A Snake in the Cyberwar

David Sanger, who I have often said has the best sources in Washington for cyber has dropped a new one called Snake.  Speculation is, the worm was planted by the Russians to attack systems in the Ukraine and get access so they could follow the slow demise of Viktor Yanukovych.  This kind of access allows an adversary to prepare for the worst, while hoping for the best. The numbers of known occurrences are small (14), and directed at government offices.  That few, in any other worm, would not even show up on the radar of most anti-virus developers.   [http://www.nytimes.com/2014/03/09/world/europe/suspicion-falls-on-russia-as-snake-cyberattacks-target-ukraines-government.html?_r=0]

A sited BAE Report http://www.baesystems.com/what-we-do-rai/the-snake-campaign [note: you have to register with BAE to get the report]  says the original code was called Agent.btz  [for a good summary of the impact of the code on the Pentagon, A Return of the Worm that Ate the Pentagon, http://www.wired.com/dangerroom/2011/12/worm-pentagon/]  It went by several names, snake, uroburos, sengoku, and snark.  The technical report describes the details of how the code works and is nicely illustrated, as the example shows

It is a good analysis that most high school students could follow.  If the BAE report is on target, this is not a widespread attack, as many stories are implying.  It doesn't threaten the infrastructure of the Ukraine, though it probably did give access to the thinking of many of its leaders, leading up the deployment of troops in Crimea.  That is what a good cyber tool should do.  Amazon books:  

Chinese Target DuPont

Those who follow Chinese espionage are not surprised at the prosecution of Walter Liew for stealing trade secrets by bribing other employees, like Robert Maegerle, also convicted.  This sounds like a victory for the U.S. against Chinese espionage, but it would only be a small one, if so. [for the story see:   http://www.reuters.com/article/2014/03/06/us-dupont-china-verdict-idUSBREA2501420140306 ]

This story actually started two years ago.  In an account by ABC News, http://abcnews.go.com/blogs/politics/2012/02/chinese-espionage-aleged-to-target-dupont/    The original story involved five individuals and five Chinese companies.  One of those companies has already opened a factory with the stolen technology and has produced, for the past three years, 100,000 tons of titanium dioxide in Chongqing, China.  The Chinese got what they wanted, they suffered almost nothing for stealing the trade secrets, and they are still doing it every day.  Prosecuting two people is not going to help stop this kind of State-run espionage, stealing information and plowing it back into their economy.  The Chinese have not bothered with trade secret protection, except their own, anywhere in the world.  They keep moving up on the list of filed patents, while stealing other companies technology.  It is part of their larger effort to win the Economic Information War.    Amazon books: