On Friday the Washington Post published a nice writeup covering how US defense contractor CloudShield worked with the Gamma Group in the UK to create tools that could easily plant spyware on adversary computers. Victims just needed to view a regular website over HTTP and the tools could inject one of 250 Trojans into the target computer.
Of course the big take-away in defeating such attacks is to always use an encrypted channel. Yeah, it could be circumvented for a targeted attack but enabling encryption by default is our best defense overall. The general theme here as noted in the article is that “cleartext is just dead.”
CloudShield Technologies, a California defense contractor, dispatched a senior engineer to Munich in the early fall of 2009. His instructions were unusually opaque.
As he boarded the flight, the engineer told confidants later, he knew only that he should visit a German national who awaited him with an off-the-books assignment. There would be no written contract, and on no account was the engineer to send reports back to CloudShield headquarters.
His contact, Martin J. Muench, turned out to be a former developer of computer security tools who had long since turned to the darkest side of their profession. Gamma Group, the British conglomerate for which Muench was a managing director, built and sold systems to break into computers, seize control clandestinely, and then copy files, listen to Skype calls, record every keystroke and switch on Web cameras and microphones at will.
Today’s post pic is from Dirteam.com.