Unknown hackers stealing EU files for past five years

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://euobserver.com/institutional/118729

BRUSSELS - Russian Internet security firm Kaspersky Lab says unknown
hackers have been stealing EU and Nato-encrypted files.

The operation - dubbed "Red October" - claimed victims in embassies,
government and military institutions in Austria, Belgium, Bulgaria,
the Czech Republic, Cyprus, Finland, France, Germany, Greece, Ireland,
Italy, Latvia, Lithuania, Luxembourg, Portugal, Slovakia and Spain.

It also hit Australia, Iran, Israel, Russia and the US, among others.

But Belgium, the home of the EU and Nato headquarters, saw 15 separate
breaches - the fourth highest number of any country on the list.

Over the past five years, the hackers pulled material, such as files,
as well as keystroke history and Internet browsing history, from
desktop and laptop computers, servers and USB sticks.

They also stole contact lists, call history and SMS-es from iPhone,
Nokia and Windows Mobile smartphones.

In some cases, they hunted for files with extensions "acidcsa,
acidsca, aciddsk, acidpvr, acidppr, acidssa," which "appear to refer
to the classified software 'Acid Cryptofiler,' which is used by
several entities such as the European Union and/or Nato," Kaspersky
Lab said in its report.

They even accessed files which had been deleted by users and used
malware which quietly resurrects itself after it has been discovered.

The hackers hid behind "proxy" servers in Austria, Germany and Russia.

But Kaspersky Lab's analysis of the malicious code shows traces of
Chinese and Russian-speaking authors.

"Currently, there is no evidence linking this with a
nation-state-sponsored attack. The information stolen by the attackers
is obviously of the highest level and includes geopolitical data which
can be used by nation states. Such information could be traded in the
underground and sold to the highest bidder, which can be of course,
anywhere," it noted.

It added that it began its investigation in October last year
following a tip-off from an anonymous "partner."

In an unusual constellation in diplomatic terms, the firm thanked
cyber security officials from Belarus, Romania and the US for helping
it to nail down details.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.