They're calling it "Red October."
On Monday, Russia's Kaspersky Labs reported that they had identified what may be the most comprehensive, global cyber espionage hack in the history of the Internet.
From a CBS News:
Kaspersky's report says "Red October's" configuration rivals the Flame malware that made headlines last year, when it was discovered to have infected computers in Iran.
They discovered the campaign in October 2012 and, after a few months of research, found some truly troubling revelations. Targeted in several countries (listed comprehensively via map below) was proprietary or government classified information in eight sectors:
- Government
- Diplomatic / embassies
- Research institutions
- Trade and commerce
- Nuclear / energy research
- Oil and gas companies
- Aerospace
- Military
For legal and obvious reasons, Kaspersky doesn't disclose exactly what information or specifically what private, government or diplomatic entities have been breached.
"It's a professional, multi-year cyber-espionage campaign," Kurt Baumgartner, senior security researcher at Kaspersky Labs, told CBSNews.com. Five years, to be exact.
Even scarier: there's no evidence the hack is state-sponsored. The 'insurgent,' decentralized nature of the attack makes it even more difficult for a coalition of governments to use political sway to pressure possible state-level sources of the attacks.
The most Kaspersky can identify is that Chinese speakers designed the "exploit" (like a coded crowbar that pries past security to improve, expand, and/or modify function) and Russian speakers designed the malware (in this case, the program that locates and gleans relevant information, then shoots it to an off-site server).
In other words, no credible targets — and after years of espionage the hack is still very much active.
In short, the operation reeks of a growing cyber-warfare mercenary culture, and the Kaspersky report even quips that sensitive information, private or otherwise, is likely then "sold to the highest bidder."
“The main purpose of the operation appears to be the gathering of classified information and geopolitical intelligence ... that [sic] information-gathering scope is quite wide,” Kaspersky's report states.
The hack targeted cell phones (Nokia, Windows, iPhone), enterprise networks, deleted files and even resurrected once-dead computer hard drives. The espionage ranged from stealing of files to logging every key stroke and taking periodical screengrabs. Sources include everything from diplomatic to infrastructure to military to commerce.
Finally, the information was then sent back through an opaque thicket of proxy servers, mostly located in Germany and Russia, making it impossible to know where it ended up and where "the mothership command and control center is."
"[There are] entire little villages dedicated to malware in Russia, villages in China, very sophisticated very organized, very well-funded," Steve Sacks of Fireeye, a