| SAN FRANCISCO
SAN FRANCISCO Feb 1 The world of criminal
computer hacking has traditionally been far removed from the
cyber-spying efforts of governments, but security experts say
several recent cases suggest the lines are starting to blur.
Enterprising hackers are now using tools built for raiding
online bank accounts to target corporate and government secrets,
either on a for-hire basis or on speculation that government
documents could be valuable in underground markets, according to
Two weeks ago, security firm Kaspersky Lab announced that it
had discovered a spyware campaign targeting embassies and other
government offices around the world that was sophisticated
enough to remain undetected for five years.
The unidentified leaders of the hacking group were Russian
speakers, judging from comments in the code or commands that
were in Russian, Kaspersky said. In addition, the country most
affected by the hacking campaign was also Russia. Kaspersky
theorized that the gang was offering services or auctioning off
what it found.
"Such information could be traded in the underground and
sold to the highest bidder, which can be, of course, anywhere,"
Jaime Blasco, a researcher at California's AlienVault Inc
who worked with Kaspersky on the case, said Thursday that some
Russian hackers who had previously harvested credit and debit
cards "have evolved into this new business."
In another case, security company McAfee said a version of a
program developed to steal bank account credentials from
consumers, known as the Citadel Trojan, had been turned on city
halls in Poland and provincial offices in Japan.
"It sounds to me like a for-hire data-gathering campaign,"
said researcher Ryan Sherstobitoff of McAfee, which is owned by
chip manufacturer Intel Corp. McAfee said it was
unclear what had been taken from the public offices but that
emails were one likely target.
The Citadel Trojan is still mainly used for bank fraud. Its
code is based on another family of financial spyware, called
Zeus, that has been blamed for hundreds of millions of dollars
in fraudulent account transfers.
Zeus too has had multiple uses. In 2010, security firm
Netwitness found a variant of it that was sent via trick emails
to addresses ending in ".mil," for the U.S. military.
It acted like the regular Zeus, capturing bank passwords as
they were typed. But it soon started looking for electronic
documents on the infected machines and spiriting them away.
Spying attacks that use readily available criminal hacking
tools might also be the work of governments seeking to cover
their tracks, U.S. government and private researchers say.
Such spies might infiltrate or rent time on
already-compromised networks of machines, known as botnets, that
are controlled by criminals who steal data, send spam or take
down websites with so-called denial-of-service attacks.
Some botnets have millions of machines and can contain
plenty of data with intelligence value. Using them adds a layer
of deniability, said Christopher Soghoian, a technologist at the
American Civil Liberties Union.
"No one's going to accuse the government of using
military-grade hacking tools when they are already infected,"