Forget the Trojan Horse, Heed the Russian Nesting Doll

September 14th, 2015 by

These Russian nesting dolls have been separated and lined in descending order.

These Russian nesting dolls have been separated and lined in descending order.

If you’re familiar with any spy movie of the 21st century, you’ll likely imagine spies as secret agents dressed in black who attempt to retrieve something without being recognized. Whether they’re one of the “good guys” or the “bad guys,” spies are pictured handling near-impossible physical tasks in order to obtain certain information. However, spies have actually taken a different approach to their covert affairs: hacking.

As of late, hacking has become an expansive phenomena, especially in the United States. The latest businesses and organizations which have been hacked over the last two years include Target, Home Depot, Premera Blue Cross, the USPS, and many more. So, what’s the deal with hacking, you ask?

Well, hacking can have any number of consequences. In the instances where retailers are hacked, typically, what’s at stake is the individual customer’s card or payment information. This could mean that unauthorized charges can be made on a compromised card or account. In the instances where insurance providers or other organizations with sensitive personal information are hacked, it can put individuals at risk for identity theft. When entire government agencies are hacked, the consequences can be much more grave. Sensitive government information which has been jeopardized could potentially affect national security. Such is the case with Turla.

Russian Hackers vs The World

The Russian spy group, Turla, has been a thorn in the side of many countries. More recently, though, Kaspersky Lab, an antivirus and Internet security company, has learned of some of the exploits of the Turla hackers.

According to Kaspersky Lab, the hackers have been sidestepping the measures of Internet security and antivirus companies to target U.S. and European big-name organizations. Turla has managed to avoid detection by maneuvering the less-than-secure pathways of Internet satellites. Kaspersky Lab researchers surmise that the hackers may use this method for the sake of achieving virtual anonymity. Because satellite Internet is an older form of Internet connectivity and it allows for more information to travel through its connection, it makes it harder to trace a potential hacker.

Flag_of_Russian_SFSR.svg

This type of hacking is erratic, though, because the method is dependent on the target being online and staying online for as long as the hacker needs him or her to stay on for in order to finish the job.  While this particular method is typically unreliable because it involves the use of slow Internet connectivity, it does provide a means to evade IP tracking. Kaspersky Lab researchers discovered that Turla contaminates its target computer or network with a hardcoded domain name for its main server. However, the IP address of this domain is changeable because it uses a dynamic Domain Name Server (DNS). This allows the hackers to use the IP addresses of real Internet users to conceal their own IP address, making them near-untraceable.

Kaspersky Lab researchers suspect that Turla has been using this method since 2007. The Russian spyware has targeted the militaries of the U.S., the Middle East, Europe, and Central Asia. It is widely believed that Turla is sponsored by the Russian government, but there is no concrete evidence linking one to the other. Fortunately, several European agencies, as well as U.S. agencies, are pursuing the cyber criminals.