To get notices of new blogs via email, click here:

Thursday, February 13, 2014

A New Virus Report Card: Stuxnet/ZeuS/Duku and Now Mask/Careto

Exactly three years ago (February 7, 2011), I published a Virus Report Card (see it here). Earlier this week, I received an inquiry from a senior member of the cyber threat analytics team of a major financial institution. He asked if I intended to update that information. I confessed that I had no plans in particular to update it, "although that could change as new intelligence comes to me from some security insiders with whom I stay in touch." I also confessed to this individual that my interest in The Perfect Virus was as a backup to my fictional endeavors, and that the real virus-tracking guru was Brian Krebs.

Then Krebs came out with this assessment of the technology used in the highly publicized attack on Target customers (see Brian's article here). Net net, the tool used in the attack appears to be a "derivative of the ZeuS banking trojan." Then came the Kaspersky analysis of what is almost certainly a government/state entity, the Mask/Careto virus that has penetrated the following targets:

  • Government institutions
  • Diplomatic / embassies
  • Energy, oil and gas
  • Private companies
  • Research institutions
  • Private equity firms
  • Activists
Okay, it's time to update my three-year-old Virus Report Card. I have inferred the capabilities of Mask/Careto from the excellent Kaspersky report (read the report here). So here ya go with a new matrix:


Data exhaust suggests that Mask/Careto is:


  1. A false-flag operation trying to point to Spanish-speaking creators, when in fact it is most likely a Chinese or Russian operation.
  2. A government or state-financed operation.
  3. Capable of more advanced Oversight (principle #1), Feral Fertility (#2), Openness (#8), Stratification (#13), Stealth (#14) and Defense (#21).
My closing comment to the individual who originally contacted me kind of says it all: "Thanks for your note. Too bad U.S. cyber law has you playing with one hand tied behind your back."

1 comment:

  1. BAD NEWS or GOOD NEWS ?

    U S DEPARTMENT OF DEFENSE News
    American Forces Press Service
    http://www.defense.gov/news/newsarticle.aspx?id=121660

    White House Announces Voluntary Cybersecurity Framework

    By Cheryl Pellerin
    American Forces Press Service

    WASHINGTON, Feb. 13, 2014
    – The Obama administration has released a voluntary framework developed by hundreds of companies, several federal agencies and many international contributors as a how-to cybersecurity guide for organizations in the business of running the nation’s critical infrastructure.......

    ReplyDelete

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?