A computer scientist has discovered a new spyware program, which he attributes to the same developers that Babar program, for which France is suspected.
Le Monde | • Updated | By
The developers of spy programs and Babar Evil Bunny, Canada suspected to be the French intelligence services, have created a third spy program that targeted Syria
Read. The program Spy Babar has a “big brother”: Evil Bunny
This is the conclusion reached by Joan Calvet, an expert in computer security company ESET in a report to be released Thursday, March 5. He was able to get their hands on a copy of the new program, the name given to it by its creators resumes again that of a famous cartoon. This time, the developers have named their creation Casper.
A dozen people mentioned in Syria
This software was found on the computers of a dozen people, all in Syria. It is not excluded that this program has been implemented elsewhere. It has also been used recently – in contrast to Babar – and was part of a specific transaction, he has been active in Syria a few days between 9 and 16 April 2014
trace. This program was found on an official website of the Syrian government, that of a commission created in 2011 under the aegis of the Ministry of National Reconciliation so that victims Syrians destruction during the Civil War can make a claim.
A recognition program
Unlike Babar, Casper does not capture information directly: it is a recognition program. When it enters a computer, it establishes a precise description – language used, installed programs, configured antivirus software – before you send it to its sponsors. Then they decide if the target is really worthwhile.
The second stage is probably that of sending another spy can program him to intercept information. Casper also provides case: it can be added additional modules. This technique is increasingly common in the state sophisticated attacks.
A ghostly and complex program
A “chess game” with antivirus software.
This spy program to the ghost name aptly named, as it is difficult to detect. When it lands on a computer, Casper is engaged in a “chess” with antivirus software: it finely analysis which are present on the machine and adjusts its mode of infection. In some cases it may simply destroy itself when it believes the risks are too great. “You rarely see this level of accuracy in avoiding antivirus with spy programs,” Note Joan Calvet sign again of great sophistication.
“Casper is so stealth and under the radar of security companies, that we tracked him down episodically currently. I hope that by publishing this information, other researchers will be able to bring their piece to the puzzle! “ also says Calvet.
A further sign of its complexity and the motivation of the attackers, it uses a so-called loophole” 0-Day “, that is to say, a unknown vulnerability. This type of vulnerability, unpublished therefore invisible to antivirus researchers keen interest in computer security. Using such a flaw is to risk exposing daylight and see quickly corrected.
The authors of Babar
Joan Calvet, there is little doubt. Casper is the work of developers who have created Babar and Evil Bunny. Moreover portions of strictly identical code between these programs, he found their many similarities, particularly in the way they hide or detect antivirus.
“All common features make us say with a high degree of certainty that Bunny, Babar and Casper were developed by the same organization, “ writes Joan Calvet.
A State for maneuver?
Casper as Babar is not a massive spying program, as some devices revealed by Edward Snowden documents. This is high-level tools to obtain accurate information on specific targets. Mr. Calvet, “the precise targeting of individuals in Syria shows a probable geopolitical interest”
“Not only Casper is well developed, but also its authors seem understand how we – security researchers – working, and they made sure to make our difficult task. By quickly looking at the program, it may seem to have before me a banal malware, unaware of all the machinery recognition contained in Casper. I would say that Casper was developed by a team of professionals, eager to make a discreet malware. The “professional” can quite match a state entity. “
France: what involvement
In 2014, Le Monde revealed on the basis of documents provided by Edward Snowden that Canadian intelligence suspected France of having developed a spy program named Babar
Read. When Canadians go hunting for “Babar”
There A few weeks ago, two computer scientists revealed more about Babar and unveiled at the same time the existence of Evil Bunny, the “big brother” less evolved, Babar, developed by the same organization.
No new hexagonal involvement trace in Casper. France, which at this stage is only suspected by Canadian intelligence services of being behind Babar, and therefore behind Casper, has adopted, as the other major military powers offensive capabilities on the Internet, entrusted to the army and the external services, the DGSE. Authorities refuse to comment on this extremely sensitive issue covered by the highest level of military secrecy. Recently, a video made by the French army slightly broke with this silence touting its capacity for “attack” and “destruction” in the “digital battle “.
No comments:
Post a Comment