia at work.
Instead, a nonprofit research lab has fingered government hackers in a much less technically advanced nation, Ethiopia, as the likely culprits, saying they apparently bought commercial spyware, essentially off the shelf. This burgeoning industry is making surveillance capabilities that once were the exclusive province of the most elite spy agencies, such as National Security Agency, widely available to governments worldwide.
Foreign regimes use spyware against journalists, even in U.S.
edit on 12-2-2014 by neo96 because: (no reason
given)
reply to post by andy06shake
Nah. It's about corporate espionage and positioning.
F&S
Me thinks that this has the stamp of some alphabet agencies agenda all over it!
Nah. It's about corporate espionage and positioning.
F&S
reply to post by adjensen
Just a bit of bad journalism in one of the copy pasta articles.
In the original article www.wired.com... they mention that a number of the modules within the Malware had Spanish names; namely the spanish word for mask ; "Careto".
As others have eluded, this is probably not significant as anyone intelligent enough to design custom malware at the govt level probably knows how to cover their tracks so any info derived on discovery should be considered diversionary without further evidence.
Just a bit of bad journalism in one of the copy pasta articles.
In the original article www.wired.com... they mention that a number of the modules within the Malware had Spanish names; namely the spanish word for mask ; "Careto".
As others have eluded, this is probably not significant as anyone intelligent enough to design custom malware at the govt level probably knows how to cover their tracks so any info derived on discovery should be considered diversionary without further evidence.
reply to post by Jukiodone
Unless (ominous musical overtones) the code writer really was spanish, and figured that people would think the spanish was planted as a diversion/misinformation and used his native language as a diversion from the diversion.
Unless (ominous musical overtones) the code writer really was spanish, and figured that people would think the spanish was planted as a diversion/misinformation and used his native language as a diversion from the diversion.
edit on 12-2-2014 by bbracken677 because: (no reason given)
Good question. Either they know more than was reported in the story that led them to that conclusion, or else they don't know what languages are spoken in Brazil and Morocco. I would like to think the latter isn't true, but you never know.
adjensen
What do Brazil and Morocco have to do with that conclusion -- they speak Arabic in Morocco and Portuguese in Brazil.
new topics
-
Israel Strikes Iran
Middle East Issues: 1 hours ago -
Israel hits Iran with jets
World War Three: 1 hours ago -
Symbols of Power by The Why Files
General Conspiracies: 3 hours ago -
Washington Post Snubs Kamala Harris with Non-Endorsement
2024 Elections: 6 hours ago -
The aftermath
Political Ideology: 6 hours ago -
Oklahoma Ballot Question
2024 Elections: 8 hours ago -
Suspected major voter registration fraud uncovered in Pennsylvania
2024 Elections: 8 hours ago -
Bill Gates Ordered to STAND TRIAL Over COVID-19 Vaccines
Diseases and Pandemics: 11 hours ago
top topics
-
Suspected major voter registration fraud uncovered in Pennsylvania
2024 Elections: 8 hours ago, 14 flags -
Bill Gates Ordered to STAND TRIAL Over COVID-19 Vaccines
Diseases and Pandemics: 11 hours ago, 13 flags -
Washington Post Snubs Kamala Harris with Non-Endorsement
2024 Elections: 6 hours ago, 11 flags -
Oklahoma Ballot Question
2024 Elections: 8 hours ago, 6 flags -
Symbols of Power by The Why Files
General Conspiracies: 3 hours ago, 6 flags -
Israel Strikes Iran
Middle East Issues: 1 hours ago, 4 flags -
Israel hits Iran with jets
World War Three: 1 hours ago, 4 flags -
The aftermath
Political Ideology: 6 hours ago, 4 flags -
The Lost Century of inventions
History: 12 hours ago, 3 flags -
Deep polls
2024 Elections: 12 hours ago, 2 flags
active topics
-
Symbols of Power by The Why Files
General Conspiracies • 1 • : KnowItAllKnowNothin -
Suspected major voter registration fraud uncovered in Pennsylvania
2024 Elections • 14 • : Irishhaf -
Washington Post Snubs Kamala Harris with Non-Endorsement
2024 Elections • 32 • : WakeUpBeer -
Post A Funny (T&C Friendly) Pic Part IV: The LOL awakens!
General Chit Chat • 7685 • : baddmove -
Israel Strikes Iran
Middle East Issues • 3 • : xuenchen -
Israel hits Iran with jets
World War Three • 10 • : xuenchen -
Iran Sympathizers in Biden Admin Leak Intelligence on Israel Attack Plans
Mainstream News • 76 • : xuenchen -
FINALLY! ET Signal from Proxima Centauri confirmed by ESA Astronomers, NASA filmmaker!
Aliens and UFOs • 42 • : Skinnerbot -
Oklahoma Ballot Question
2024 Elections • 12 • : Euronymous2625 -
Bill Gates Ordered to STAND TRIAL Over COVID-19 Vaccines
Diseases and Pandemics • 14 • : AlexandrosOMegas
16