Forgot your password?
typodupeerror
Government Communications Security Your Rights Online

Syrian Government Uses Skype To Push Malware To Activists 139

Posted by Soulskill
from the call-was-coming-from-inside-the-internet dept.
judgecorp writes "The Syrian government is using Skype as a channel to infect activists' systems with malware, installing Trojans and backdoors, according to security firm F-Secure. The evidence comes from a hard drive sent for analysis. 'The activist's system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat. Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called "Xtreme RAT." Xtreme Rat is a full-blown malicious Remote Access Tool.'"
This discussion has been archived. No new comments can be posted.

Syrian Government Uses Skype To Push Malware To Activists

Comments Filter:
  • by Overly Critical Guy (663429) * on Friday May 04, 2012 @01:09PM (#39892315)

    Meanwhile, the Obama administration is arguing that requiring warrants for cellphone records "cripples" investigators [reuters.com]. No malware needed here in the U.S. Just fearmongering.

    • Meanwhile, the Obama administration is arguing that requiring warrants for cellphone records "cripples" investigators. No malware needed here in the U.S. Just fearmongering.

      When Obama starts looking the other way to the mobile raping vans to silence activist women and sends in the army to level neighborhoods of political undesireables, and we're all working at the new minimum wage of $4 an hour, I might be willing to entertain the idea that we're in the same boat as activists in Syria.

      And besides, the President can argue that until he's blue in the face -- without congressional support, it's dead on arrival. Tell me, do you even know who your congressional representatives are

      • And besides, the President can argue that until he's blue in the face -- without congressional support, it's dead on arrival.
        Google Korematsu v. United States and then tell me what a president can and can't do through executive orders. Not to mention not all Syrian activists are saints, and not all members of Assad regime are monsters, life is never that simple.
      • When Obama starts looking the other way to the mobile raping vans to silence activist women and sends in the army to level neighborhoods of political undesireables, and we're all working at the new minimum wage of $4 an hour, I might be willing to entertain the idea that we're in the same boat as activists in Syria.

        When that happens it will be far too late to react. In fact the western monitoring laws are probably a good thing since they now force us all to act more toward cryptography which will trickle down to our Syrian friends.

        And besides, the President can argue that until he's blue in the face -- without congressional support, it's dead on arrival. Tell me, do you even know who your congressional representatives are? You're directing all this anger at a man who is nothing more than a figurehead while the people actually responsible for the decision go unnoticed.

        Now; there is wisedom. Having said that; the monitoring already on the books is pretty much much enough; Obama has plenty of power to limit or abuse and doesn't seem to want to use the limiting part. What this does say is that congress has to explicitly take power away from the US presi

      • by Fned (43219)

        When Obama starts looking the other way to the mobile raping vans to silence activist women and sends in the army to level neighborhoods of political undesireables, and we're all working at the new minimum wage of $4 an hour, I might be willing to entertain the idea that we're in the same boat as activists in Syria.

        You want to wait until then to say something?

        "When there's a giant breach in the hull and compartments start filling with water, and the ship starts nosing into the North Atlantic, I might be willing to entertain the idea that we're on the same boat as Leonardo DiCaprio."

        Maybe shouting an iceberg warning when you see an iceberg isn't such a bad idea, even if you think your ship is unsinkable.

  • by mseeger (40923) on Friday May 04, 2012 @01:09PM (#39892319)

    It is not Skype they use, but the gullibility of the users. Skype is only remotely involved...

    • Skype is only remotely involved...

      +1 for the pun.

    • by tobiasly (524456)

      It is not Skype they use, but the gullibility of the users. Skype is only remotely involved...

      No kidding, what a misleading title. Makes it sound like they're using some Skype vulnerability.

  • How do you say "Big Brother" in arabic?
  • Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat.

    Trust no one.

    • by bmacs27 (1314285)
      The issue is that then you can't build any sort of a useful network. In the absence of trusted peers, there is no benefit to this sort of technology. Darknets suffer from the same vulnerability. Once the trusted circle has been infiltrated, security goes out the window.
      • by Sez Zero (586611)
        Ok, how about "trust, but verify"?

        Although, I wonder what it says about me that my "security model" is based on quotes from X-Files and Ronald Reagan?

    • by chill (34294)

      Good luck in coordinating any sort of group activity with that mentality. If you go 100% lone wolf, your cause is lost and nothing of significance will change.

      • Nonsense. Assuming you are engaging in some...parlaying with a foreign power, you can give Uncle Sam a call, and he'll find an arrangement that will work to his, and sometimes your, benefit. Does anyone know if the CIA has a 1-800 number? I ask, because the amount of armaments we ship abroad to various groups dissatisfied with their host governments is truly staggering, and it lends to some thought that they must have some operators and an order fulfillment system at Langley somewhere. I mean, my God, the a

  • Bad Summary (Score:5, Insightful)

    by Anonymous Coward on Friday May 04, 2012 @01:16PM (#39892407)

    "Syrian Government Uses Social Engineering To Push Malware To Activists."

    They could be using e-mail for the same thing. Or other IM channels that offer direct connect. Or Dropbox. Or any other channel.

    The clever bit is trying to convince people to download and run an unknown tool by impersonating someone they've imprisoned.

