Red October or Red Herring

Kaspersky Labs has announced that someone had been conducting a hitherto unknown campaign wide-scale international espionage, dubbed Red October, for many years. Except it that I don’t think it has.

The story broke quietly on Friday in the Washington Post and has been repeated over some Internet news sites and blogs, almost verbatim, yesterday and today. Although keen for breaking news (especially where international intrigue is concerned), one should really take a step back and match the claims with the substance.

You can find the report here, although not the the Kaspersky site. It’s not the subject of any press release I’ve seen. No one could be contacted at Kaspersky for comment. Hmm. Specialist IT security sites, like Steve Gold’s IT Security Pro, aren’t treating this as a top story either. The only reason I’m hitting the keyboard is that people keep drawing it to my attention.

The report (assuming it isn’t a hoax) does contain a good analysis of what appears to be a new-ish botnet, although one that’s not very widespread (we’re not talking about Flame V2 here). Kaspersky has a lot of smart cookies working for them, and they do some very valuable research, but reading the posts on the subject you’d think they’d uncovered the next Watergate or similar. Perhaps they have, but all I’m seeing details so far  is of another botnet.

If their analysis is correct, the perpetrators do seem to be targeting government and diplomatic sites in particular, but this isn’t actually novel. They’ve identified targets in most of the developed world, with the interesting exception of England and China. As the code appears to be of Russian origin, and not particularly well obfuscated, it’s also noteworthy that the majority of the attacks have been launched against Russian targets.

So, as it stands, this looks like a competent investigations of a botnet. Well done Kaspersky. Now lets get some sleep.


Leave a Reply

Your email address will not be published. Required fields are marked *