Monthly Archives: April 2019

Cyber-news from the dark side – ver. SAS-2019.

Hi folks!

Herewith, the next in my series of occasional iNews, aka cyber-news from the dark side updates – this one based on some of the presentations I saw at our annual Security Analyst Summit in Singapore last month.

One of the main features of every SAS is the presentations given by experts. Unlike other geopolitically-correct conferences, here the analysts up on stage share what they’ve discovered regarding any cyberthreat, no matter where it may come from, and they do this based on principle. After all, malware is malware and users need to be protected from all of it, regardless of the declared virtue of the intentions of those behind it. Just remember the boomerang effect.

And if certain media outlets blatantly lie about us in response to this principled position, so be it. And it’s not just our principles they attack – for we practice what we preach: we’re way ahead of the competition when it comes to the numbers of solved cyberespionage operations. And we’re not planning on changing our position in any way to the detriment of our users.

So here are a few synopses of the coolest investigations talked about at SAS by the experts behind them. The most interesting, most shocking, most scary, most OMG…

1. TajMahal

Last year, we uncovered an attack on a diplomatic organization from Central Asia. Of course, that an organization like that is interesting to cybercriminals should come as no surprise. The information systems of embassies, consulates and diplomatic missions have always been of interest to other states and their spy agencies or generally any bad guys with sufficient technical ability and financial wherewithal. Yes, we’ve all read spy novels. But here was something new: here a true ‘TajMahal’ was built for the attacks – an APT platform with a vast number of plugins used (we’ve never seen so many used on one APT platform – by far) for all sorts of attack scenarios using various tools.

The platform consists of two parts: Tokyo and Yokohama. The former is the main backdoor, which also fulfils the function of delivery of the latter malicious program. The latter has very broad functionality: stealing cookies, intercepting documents from the printer queue, recording VoIP calls (including WhatsApp and FaceTime), taking screenshots, and much more. The TajMahal operation has been active now for at least five years. And its complexity would suggest that it’s been built with more than one target in mind; the rest remain for us to find…

Details of this APT-behemoth you can find here.

Read on…

Buryatia and Transbaikal – the Buddhism center of Russia.

Buryatia and Transbaikal are two of the main centers of Buddhism in Russia. As if to demonstrate this, not far from Ulan-Ude there’s the great Buddhist monastery-university Ivolginsky Datsan. Another demonstration: on the way to the monastery there’s the famous Buddhist mantra emblazoned on a hillside: Om mani padme hum.

Datsan’s an interesting place well worthy of a visit and walkabout thereat. First impressions – a slightly Russified version of a Buddhist temple complex in China:

Read on…

Flickr photostream

  • KLHQ
  • KLHQ
  • KLHQ
  • KLHQ

Instagram photostream

We carry on – to the island of Olkhon.

In getting to the island of Olkhon (while still on the mainland), I have a feeling we were taken off-road on purpose – so we could put the Land Rovers through their 4×4 paces to the max while also getting some of the better views of the lake while driving alongside it. Well, the Land Rovers not only perfectly passed the test – they also helped pull out a mini-bus that had gotten bogged down in a spot of mushy ice that had been melted by the sun.

The story was quite a fun one, btw: the mini-bus was carrying some Russian tourists, and it was following a route along which probably one vehicle passed each day – well that was this vehicle!  So, they were literally in the middle of nowhere, stranded, with little prospect of being rescued – at least on that day. You can imagine how desperate those poor tourists were becoming. Anyway, all of a sudden – da-daaa – along come eight mighty Land Rovers! They couldn’t believe their luck. Then, when I got out of the driving seat of one of the Land Rovers, was recognized, hooked the rope onto their bumper, then got back behind the wheel to pull the mini-bus out of the mush, well, I have to say it looked like they might faint!

Soviet joke digression!

The Soviet leader Leonid Brezhnev was know to like fancy cars. One Sunday, he fancied a drive. So in he jumped, with his driver transferred to the front passenger seat. Off he races out into the countryside. Of course, after a while of doing well over the speed limit, eventually the traffic police pull him over. One of the police officers goes over to the car while Mr.Brezhnev winds down the window. The driver, naturally, is stunned, stands there frozen, eyes as big as saucers, and slowly turns back to his colleagues, who shout over: “What’s up Boris? Who’s the VIP being driven around at such crazy speed, then?” To which Boris replies: “Well, actually, I don’t know; but his driver is Brezhnev himself!”

Still on the mainland, perhaps the most memorable experience was stopping off at the village of Bugul’deyka, or, rather, its abandoned marble quarry. The place is nothing too special, but it was worth a quick look around. I wondered – why did they give up extracting marble here? Surely there’s always a demand for this posh construction material loved by five-star hotels (and five-star metros:).