    • by sdnoob (917382)

      the clever bit was done by the headline author, implying it was all microsoft's fault.

  • is simple.
    1. find current affair or topic of notice or interest to customers
    2. find a vector for product placement
    3. profit.
    the article is perfect, it has no names or citations, no dates or other identifying information and cant have those used to refute it as it falls under the auspices of "well, its a war ya know." I wonder how many vodka tonics it took the guys at f-secure's marketing department before they came up with this crap.
    the only thing this "report" serves to do is frighten the gener
  • *snarky MS comment on*
    Well you knew this would happen shortly after Microsoft bought them....
    *snarky MS comment off*

  • On this day and always.

  • by headhntr (2612991) on Friday May 04, 2012 @01:24PM (#39892555)
    This F-Secure post is not news. The EFF wrote this up on March 5th: https://www.eff.org/deeplinks/2012/03/how-find-syrian-government-malware-your-computer-and-remove-it [eff.org]
  • by Kjellander (163404) on Friday May 04, 2012 @01:53PM (#39892935)

    In order for this not to happen again do the following:

    Stop using Windows and MacOSX.
    Download and install Fedora F16.
    When installing, encrypt the harddrive with a really hard to break password.
    Install pidgin and off the record like this: 'yum install pidgin pidgin-otr'
    Generate keys and verify them before communicating.
    Be _very_ careful if who you usually talks to changes their key, they might have been arrested.
    Never ever communicate in the clear.

    Using this strategy you will not be immune, rubber-hose-cryptanalysis with still defeat this. Also you can be tracked so your oppresive government can see that you communicate, they will just not be able to read what you are saying. And not using major OSes will keep you away from the most common exploits and trojans.

    Also, try to use TOR, HTTPS-everywhere and other good tools.

    References:
    https://fedoraproject.org/ [fedoraproject.org]
    http://fr2.rpmfind.net//linux/RPM/fedora/16/x86_64/pidgin-otr-3.2.0-4.fc15.x86_64.html [rpmfind.net]
    http://www.cypherpunks.ca/otr/ [cypherpunks.ca]

    Good luck.

    • Install pidgin and off the record like this

      Good advice. I was going to post something similar but you beat me to it.

      What's so great about OTR? It doesn't just provide end-to-end encryption, but uses a model which supplies plausible deniability and perfect forward secrecy. That means that after an encrypted conversation is over, there is no way of associating it with you, and that if your keys are compromised past messages cannot then be decrypted.

    • Using this strategy you will not be immune, rubber-hose-cryptanalysis with still defeat this.

      Clarification for people: Rubber hose cryptanalysis means that after encrypting your drive, they will beat the everloving fuck out of you, regardless of whether you give them the password before, during, or after, the aforementioned beating of your lifetime. However, if you leave it unencrypted... you'll just go to prison. But hey, if you want to enable that crypto -- go for it. Just don't plan on winning any beauty contests after.

    • I think you're assuming there are no back doors in Fedora or the encryption software included therewith. Does Fedora have some form of security that I'm not aware of to prevent such, other than being open?

    • by Smurf (7981)

      In order for this not to happen again do the following:

      Stop using Windows and MacOSX.

      So you are saying that full disk encryption on Windows and Mac OS X has backdoors? Any link to back that up?

      Download and install Fedora F16.
      When installing, encrypt the harddrive with a really hard to break password.

      Now you are saying that Fedora has no backdoors. But the only way the Syrian activists will be sure is if they download the code, check it themselves, and compile everything, as it is pretty much impossible to know that the precompiled binaries haven't been tampered with. But the code for the relevant parts [apple.com] of Mac OS X [apple.com] is also available. In any case, the Syrian activists, being social activists and no

    • URL says it all:

      http://www.brepettis.com/blog/2011/1/28/apps-for-the-appocolypse.html

  • Misunderstanding of what a MAC address is and how they work, that is the crux of the issue.

  • Next, on Real TV: When script kiddies go bad -- Real bad.

  • Shouldn't that read: Syrian Government Uses Microsoft Products To Push Malware To Activists since Microsoft owns Skype?

    Maybe it's time to drop the free as in beer when talking about opensource and use free as in speech.

    • I think it should read, "Syrian Government Uses Instant Messaging File Transfers to Push Malware to Activists."

      Nothing about the attack couldn't have been done over AIM, or ICQ, or MSN, or IRC, or Jabber, because all of those protocols provide a means for exchanging files with other users.

    • by Matje (183300)

      No. It was a matter of social engineering. the delivery platform had no significant role in the delivery of the attack.

      • by Dcnjoe60 (682885)

        No. It was a matter of social engineering. the delivery platform had no significant role in the delivery of the attack.

        Then why mention Skype? Technically, the product used is Microsoft Skype, I stand by the title I proposed.

  • Is Microsoft, which owns Skype, colluding with the Syrian government to push malware to end users, or has Syria hacked into Skype to accomplish this?

  • ... Skyped me and asked me to install this file. That's odd. He sounds like he has a damp towel over his mouth.

  • This is no different than an email trojan vector. They've passed the file using skype but this is not any weakness in skype itself unless one thinks that skype should be scanning files that are transferred across it as part of the service.

I bet the human brain is a kludge. -- Marvin Minsky

Working...