Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Governments As Malware Authors - Mikko Hypponen at Black Hat 2014

Governments As Malware Authors - The Next Generation

Talk delivered by Mikko Hypponen at Black Hat USA 2014

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

Governments As Malware Authors - Mikko Hypponen at Black Hat 2014

  1. 1. •Differentgovernmentalusesfor malware •LawEnforcement •Espionage •Surveillance •Sabotage •Warfare
  2. 2. Protecting the irreplaceable | f-secure.com
  3. 3. CosmicDuke
  4. 4. Masking "file.scr"
  5. 5. • rcs.Заказ.doc • rcs.18.jpg • rcs.DSC_1365527283.jpg CVE-2011-0611
  6. 6. CosmicDukeremnants •c:botgenstudiogenerations8f1777b0binBot.pdb •d:productionnitrosvagenerations809113ddbinBot.pdb •d:svanitrobotgenstudiointerfacegenerations80ddfcc1binBot.pdb •D:PRODUCTIONNITROKSKGenerations70BCDEA1binBot.pdb •C:ProjectsNEMESISnemesis-geminanemesisbincarriersezlzma_x86_exe.pdb
  7. 7. Havex
  8. 8. Agent.BTZ/ Turla/ Snake / Uroburos
  9. 9. Turla Agent.BTZ
  10. 10. DeveloperSignatures $Id: event.c14097 2010-11-01 14:46:27Z gilg$ $Id: mime64.c 12892 2010-06-24 14:31:59Z vlad$ $Id: named_mutex.c15594 2011-03-18 08:04:09Z gilg$ $Id: nt.c20719 2012-12-05 12:31:20Z gilg$ $Id: ntsystem.c19662 2012-07-09 13:17:17Z gilg$ $Id: snake_config.c5204 2007-01-0410:28:19Z vlad$
  11. 11. 6es7-315-2 / 6es7-417
  12. 12. Protecting the irreplaceable | f-secure.com
  13. 13. "There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was the americanband acdcthunderstruck. It was all very strange and happened very quickly. the attackers also managed to gain root access to the machine they entered from and removed all the logs."
  14. 14. Gauss encryption movecx, (LENGTHOF tToCrypt)-1 movedx, OFFSET tToCrypt movebx, OFFSET tEncrypt L1: moveax, [edx] XOReax, ACDC noteax mov[ebx], eax incedx incEBX LOOP L1 movedx, OFFSET tOutEncr callWriteString movedx, OFFSET tEncrypt callWriteString callCrlf ret
  15. 15. FinFly
  16. 16. UAE, Bahrain, Saudi Arabia, Syria… •Finfisher(Gamma) •RCS (HackingTeam) •DarkComet •BlackShades •XtremeRAT •Spynet
  17. 17. Image Source: When Governments Hack Opponents: A Look at Actors and Technology, Citizen Lab + ICSI
  18. 18. HackerUnitsindsideUKUSA intelligenceagencies JTRIG
  19. 19. THE EYES •FIVE EYES: USA, UK, Canada, Australia, New Zealand •NINE EYES: FiveEyes + Denmark, Norway, TheNetherlandsand France •FOURTEEN EYES: Nine Eyes + Sweden, Germany, Belgium, Italyand Spain
  20. 20. •freebrokep FREE Peter Sunde
  21. 21. GenevaConvention "Legitimate military targets are limited to those objects which by their nature make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage"
  22. 22. Pleasefillyourfeedback formifyouhavenicethingsto say. Otherwise, nevermind. ThankYou

    Be the first to comment

    Login to see the comments

  • MohamedMostafa97

    May. 7, 2015

Governments As Malware Authors - The Next Generation Talk delivered by Mikko Hypponen at Black Hat USA 2014

Views

Total views

808

On Slideshare

0

From embeds

0

Number of embeds

6

Actions

Downloads

3

Shares

0

Comments

0

Likes

1

×