It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Sophisticated malware dubbed 'The Mask' went undetected for the past seven years

page: 1
16

log in

join
share:

posted on Feb, 12 2014 @ 06:53 AM
link   


Security researchers recently unearthed a spying tool that managed to go undetected for the past seven years. Dubbed “The Mask” by those at Kaspersky Lab, the malware zeroed in on a wide range of high-profile targets for the better part of a decade using techniques and code more sophisticated than anything previously found in the wild. Experts at Kaspersky say the malware specifically went after government agencies, diplomatic offices and embassies, research organizations and activists as well as those in the gas, oil and energy markets. It employed a combination of malware, rootkit methods and even a bootkit to remain undetected over the years.

Sophisticated malware dubbed 'The Mask' went undetected for the past seven years



This thing has been doing the rounds on our net for the past 7 years undetected! Makes you wonder as to what's really out there?

Me thinks that this has the stamp of some alphabet agencies agenda all over it!




edit on 12-2-2014 by andy06shake because: (no reason given)




posted on Feb, 12 2014 @ 07:02 AM
link   
Its a custom designed job that was designed not to be noticed and its always a game of chicken in the AV/Malware world where until you can see it you can't defend from it properly (heuristics may help but not always guaranteed) and since its sent to targeted individuals it won't get the exposure via quantity of infections to show up on the radar

But 7 years is very good - probably someone decomissioning a machine or having some lulz while messing at a low level noticed something strange and then investigated



posted on Feb, 12 2014 @ 07:02 AM
link   
reply to post by andy06shake
 


Be a breath of fresh air to know that this wasn't the NSA, however if it was then business as usual then



posted on Feb, 12 2014 @ 07:11 AM
link   
Maybe... the person or people, who programmed this virus could come up with a little beauty that could attack the nsa!!



posted on Feb, 12 2014 @ 07:19 AM
link   

Zcustosmorum
reply to post by andy06shake
 


Be a breath of fresh air to know that this wasn't the NSA, however if it was then business as usual then
The OP article says something about the origin possibly being a Spanish speaking country.


Furthermore, the tool was designed to target files with extensions that Kaspersky isn’t familiar with. The firm said such files are likely part of custom government software and might have been used for encryption.

Experts believe the team that created The Mask are even more talented than those that were behind Flame, another sophisticated virus that most believe was designed to attack Iran’s nuclear program.

The security firm found nearly 400 victims across more than two dozen countries although most were located in Brazil and Morocco. As such, they believe the attacks may have been launched from a Spanish-speaking country.
At one time I would have thought that meant not the USA, but nowadays I'm not so sure:

www.amerispan.net...

Recently, the Latino population has grown to encompass more of the country making it the largest minority group in the U.S. Spanish is not a foreign language anymore; it's the second language of the United States.
Of course even if the NSA is the origin, the appearance of having an origin in a Spanish speaking country could be a diversionary tactic to draw attention/suspicion away from the NSA, so I wouldn't rule them out. But whichever country did it, it sounds like a state-sponsored spying effort, and not some teenager doing it for lulz.



posted on Feb, 12 2014 @ 07:27 AM
link   
That's the thing with the cyber world we live in, it's difficult to point the finger of blame at the right person, organisation or state a lot of the time.
An attack may be traced back to a country, but that doesn't necessarily mean it was carried out by anyone from that country, or with the knowledge of the government of that country. It's the same with any malware and spyware, it may indicate it was written by a speaker of a particular language, but that doesn't necessarily mean it was in fact done, as in this case, by a Spaniard. It's just camouflage and masking of the true perpetrators, to make the true origins difficult to pin down.



posted on Feb, 12 2014 @ 07:46 AM
link   
reply to post by andy06shake
 



I think assuming that the virus was targeted at spanish speaking nations because the author/authors were spanish speakers, is somewhat obtuse. This is a virus which has gone totally undetected until now, due mostly to its sophistication. Sophistication of that degree means that the author/authors of this virus may be GENERALLY sophisticated, and that may extend as far as targeting nations which have a different first language than their own.

