After Canadian intelligence services, several researchers have published a report on “Babar”, a tool to spy on instant messengers.
More is known about the curious spyware” Babar “, which would be the work of the French intelligence. Several researchers in computer security could dissect a sample of the virus. They published this Wednesday, February 18 a detailed report on the technical characteristics of this malware. Babar was discovered in 2009 by the Centre of Canada Communications Security (CSEC), the memos were revealed by the Le Monde there nearly a year, thanks to documents provided by Edward Snowden.
• Spy on instant messengers
The reports recently published show new technical features of Babar “The purpose of this malware is the espionage and especially instant messaging, “says the Le Figaro Paul RASCAGNERES, author of one of the reports for the German company GData. This is “to recover what is typed on the keyboard [what is called a keylogger]” but Babar is also “capable of listening to the microphone and speaker of the computer,” adds Paul RASCAGNERES .
The software was messaging including Skype, MSN and Yahoo messenger. It is now known and detected by antivirus. Babar has not been used for the massive espionage, but to listen to specific targets. The researcher said that the data transmitted on servers in Iran, Algeria or Egypt for example, which could be close of the first targets. CBSC memos indicated Iran as a major victim. Furthermore, the Canadian services have identified possible targets in Greece, Spain, Ivory Coast but also in France.
• Slightly improved Spy
According to Paul RASCAGNERES, Babar has nothing to do with the very powerful malware such as Equation, developed with many more ways the agency American intelligence (NSA) and unveiled Tuesday by Kaspersky. “I honestly think it was done by a team with limited resources,” he says. The software is not very discreet either, “it does not hide beyond measure,” adds the researcher.
• A similar tool called EvilBunny
The researchers were able to identify other malicious software very similar to Babar named EvilBunny. “Bunny is an old version of Babar discovered by Marion Marschaleck [a researcher of Cyphort society and author of the report],” says Paul Rascagnès. Unveiled in October, the software has not made features for espionage, unlike Babar. EvilBunny used primarily to control a remote computer. It was discovered by similarities in its technical characteristics. The researcher says for example “source code copy / paste.”
• Who is behind Babar?
The Canadian technical intelligence suspected France and Branch External Security (DGSE). As usual, there is no formal proof, but a body of evidence. The memo said that Babar CBSC is a French children’s character. The nickname “titi” appears in the specifications of a tool. The document then states that “Titi is a French diminutive for Thierry (sic), or the familiar term for a small person.” Memos mention the use in the metering code “bytes” instead of “bytes”, a typical French use. Moreover, a French-language media in Canada have been affected by the spyware. “France is as active as the big players [computer espionage],” says Marion Marschalek site Motherboard.
However, the memo as recent reports researchers can not point the finger Sponsor. “The authors are not English speakers, because there are too many language errors, but I can not find anything else,” said Paul RASCAGNERES. In the matter of hacking, the evidence is easily forged, said Marion Marschaleck.
No comments:
Post a Comment