My wonderings were soon answered: apparently this marble is a soft kind – only good really for sculptures; no good at all for construction. In Soviet times, when statues of Lenin were always popular (there would be many in any city, at least one in most towns), this place was kept very busy. These days, with patriotic-ideological monuments less in vogue, there’s just no need for its marble any more. The only folks who come here are the occasional tourists who’ve wandered off the beaten track.

Read on…

Enter your email address to subscribe to this blog

Baikal: history, trains, ashore, and more.

A tourist visiting Lake Baikal usually starts out at Irkutsk airport they’ve just flown in to, from where there’s a good quality road southeast to the Lake, the journey along which taking about an hour. The first view you get of Baikal is of the riverhead of the Angara that comes off the lake. This is the only river that flows from the lake (while the rivers and streams flowing into it number over 300!), and it does so in no small measure – the width of the river at the lake’s edge is some 900 meters!

Read on…

Crossing Baikal.

As I showed you in yesterday’s post, folks travel across the ice of Lake Baikal on various modes of transport. We went for one of the more glamorous and comfortable modes – Land Rovers!

(Brief ad break: the Land Rovers were supplied by the company Avtorazum, in fact – personally by its owner, Alexey Simakin, who, btw, is the Guinness world record holder for the longest car journey in one country, a ‘Master of Sport’ of the USSR (yachting), and twice champion of Russia in yachting. Check out those links – Avtorazum organizes all sorts of crazy cool auto-expeditions all over Russia and beyond).

And our Land Rovers looked like this:

Read on…

New word alert: Baikalian!

Privyet folks!

The other week I had a quick – six day – outing over to Lake Baikal in Siberia. As could have been expected, it was a delightful trip, with the six days passing so quickly it was as if time itself had been shortened. Ice, snow, endless expanses, entrancing enjoyment. And – oh my gigabytes – a ton of photos we appear to have taken. Ok, while I’m sifting, selecting and editing, I’ll give you some traditional aperitif-pics to whet the appetite…

Read on…

A Town Called (Diocletian’s) Palace.

Hi folks!

The Roman emperor Diocletian was a strong, stabilizing leader during the twilight centuries of the Roman Empire, apparently. But I don’t want to give a commentary on him as, first, I’m not historian; and, second, I don’t really fancy discussing the merits of lack thereof of historical figures.

I’ll limit myself to something I found very curiously intriguing.

Now, quick rewind. One of my recent posts was on my recent visit to Tito’s secret atomic bunker. Well here’s a ~logical continuation of that – another historical residence built for a leader, albeit 1500+ years earlier. It’s Diocletian’s Palace, in Split in Croatia. It, too, is massive – taking up the whole of the old town district of the city. It’s more of a fortress really, as there are streets running through it. It’s been somewhat adapted over the years – becoming more of a town than a fortress, but it’s still an amazing site – as UNESCO thinks so too.

Ok, in we go…

Read on…

Mostar’s new old bridge.

It was farewell to Tito’s bunker, and we were headed to the Croatian city of Split, where we were to have an important business event. On the way – while still in Bosnia–Herzegovina – was visited another magical place: the city of Mostar.

What a beautiful city! It centers around its ‘Old Bridge’ – Stari Most – which crosses the Neretva River, as it has done since the 1500s! The river’s fast flowing, emerald green, and with accessible, bedrock-revealing banks. The only one downside: all the low banks of the river are strewn with plastic garbage.

Read on…

SAS-2019: a lot more – in Singapore.

Hi folks!

My April journeying continues. It’s already seen me visit such charming cities as Hanover, Baku and Dubai (reports thereon coming soon). Next stop – Singapore. The garden city, the island wonder – one of my fave cities on the planet, if not the fave. But oh it’s hot. And, oh, it’s humid. But it still remains the city of the future. Maybe that’s why I like it so much?…

First, a few ok pics (mine), and some really good pics (not mine; I still need practice) of this wonder-city – by day, by night, of the ships waiting in line for access to the port:

So why was I here (as if I needed a reason)? Because the annual Security Analyst Summit was being held here – the eleventh! And it was… hmmm – I’ll get to that in a bit…

First – how does one go about gauging the success of a SAS? How do you measure it? Was it totally awesome, or just so-so, or something else? Well, IMHO, you can tell if it was totally awesome if, afterward, you have a strange, somewhat paradoxical feeling: on the one hand you have nothing but positive emotions – a euphoric aftershock that just won’t go away. On the other – you’re already aware that something’s sadly lacking in your life, and will stay lacking for another year – the buzz of a SAS! And on the other – third?! – hand, you feel a little… afraid – when you wonder just how on earth next year’s event will be made even better than this year’s! But then you remember how every year after a SAS you think the same thing – and the following year’s event does turn out even better, and you start to feel better again. All these psychological symptoms together should really be called ‘post-event syndrome’. Must remember that term for next time…

Oops. I’ve digressed. Let me get back to ‘was it good?’. It was, as I hope the previous paragraph indicates. But also – have a look at all the comments, links, likes…

If you’re a new reader here, and maybe SAS is new to you too, briefly, SAS is: an annual event bringing together experts (and the press, bloggers) from all over the world to basically talk to each other, in an informal setting, all about cybersecurity. Announcements, presentations, achievements, challenges, industrial CTF, etc., etc. For a bit more on the SAS template, go here.

