AIB Home (IRE)   AIB Economics   AIB Home (GB) 

Monday 30th March 2015 
email to a colleague

printer version
Product Description Product Description

Product Description
Cash Management Cash Management

Cash Mgt Services
Public/Private Sectors
2013 Historic Rates 2013 Historic Rates

Historic Average
FX Rates 2013
Let us know let us know

send us your feedback
RateSaver RateSaver

online historic fx and
interest rates
fx3 fx3

custom fx rates
directly to your mobile
fxcentre pro fxcentre pro

confirm and view deals
& payments online
Huge Russian spyware programme found
Friday, 7th March 2014 02.56pm

A sophisticated piece of spyware has been quietly infecting hundreds of government computers across Europe and the United States in one of the most complex cyber espionage programs uncovered to date.

Several security researchers and Western intelligence officers say they believe the malware, widely known as Turla, is the work of the Russian government and linked to the same software used to launch a massive breach on the U.S. military uncovered in 2008. Those assessments were based on analysis of tactics employed by hackers, along with technical indicators and the victims they targeted.

"It is sophisticated malware that's linked to other Russian exploits, uses encryption and targets western governments. It has Russian paw prints all over it," said Jim Lewis, a former U.S. foreign service officer, now senior fellow at the Center for Strategic and International Studies in Washington.

However, security experts caution that while the case for saying Turla looks Russian may be strong, it is impossible to confirm those suspicions unless Moscow claims responsibility. Developers often use techniques to cloud their identity.

Public talk of the threat surfaced this week after a little known German anti-virus firm, G Data, published a report on the virus, which it called Uroburos. The name is from a string of text in the code that may be a reference to a Greek symbol depicting a serpent eating its own tail.

Experts in state-sponsored cyber attacks say that Russian government-backed hackers are known for being highly disciplined, adept at hiding their tracks, extremely effective at maintaining control of infected networks and more selective in choosing targets than their Chinese counterparts.

"They know that most people don't have either the technical knowledge or the fortitude to win a battle with them. When they recognize that someone is onto them, they just go dormant," said one security expert who has helped victims of state-sponsored hacking operations.

A former Western intelligence official commented: "They can draw on some very high grade programmers and engineers, including the many who work for organized criminal groups, but also function as privateers." Russia's Federal Security Bureau declined comment as did officials at the Pentagon and U.S. Department of Homeland Security. On Friday, Britain's BAE Systems Applied Intelligence - the cyber arm of Britain's premier defence contractor - published its own research on the spyware, which it called "snake". The sheer sophistication of the software, it said, went well beyond that previously encountered - although it did not attribute blame for the attack. "The threat... really does raise the bar in terms of what potential targets, and the security community in general, have to do to keep ahead of cyber attacks," said Martin Sutherland, managing director of BAE Systems Applied Intelligence. Researchers with established security companies have been monitoring Turla for several years. Symantec Corp estimates up to 1,000 networks have been infected by Turla and a related virus, Agent.BTZ. It named no victims, saying only that most were government computers. Hackers use the Turla spyware to establish a hidden foothold in infected networks from which they can search other computers for data, store information that is of interest and eventually transmit it back to their servers. F-Secure, a Helsinki-based maker of security software, first encountered Turla last year while investigating organizations attacked, according to chief research officer Mikko Hypponen. He also declined to name victims. "While it seems to be Russian, there is no way to know for sure," said Hypponen. Security firms that are monitoring the threat have said the operation's sophistication suggests it was likely backed by a nation state and that technical indicators make them believe it is the work of Russian developers. European governments have long welcomed U.S. help against Kremlin spying, but were infuriated last year to discover the scale of surveillance by America's National Security Agency that stretched also to their own territory. (Reuters)

More breaking news >
The above information has been taken from sources we believe to be reliable and trustworthy. However the accurateness and completeness thereof are not guaranteed and therefore should not be relied upon as such. AIB does not endorse or approve the content of any information from third party sites nor will it have any liability in connection with any third party site (including but not limited to liability arising out of any allegation that the content of or information on any third party site infringes any law or the rights of any person or entity)
  © Allied Irish Banks, p.l.c. 2003 AIB Customer Treasury Services is a registered business name of Allied Irish Banks, p.l.c.
Allied Irish Banks, p.l.c. is regulated by the Central Bank of Ireland. Registered Office: Bankcentre, Ballsbridge, Dublin 4.
Registered in Ireland : Registered No. 024173.