dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
15

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Brano

Premium Member

to Brano

Re: Flame: Massive cyber-attack discovered, researchers say

Hmmmmmmm...Flame uses a somewhat similar method to Agent.BTZ to extract stolen info from offline networks via hidden USB files and there might not have been a mole but rather an unsuspecting party...the whole article is a good technical read.

FLAME – The Story of Leaked Data Carried by Human Vector

Another important aspect is the fact that we assumed that both computers are infected with Flame. This is not necessary a prerequisite, because Flamer can use its worm capabilities against the targeted system, in order to infect a PC with internet access when the memory stick is plugged into it. However, it appears that this worm capability is inactive. This is somehow obvious because Flame has to control the spreading mechanism for this espionage machinery and ensure that it remains hidden. Given the complexity of this e-threat, an attacker would not want to lose control of the situation.
So, how is the memory stick carried between the two systems? Well, here is where the human factor kicks in. So it’s amazing how two instances of Flame communicate with one another using a memory stick and a human as a channel. A private channel is created between two machines and the person carrying the memory stick has no idea that he/she is actually contributing to the data leak. Of course this operation could also be achieved by a man inside – a mole who intentionally carries the stick from the restricted network that is being spied on to a system with internet access.

»labs.bitdefender.com/201 ··· -vector/

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

1 edit

Blackbird

Premium Member

said by Name Game:

... there might not have been a mole but rather an unsuspecting party...the whole article is a good technical read.

FLAME – The Story of Leaked Data Carried by Human Vector

...
So, how is the memory stick carried between the two systems? Well, here is where the human factor kicks in. So it’s amazing how two instances of Flame communicate with one another using a memory stick and a human as a channel. A private channel is created between two machines and the person carrying the memory stick has no idea that he/she is actually contributing to the data leak. Of course this operation could also be achieved by a man inside – a mole who intentionally carries the stick from the restricted network that is being spied on to a system with internet access.

»labs.bitdefender.com/201 ··· -vector/

A sneaker-net, just as it's always been, remains a network... primitive or simplistic or slow as that might be. And if one of the sneaker-netted computers is connected to the Internet, then all the sneaker-netted computers are connected to the Internet - only over very slow, erratic links. It's all so 1990 retro... only now we use terms like "human vectors," and USB flashdrives are the data containers instead of 5-1/4 or 3-1/2 inch floppies.

edited to add: A long time ago (in computer years), a pretty smart coworker once told me that computers are like hospital patients, and you have to apply infection controls as if they were. Anything you stick into one patient, you don't just stick into another patient without disinfecting it first... you assume it's contaminated, unless absolutely proven otherwise.

That's why smart organizations once clamped down, HARD, on sneaker-nets... and banned ANY "outside" media from being brought into their facilities and put into their systems. It wasn't perfect, but it helped contain plagues. Now we're in the era of the employee laptop, the micro-Flashdrive, and all the rest. And, because of the twin attractions of 'user convenience' and having 24/7 employees available via "outside" lappies, many organizations have apparently regressed to the olden days, back before "infection control" and the cross-contamination prohibitions. And obviously, some spook agencies out there in this cold, cruel world have taken notice... as well as exploitive action.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 edit

Name Game

Premium Member

So true..I be on the road now fly fishing for trout 20 feet from where sit now between doing these post at the forum for the last month on a creek in PA Had to get some scripts at the pharmacy for the wife and saw a coupon on the net from the manufacture for $15 off each fill for a year. So no printer here just the lappy and I put the coupon on a flash drive in pdf. They of course need a hard copy.

None of the pharmacies around here would touch the flash drive with a ten foot pole..and I figured they would not.

So started out at the office depot and found they had closed up for good.. so I sweet talk a gal at the travel agency here to give it a try..but even though her PC had a port..it would not recognize the flash..in the end... since her pc was on the internet..she just went to the link and copied it too to paper. All is well.

Just for laughs.. I stopped by the walley world instant photo place with the machine that take USB and other media device a few days after that and ask them.. if the coupon was in jpg or other..would they make a photo of it next time if a needed something like that. Word is..no deal..photos only since they are not allowed to do coupons..something about most always state they can not be reproduced so they don't touch any of them.

I am not disappointed..I am happy most of these places would not touch an unknown quantity like this..say a lot for security.

Yes..I have done stuff like this with just having someone look at the screen of my smart phone and give the ok for many things out there...just in case some one suggest that next time.