Monday, 4 February 2013

CYBERWAR: '' The Red October Virus'': The Sleeping cyberspace threat

For five years now, the ''Red October computer'' virus has embarked on a new brand of espionage, stealing emails and other encrypted classified documents undetected from diplomats around the world. Though the virus may now be in hibernation, it's designed so that it can strike again at anytime.

The virus has infected at least 350 government ministries, embassies and research facilities worldwide, especially in the former Soviet republics. The attackers apparently had "a special interest in geopolitically significant information.

The Russian Embassy in the United States was apparently among the targets. Tens of thousands of documents, probably including classified reports to the foreign ministry in Moscow, reportedly fell into the hands of cyber spies. It's possible that a total of several terabytes of data were stolen, the contents of which could very well be as explosive as the cables made public by Wikileaks.

The digital submarine has been lurking for five years, fishing for classified information and it's likely that the data theft still hasn't been detected by some of the victims.

It is clear, however, that Red October was inserted in a targeted manner into the computers of a few selected recipients, so as to attract little attention, using a method called "spear phishing." The messages in which the program was hiding were tailored to the recipients. The program wastes little energy trying to infiltrate external computers. Its ingenuity lies in so-called "exfiltration," or the discreet removal of the spoils.

The virus also searches specifically for classified documents that are secured with encryption software called "Acid Cryptofiler," which is also used by the European Union and NATO. To decrypt these files, it records keyboard entries using a so-called "keylogger.

Contrarily to ''Stuxnet'', ''Flame'', ''Red October'' only infected individual computers in a very targeted manner, while anti-virus software usually focuses on widespread worms.

In 2010, US and Israel created ''stuxnet', in concert with another malicious program called ''Flame'' in order the disable Iranian plants. And everyone with access to a newspaper or a news program knew this because the worm was uncontainable—only the US and Israel apparently hadn’t foreseen that possibility. The world, everyone swiftly realized, had entered a new stage in which malware was no longer merely a tool for Internet theft from the occasional bank or stock brokerage. It was a weapon of sovereign nations intent on dismantling or delaying the development of weapons in other sovereign nations—an undeclared war that the US and Israel hoped, absurdly, to keep invisible.

''Red October'', however, bears a different handwriting. Russian slang keeps appearing in its code, including words like "zakladka" (bug) and "proga" (program).

The hackers of ''Red October'', could be in any country. China came under suspicion at first, because no victims had been discovered there yet. In addition, Chinese hackers had previously used a few of the program's infection paths to spy on the computers of Tibetan activists. But it could be a false trail, perhaps even put there deliberately.

Cyberspace, as a new domain in warfare, has become just as critical to military operations as land, sea, air, and space. Cyber espionage is the act or practice of obtaining secrets (sensitive, proprietary or classified information) from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers. Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world.

China has plans of "winning informationised wars by the mid-21st century. Other countries are likewise organizing for cyberwar, among them Russia, Israel and North Korea. Iran boasts of having the world's second-largest cyber-army.

By Guylain Gustave Moke
Political Analyst/Writer
Investigative Journalist