Also, there is the fact that people who author things like this often sell their services to the highest bidder, so the virus could have been authored and administrated as a commission piece, which means that the target may have nothing particularly to do with the codes author, but more to do with their sponsor. There are all manner of possibilities, and thats leaving aside intelligence community shenanigans!

Also, the article points out that 400 victims have been identified. This is unlikely to be the full extent of the penetration of this virus, into systems and companies, individuals, and governments which use them. If it DOES turn out that the targeting was so specific (when compared with the entire breadth of the internet) then that will be a tool through which the originator of this code might be identified, but I find it unlikely.

The other thing to consider, is the information which was stolen, and what its potential uses may have been. Tracking those documents and who stands to benefit from possession of them, and HOW they intend to benefit from them, will also be crucial in solving this case.



posted on Feb, 12 2014 @ 01:05 PM
link   
reply to post by Arbitrageur
 



The security firm found nearly 400 victims across more than two dozen countries although most were located in Brazil and Morocco. As such, they believe the attacks may have been launched from a Spanish-speaking country.

What do Brazil and Morocco have to do with that conclusion -- they speak Arabic in Morocco and Portuguese in Brazil.



posted on Feb, 12 2014 @ 02:16 PM
link   
I say China is behind it.

freebeacon.com...

Guess that makes 5 in 10 go undetected.



posted on Feb, 12 2014 @ 02:43 PM
link   
Correction.

Hell it could be anyone:



Mesay Mekonnen was at his desk, at a news service based in Northern Virginia, when gibberish suddenly exploded across his computer screen one day in December. A sophisticated cyberattack was underway.





But this wasn’t the Chinese army or the Russia mafia at work.




Instead, a nonprofit research lab has fingered government hackers in a much less technically advanced nation, Ethi­o­pia, as the likely culprits, saying they apparently bought commercial spyware, essentially off the shelf. This burgeoning industry is making surveillance capabilities that once were the exclusive province of the most elite spy agencies, such as National Security Agency, widely available to governments worldwide.


Foreign regimes use spyware against journalists, even in U.S.
edit on 12-2-2014 by neo96 because: (no reason given)



posted on Feb, 12 2014 @ 02:50 PM
link   
reply to post by andy06shake
 


Me thinks that this has the stamp of some alphabet agencies agenda all over it!


Nah. It's about corporate espionage and positioning.


F&S



posted on Feb, 12 2014 @ 03:04 PM
link   
reply to post by adjensen
 


Just a bit of bad journalism in one of the copy pasta articles.
In the original article www.wired.com... they mention that a number of the modules within the Malware had Spanish names; namely the spanish word for mask ; "Careto".

As others have eluded, this is probably not significant as anyone intelligent enough to design custom malware at the govt level probably knows how to cover their tracks so any info derived on discovery should be considered diversionary without further evidence.



posted on Feb, 12 2014 @ 03:44 PM
link   
reply to post by billyvonhelvete
 

It WAS the NSA....



posted on Feb, 12 2014 @ 11:19 PM
link   
reply to post by Jukiodone
 


Unless (ominous musical overtones) the code writer really was spanish, and figured that people would think the spanish was planted as a diversion/misinformation and used his native language as a diversion from the diversion.




edit on 12-2-2014 by bbracken677 because: (no reason given)



posted on Feb, 13 2014 @ 01:01 AM
link   
Wikileaks?

You never know...



posted on Feb, 13 2014 @ 02:02 AM
link   

adjensen
What do Brazil and Morocco have to do with that conclusion -- they speak Arabic in Morocco and Portuguese in Brazil.
Good question. Either they know more than was reported in the story that led them to that conclusion, or else they don't know what languages are spoken in Brazil and Morocco. I would like to think the latter isn't true, but you never know.



new topics

top topics



 
16

log in

join