A Snake in the Cyberwar

David Sanger, who I have often said has the best sources in Washington for cyber has dropped a new one called Snake.  Speculation is, the worm was planted by the Russians to attack systems in the Ukraine and get access so they could follow the slow demise of Viktor Yanukovych.  This kind of access allows an adversary to prepare for the worst, while hoping for the best. The numbers of known occurrences are small (14), and directed at government offices.  That few, in any other worm, would not even show up on the radar of most anti-virus developers.   [http://www.nytimes.com/2014/03/09/world/europe/suspicion-falls-on-russia-as-snake-cyberattacks-target-ukraines-government.html?_r=0]

A sited BAE Report http://www.baesystems.com/what-we-do-rai/the-snake-campaign [note: you have to register with BAE to get the report]  says the original code was called Agent.btz  [for a good summary of the impact of the code on the Pentagon, A Return of the Worm that Ate the Pentagon, http://www.wired.com/dangerroom/2011/12/worm-pentagon/]  It went by several names, snake, uroburos, sengoku, and snark.  The technical report describes the details of how the code works and is nicely illustrated, as the example shows

It is a good analysis that most high school students could follow.  If the BAE report is on target, this is not a widespread attack, as many stories are implying.  It doesn't threaten the infrastructure of the Ukraine, though it probably did give access to the thinking of many of its leaders, leading up the deployment of troops in Crimea.  That is what a good cyber tool should do.  Amazon books: