World’s worst cyber criminal group identified
Aractus
The cyber espionage group known as Longhorn has been formally identified by Symantec as the CIA.
Now, take a breath and get ready to learn the ugly truth behind this revelation. We live in the digital age, and underpinning that is the illusion of electronic security. Now I say illusion, but I wish to stress that this illusion is so strong that it gives people the confidence to conduct online transactions, and for banks to allow their customers to access their accounts over the internet. How secure is your data and your bank account? Not very. It’s about as secure as an ordinary bank vault. With the right tools, equipment, and expertise it can be broken into.
Electronic security is never truly provably secure. Take a moment to think what that means. Let’s say you have a large safe in your office – should you trust it with a high security mechanical lock (Manifoil MK4, S&G 2740B) or an electronic lock (the TL11G is the SCEC approved electronic equivalent)? Well, allow me to blow your mind for a moment: the mechanical locks are provably secure. They are not perfect, and they can be broken into (for example if someone guesses the right combination). The TL11G is not provably secure, its source code is closed, and the ROMs can of course be flashed if someone wanted to intentionally supply a known-vulnerable product, and it would be impossible for a user to tell the difference. I’m actually surprised it’s SCEC approved given the clear vulnerabilities that could exist or could be introduced. Granted though I’m not a locksmith or for that matter security professional.
On 7 Mar 2017, Wikileaks began publishing information relating to Vault 7. Vault 7 is an arsenal of CIA developed cyber-weapons. They are believed to have been sold for sometime on the darkweb. The reason why security companies and professionals hate intelligence organisations is because these intel orgs deliberately find vulnerabilities in software, but do not publish the information. What this means is that a vulnerability can exist for several years before it is independently discovered outside of an intelligence agency. And it doesn’t matter who you think are the “good guys”, if one intelligence agency found the vulnerability and developed a cyber weapon, you can bet that others did as well – the Chinese, the Russians, etc. In fact it would be unthinkable that the CIA could develop such weapons without the Chinese developing them at the same rate or faster given their expenditure on finding them. But as already mentioned, even without the same vulnerabilities being found, the CIA’s entire arsenal of cyber weapons has been leaked for some time and sold on the darkweb to the highest bidders.
On 10 Apr 2017, Symantec positively identified the north-American cyber criminal group known as ‘Longhorn’ as in fact being the CIA. Longhorn has been active since at least 2011, and has been described as the worst cyber criminal group of our age. They have infected 40 known targets in 16 countries. To quote:
The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.
That’s a pretty goddamned strong statement. Now there is another way to read that statement, the other way to read it would suggest that whoever Longhorn is they have had access to most or all of the Vault 7 cyber weapons soon after they were developed by the CIA. Meaning that if Longhorn is not a part of the CIA, they are a group the CIA has been intentionally arming with the weapons, or they had the ability to steal them from the CIA. None of those options are any better than the CIA is Longhorn.