Comments

You have commented 358 times on Rantburg.

Your Name

Your e-mail (optional)

Website (optional)

	My Original Nic Pic-a-Nic Sorry. Comments have been closed on this article.
Foto

Submit your comments on this article

Caucasus/Russia/Central Asia

Russia Used Windows Flaw to Spy for Years

2014-10-15

[AnNahar] Hackers based in Russia used a flaw in Microsoft Windows to spy on NATO
...the North Atlantic Treaty Organization. A single organization with differing goals, equipment, language, doctrine, and organization....
, European governments and other organizations as far back as 2009, security researchers said Tuesday.

A report by the cyber-security firm iSight Partners said the flaw dubbed "Sandworm" allowed the cyber spies to gain access to computers using all versions of Windows for PCs and servers during the past five years.

The researchers said Microsoft was notified of the vulnerability and was making a patch available on Tuesday.

The report said the team exploiting this flaw began operating in 2009, and stepped up its efforts in late 2013, as the crisis in Ukraine broke out.

The researchers said the targets included NATO, Ukrainian government organizations, Western European governments, energy and telecom companies in Europe and US academic institutions, but added that "visibility is limited and that there is a potential for broader targeting from this group."

They noted that many of the attacks "have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia."

According to a blog post by iSight, it's not clear what data may have been stolen but that the broad range of attacks "virtually guarantees that all of those entities targeted fell victim to some degree."

"We immediately notified targeted entities, our clients across multiple government and private sector domains and began working with Microsoft to track this campaign and develop a patch to the zero-day vulnerability," iSight added.

It noted that NATO was targeted as early as December 2013, and that other attacks hit a Polish energy firm and French telecommunications company.

The cyber-spying effort was referred to as Quedach by the security firm F-Secure, which described some elements of the campaign last month "but only captured a small component of the activities" and failed to identify use of the security flaw, according to iSight.

Posted by:trailing wife

#5 I'd bet dollars to donuts that our own intelligence services were both aware and made use of this. Be funny if they found out about it from spying on the Russians, though.

Redmond reserves the right to collect such info as, "your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage."

In an on-line data analysis class, we used cell phone sensor data to determine what activity a user was engaged in - walking, sitting, lying down, going up or down stairs.

Posted by: SteveS 2014-10-15 21:18

#4 Headline should read:

Sneaky F*ckin' Russians Used Windows Flaw to Spy for Years

Posted by: badanov 2014-10-15 20:29

#3 I think Microslop needs to get paddled. Hard enough to keep other from doing it. And hard enough to keep them from doing it again. Ever.

Posted by: gorb 2014-10-15 14:12

#2 Windows 10 has a keylogger that sends all your keystrokes back to M$S in plaintext.

link

Windows 10's 'built-in keylogger'? Ha ha, says Microsoft – no, it just monitors your typing

Don't want Microsoft tracking you online and collecting data on your computing habits? Then you probably shouldn't install the Windows 10 Technical Preview, Redmond says.

The interwebs were abuzz on Monday over concerns about the Terms of Use and Privacy Policy of Microsoft's newly released, not-even-beta-yet OS, with some sites going as far as to claim that Windows 10 comes with a "built-in keylogger" to watch users' every move.
Turns out these Chicken Littles were right – sort of – but according to Microsoft they should have known about the data collection from the get-go, because they agreed to it.

"With Windows 10, we're kicking off the largest ever open collaborative development effort that will change the way we build and deliver Windows," a Redmond spokesperson told El Reg in an emailed statement. "Users who join the Windows Insider Program and opt-in to the Windows 10 Technical Preview are choosing to provide data and feedback that will help shape the best Windows experience for our customers."

And sure enough, although Microsoft isn't providing detailed information about what it's monitoring and how, the red flags for privacy freaks are all there in the legalese everyone breezed through before downloading the preview.

According to the Windows Insider Program's Terms of Use, "The purpose of the Program is to ... provide Microsoft with feedback and detailed usage data about all activities occurring on those devices so that Microsoft and its partners can improve their products and services."

That explicitly includes "personal information," the terms go on to say, and Microsoft might even contact program members with additional information that is personalized just for them.

The program's Privacy Statement gives a few hints about what kind of stuff Microsoft is looking for. Redmond reserves the right to collect such info as, "your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage."

The Technical Preview also phones home with data about the files you open and "performance or usage information," including what program features you use most often and how long the system takes to respond to clicks.

And then there's this gem, which is the one that got everyone moaning about keyloggers:

[When you] enter text, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features.

Microsoft hasn't said just how many of those typed characters it might collect or how often, but this is in fact something that the Windows 10 Technical Preview might do.

Does this mean Microsoft is planning to use Windows 10 to swipe everyone's online banking passwords? The chances are slim to none – although if you do your online banking on a prerelease test version of Windows with an experimental build of Internet Explorer, you deserve what you get.

Microsoft does, however, seem to be getting more aggressive about the kind of user experience data collection it has been building into prerelease versions of its flagship products for several years now. (Remember all the user data that Redmond said went into crafting the Office Ribbon UI? Where do you suppose it came from?)

How much of this data-collection the shipping version of Windows 10 will do remains to be seen.

"As we get closer to a final product, we will continue to share information through our terms of service and privacy statement about how customer data is collected and used, as well as what choices and controls are available," Microsoft told The Reg.

For now, though, bear in mind that when you fire up the Windows 10 Technical Preview, you are definitely being watched. But you knew that

Posted by: 3dc 2014-10-15 10:22

#1 It says it uses a powerpoint flaw. So not quite remote code execution.

Posted by: Bright Pebbles 2014-10-15 09:00

00:00