Kaspersky researchers love “Mr. Robot” hacker but claim no Snowden ties

Research team says it’s hard to find out who’s behind attack, and kiss privacy good-bye

Malware researchers for Kaspersky Lab took to Reddit’s IAmA chat today and pronounced an affection for the hacker-hero TV show “Mr. Robot” but not NSA hacker Edward Snowden.

Responding to a question about how they like it, the team’s global director Costin Raiu says, “Mr Robot is a strong 9.5 for me. Most of the scenes are top class and the usage of tools, operating systems and other tiny details, from social engineering to opsec is very good. I guess having help from some real world security experts (the folks at Avast did a great job!”

+More on Network World: Cisco: Potent ransomware is targeting the enterprise at a scary rate+

“Particularly enjoyed seeing their depiction of how quickly a phone can get backdoored with the right preparation,” which in one episode was less than the time it took someone to take a shower, says another team member, Juan Andres Guerrero-Saade.

Not so popular, “CSI: Cyber”. Asked if he watches, researcher Brian Bartholomew says, “Yes and it’s terrible. But I do enjoy laughing out loud at it.”

Meanwhile the 46-member Global Research & Analysis Team (GReAT) says it has no affiliation with the NSA hacker. “We have no connection whatsoever with Edward Snowden,” says Raiu.

snowden protest greensefa

A questioner asked whether the team used information from the Snowden leaks to uncover the long-lived advanced-persistent-threat gang Equation Group. “We didn’t use any of the information from the Snowden leaks to discover the Equation Group,” he says. “We discovered the first Equation sample while analyzing a multiple infection on a computer we call “The Magnet of Threats”. This computer has been infected by many other APTs, including Regin, Turla, Careto, Animal Farm, in addition to Equation.”

The research team said attributing attacks such as Stuxnet and the theft of Democratic National Committee emails is very difficult. “There is really little that can’t be faked or manipulated and this is why the industry has such heated debates sometimes over attribution,” say Bartholomew and Guerrero-Saade.

Top of Form

They say languages used in code, times it was compiled, the target, possible motivations and IP addresses are the type of information weighed when trying to assign responsibility. “In the case of the DNC attacks for example, many experts agree that the malware used in the attacks as well as some of the infrastructure used, only belong to two ‘groups’,” they say.

When it comes to nation-state actors, often the major economic powers are accused of engaging in cyberattacks, the researchers say. “That does not mean that developing countries don’t participate in such operations, however many times they use external resources as it is cheaper than developing major ‘cyber-capabilities,’” says researcher Vicente Diaz. “That, among other things, makes attribution more difficult (is not the same as developing an advanced and unique weapon rather than using a common one).”

When governments got involved in cyberattacks, the world of security research got much more complicated, Raiu says. “Then almost overnight, nation state sponsored attacks appeared,” he says. I guess the first big one was Aurora, which hit Google, Yahoo and others [in 2009]. Ever since, my job has been getting more and more complex, from all points of view.”

For example, basic questions like which attacks to investigate are tricky. “In my opinion, we are living in a world where our work has an impact, and ethics should be properly set,” says Diaz. “I like to think of ourselves like doctors or scientists, working based only on technical stuff and not letting other factors to decide for ourselves. And that´s not always easy.”

What do these cyberattack experts use to protect their own gear? It’s very personal. “To be honest, each person on the team has their own security quirks,” Diaz says, “ranging from things as simple to tape over the webcam to sniffing everything on your own home network.”

And his advice is for individuals to gauge how likely they are to be a target and how much time and effort someone might reasonably be expected to exert attacking them. “What I mean is: what sort of attackers and attacker resources can you reasonably expect to be spent on you?” he says. “Would I advise to my grandmother to have an out-of-band network tap? No. But if you’re handling sensitive IP, scientific research, gov secrets, etc., it may not be the most outlandish thing.”

Watch out for mobile malware, says Raiu. “Our analysis of high end APTs such as Equation seems to suggest many threat actors have developed mobile implants, which means that sooner or later, they will be found - just like we found the HackingTeam mobile implants for instance,” he says. “Running a security solution on your Android device will definitively help not just with protection against known threats but hopefully catching some new ones.”

And you can kiss privacy good-bye. “It’s important to limit what we post and understand what information we are leaking out … but privacy is a relative term and at a time when every system appears to be designed to divine where you’re going, what you’re doing, what you like, and who with, (and deriving a lot of that information from those you associate with, not just you) it’s unreasonable to consider anything like absolute privacy is possible.”

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?