Next up: where, why, how, who, from where…

SAS-2019 brought on a ferocious bout of post-event syndrome, whose intensity was all the more acute due to fears that some folks might pull out due to geopolitical reasons. But in the cybersecurity industry folks think with their heads and aren’t swayed by sensational headlines. After all, battling the cyber-baddies is only effective when done together, exchanging information, and telling each other about our victories over the computer underground. Cybercriminals know no borders. And the cyber-goodies shouldn’t be limited by them either. And I’m so glad that our colleagues and competitors in the industry feel the same way.

So, there we were fearing no-shows, but in the end not only did everyone turn up but even more did than we expected! But that figures really – for who doesn’t want to get better acquainted with the company that’s being targeted because it takes a principled stand on protecting users from any cyber-vermin, no matter who may be responsible for it and no matter how much it roils certain very powerful cyberwar-mongers. SAS-2019 broke all its own records: 500+ guests, 100+ contributors, 34 countries represented, ~70 presentations, ~10 workshops and training sessions, and more coverage on social media and in the press than ever before.

Right, where did it all start this year. Ah yes, like every year – it all starts actually months in advance when a countdown clock starts showing the number of days, hours and minutes there are left until the event. Fast forward to the morning of the first day, and those clocks have just minutes left, and the anticipation is hitting fever pitch… All the kit and chairs are in place, microphones fully charged, lighting and visual effects all set up, cameras ready (prepare to flash)…

One minute left…

And we’re off!

After a short welcoming speech, I was pinged to get up on the stage. Of course I obliged, gave a very warm warm-up speech, and also took some pics of the audience from the stage. Why should the audience have all the happy-snapping fun, eh? )

After me it was expert after expert sharing their stories – each one fascinating…

This year the number of presentations was the highest it’s been, as mentioned above, but the diversity of types of presentations was real wide too: some were very technical; others were more business-oriented; there were special training sessions on reverse engineering and other methods for pursuing the cyber-swine; a mini-exhibition; an open presentation room for rooky specialists, and a new feature called SAS Unplugged… As to the best of the best content – that will be coming up shortly in a separate cyber-news-from-the-dark-side post.

This year’s SAS brought us for the first time the following:

  • Separate cybersecurity white-hat hacking streams;
  • A small exhibition of participating companies;
  • Industrial topics;
  • Lots of other stuff, but I can’t quite remember it all.

Come the evening, though everyone was no doubt tired trying to take in all the new information of the day, we all headed to a super seafood restaurant I always visit when in town. Yeh! Yum!

And that was that – almost. Time left only for the final few mega-presentations that are traditionally saved till last. They really were something. If interested – have a search for them on the internet.

Then it was my turn again up on stage. ‘Thank you all for coming’, and the obligatory back-at-you pic:

PS: A big thank-you to Roman Rudakov. His ‘masterpiece button’ provided most of the photos in this post.

PPS: Briefly about where we held this year’s SAS – the Swissotel Stamford, where I’d stayed before, and which I only had negative recollections of. Not that I’m fussy when it comes to hotels. I’m comfortable up a mountainside in the cold and spending the night in a tent, but if a hotel says it’s a 5* hotel on the tin, I expect that’s what’s inside it too. Here, back in 2017 that wasn’t the case. However, this year I was very pleased with the place. Everything seemed to be in fully working order, everything seems to have been renovated, with everything shiny and new somehow. The one thing that they haven’t gotten round to is providing decent Wi-Fi, but that’s all:

Yes, I know – I still use Far Manager! I’m used to it, that’s all ).

Well that’s it for today folks, but I’ll be back with more tomorrow…

All the pics form SAS-2109 are here.

Tito’s secret bunker.

As you’ll know by now, I’m a big fan of walkies – be they industrial walkies, cultural walkies, extreme walkies… in fact – just about any walkies, but preferably ones involving anything must-see. And I’m of course not alone with my fandom of all things walkies – therefore they are always accompanied by lots of photos and lots of travelogue-y words. Just like in this post – on a place in Bosnia, 30km (60km by road) from Sarajevo – Tito’s bunker!

Read on…