Kaspersky researchers love “Mr. Robot” hacker but claim no Snowden ties

Research team says it’s hard to find out who’s behind attack, and kiss privacy good-bye

Malware researchers for Kaspersky Lab took to Reddit’s IAmA chat today and pronounced an affection for the hacker-hero TV show “Mr. Robot” but not NSA hacker Edward Snowden.

Responding to a question about how they like it, the team’s global director Costin Raiu says, “Mr Robot is a strong 9.5 for me. Most of the scenes are top class and the usage of tools, operating systems and other tiny details, from social engineering to opsec is very good. I guess having help from some real world security experts (the folks at Avast did a great job!”

+More on Network World: Cisco: Potent ransomware is targeting the enterprise at a scary rate+

“Particularly enjoyed seeing their depiction of how quickly a phone can get backdoored with the right preparation,” which in one episode was less than the time it took someone to take a shower, says another team member, Juan Andres Guerrero-Saade.

Not so popular, “CSI: Cyber”. Asked if he watches, researcher Brian Bartholomew says, “Yes and it’s terrible. But I do enjoy laughing out loud at it.”

Meanwhile the 46-member Global Research & Analysis Team (GReAT) says it has no affiliation with the NSA hacker. “We have no connection whatsoever with Edward Snowden,” says Raiu.

snowden protest greensefa

A questioner asked whether the team used information from the Snowden leaks to uncover the long-lived advanced-persistent-threat gang Equation Group. “We didn’t use any of the information from the Snowden leaks to discover the Equation Group,” he says. “We discovered the first Equation sample while analyzing a multiple infection on a computer we call “The Magnet of Threats”. This computer has been infected by many other APTs, including Regin, Turla, Careto, Animal Farm, in addition to Equation.”

The research team said attributing attacks such as Stuxnet and the theft of Democratic National Committee emails is very difficult. “There is really little that can’t be faked or manipulated and this is why the industry has such heated debates sometimes over attribution,” say Bartholomew and Guerrero-Saade.

Top of Form

They say languages used in code, times it was compiled, the target, possible motivations and IP addresses are the type of information weighed when trying to assign responsibility. “In the case of the DNC attacks for example, many experts agree that the malware used in the attacks as well as some of the infrastructure used, only belong to two ‘groups’,” they say.

When it comes to nation-state actors, often the major economic powers are accused of engaging in cyberattacks, the researchers say. “That does not mean that developing countries don’t participate in such operations, however many times they use external resources as it is cheaper than developing major ‘cyber-capabilities,’” says researcher Vicente Diaz. “That, among other things, makes attribution more difficult (is not the same as developing an advanced and unique weapon rather than using a common one).”

When governments got involved in cyberattacks, the world of security research got much more complicated, Raiu says. “Then almost overnight, nation state sponsored attacks appeared,” he says. I guess the first big one was Aurora, which hit Google, Yahoo and others [in 2009]. Ever since, my job has been getting more and more complex, from all points of view.”

For example, basic questions like which attacks to investigate are tricky. “In my opinion, we are living in a world where our work has an impact, and ethics should be properly set,” says Diaz. “I like to think of ourselves like doctors or scientists, working based only on technical stuff and not letting other factors to decide for ourselves. And that´s not always easy.”

What do these cyberattack experts use to protect their own gear? It’s very personal. “To be honest, each person on the team has their own security quirks,” Diaz says, “ranging from things as simple to tape over the webcam to sniffing everything on your own home network.”

And his advice is for individuals to gauge how likely they are to be a target and how much time and effort someone might reasonably be expected to exert attacking them. “What I mean is: what sort of attackers and attacker resources can you reasonably expect to be spent on you?” he says. “Would I advise to my grandmother to have an out-of-band network tap? No. But if you’re handling sensitive IP, scientific research, gov secrets, etc., it may not be the most outlandish thing.”

Watch out for mobile malware, says Raiu. “Our analysis of high end APTs such as Equation seems to suggest many threat actors have developed mobile implants, which means that sooner or later, they will be found - just like we found the HackingTeam mobile implants for instance,” he says. “Running a security solution on your Android device will definitively help not just with protection against known threats but hopefully catching some new ones.”

And you can kiss privacy good-bye. “It’s important to limit what we post and understand what information we are leaking out … but privacy is a relative term and at a time when every system appears to be designed to divine where you’re going, what you’re doing, what you like, and who with, (and deriving a lot of that information from those you associate with, not just you) it’s unreasonable to consider anything like absolute privacy is possible.”

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Essentials

Mobile

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?