Suspected state hacking campaign used commercial software

Monday, 29 December 2014 00:04 - - {{hitsCtrl.values.hits}}

Reuters: A previously undisclosed hacking campaign against military targets in Israel and Europe is probably backed by a country that misused security-testing software to cover its tracks and enhance its capability, researchers said. The attack program relied on software usually sold by Boston-based Core Security to companies and other customers that want to test their own defences, said researchers coordinated by Israel’s independent Computer Emergency Response Team, or CERT. The researchers from CrowdStrike and startup Cymmetria will present their unusual findings at the annual Chaos Communication Congress security conference in Hamburg on Saturday. Criminal hackers have made use of penetration-testing tools such as Metasploit for years, other experts said, but most major government-sponsored hacks have specially written tools supplemented by free and widely available programs. That is in part because commercial programs could be traced back to specific customers. Over time, however, the exposure of campaigns relying on the same tailor-made tools, have made it easier for investigators to attribute those attacks to a specific government. Using the Core Security program, which typically costs $ 10,000 or $ 20,000, could help muddy the waters, and CrowdStrike analyst Tillmann Werner said it could also help a second-tier cyber-power skip some of the work frequently undertaken by China, Russia and the United States. “The most likely answer is they didn’t have the capability to do it on their own,” Werner said of the hackers, adding that “there is no risk of leaving tool-marks.” Werner and Cymmetria Chief Executive Gadi Evron, who also chairs the Israeli CERT, said they did not know who was behind the campaign.