backtop


Print


  (Source: AFP)
Attendees were reportedly given USB sticks with Trojan horse monitoring malware onboard

If you have a sneaking suspicion that someone is spying on you chances are it's the U.S. or Russia.  Recent leaks have revealed that the U.S. is not only engaging in massive spying on its own citizens (which some politicians feel is good news), but it's also been spying on foreign leaders.  Documents indicate that the U.S. and British intelligence communities collaborated on efforts to spy on world leaders at the G20 summit in 2009.

Russia seems to be operating off of a similar playbook.  Not too long ago leaks revealed it may be planning to spy on foreigners who visit the 2014 Winter Olympics.  And now a fresh leak offers fresh evidence that Russia, like the U.S., is operating as if George Orwell's 1984 is an instruction manual and like the Cold War never ended.

Various EU publications are reporting that the host of this year's G20 summit -- Russia -- may have made used malware-loaded accessories in complementary gift bags to foreign delegates as spying tools.  This year's G20 summit was held Sept. 5-6 at the historic Russian royal palace in Stelna, outside of St. Petersburg.  Russia seemed a very congenial host -- but now it's kindness is being called in question amid suspicion that its generous "gifts" were a gift that kept on giving -- giving data, that is.

Russian Royal PalaceThe summit was held at a former Russian royal palace outside of St. Petersburg.

The gift bags included USB sticks emblazoned with Russia's G20 logo and three-pronged phone chargers, of the format that's commonly used across most of Europe. According to sources the sticks contained malware.  And the phone chargers were equipped with an even more sophisticated combination of malicious hardware and malware -- similar to the "mactans" proof of concept that Georgia Institute of Technology security researchers showed at the annual Black Hat security conference in September.

Russia stick
One of the malware-containing thumb drives [Image Source: La Stampa]

According to two publications -- Turin, Italy-based La Stampa and Milan, Italy-based Il Corriere della Sera -- EU officials became suspicious of the devices, though it is unclear what triggered those suspicions.  Herman Van Rompuy, president of the European Council, gave an official voice to this line of inquiry and ordered an investigation.  The investigation has thus far been carried out by Germany's intelligence agencies, which have a fair deal of experience with espionage dating back to Germany's role as a key espionage stomping ground during the Cold War.

Russia G20

Russia G20
C'mon, don't you want to plug me in? [Image Source: La Stampa]

The newspapers quote a confidential memo from Mr. Van Rompuy to EU leaders, commenting:

[T]he USB sticks and the recharge cables are suitable for undercover detection of computer data and mobile phones.

Russia's federal government spokesperson Dmitri Peskov scoffed at these reports, commenting, "It is definitely nothing other than an attempt to switch attention from the problems that really exist, which dominate the agenda between the European capitals and Washington, to problems that are ephemeral and nonexistent."

The Kremlin (Russian federal government) denies trying to spy on its European neighbors.

Russia spy charger

Russia G20 Charger

Russia G20
Now that doesn't look suspicious at all -- the supposed Russian malicious charger. Image Source: La Stampa]

So far only the Italian newspapers have claimed first party sources confirming the allegations.  British newspapers have also been writing on the story, but cited the Italian leaks as their source.  A former spy official for Britain's MI6 suggested that if the claims are true Russia committed a "schoolboy error" that any major security service would detect.

In a comment to The Telegraph, the European Commission's spokesperson commented only, "We've not found any evidence of a problem."

That comment left it unclear whether the EC meant there was not attempt, or merely that the attempt was investigated and found to have been unsuccessful.  In a comment to The Telegraph Mr. Peskov reiterated his accusations, remarking:

These are really funny reports, actually. First of all they have no sources. It is a bold attempt to switch attention from very real problems existing between European capitals and Washington. It is a classic example of that.

Past social engineering experiments have shown that free USB sticks are a perfect way to deliver malware.  Amazingly, many employees at banks and various other data-sensitive companies were duped into plugging in malicious USB sticks that security researchers sprinkled in parking lots or other visible locations.  Steve Stasiukonis, a security veteran, is widely credited with popularizing this form of social engineering.

Sources: La Stampa [Italian; Google Translated], Il Corriere della Sera [Italian; Google Translated], Telegraph





"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer













botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki