May 19, 2014
Russian Cyber Campaign Continues to Penetrate NATO Ministries
By Leonid Bershidsky, Bloomberg View
The local press reports that a Russian program called Snake caused the disruption in Brussels. If that is true, the Belgians have made the acquaintance of one remarkable serpent. Under the name Agent.BTZ -- a generic one, automatically generated to classify a then-unknown piece of malicious code – it hit the U.S. Department of Defense back in 2008. The attack became public knowledge two years later, after Deputy Defense Secretary William J. Lynn III described it in a Foreign Affairs article as a "significant compromise" of the DoD's classified computer networks. Someone had coupled a flash drive to a military laptop at a Middle Eastern base, and the malware spread from there, prompting a huge policy response that culminated in the creation of the United States Cyber Command.
Given the attack target's clout and resources, one would have expected the U.S. and its NATO allies to thoroughly study and block the malware. That didn't happen. Defense conglomerate BAE Systems wrote in a recent report that "the operation behind the attacks has continued with little modification to the tools and techniques, in spite of the widespread attention a few years ago. . . ."
Snake and its variants have been extensively deployed by whoever made that investment. BAE Systems collected a total of 32 samples of the malicious code from Ukraine, where most of them appear to have been installed since the Maidan protests started in Kiev last year; 11 from Lithuania; four from the U.K.; two from the U.S. and another six from other countries. . . .
There must be entire agencies in NATO countries that need the same procedure. All it takes is for one ignorant bureaucrat to click on an enticing link in an e-mail or plug in an unverified thumb drive, and the entire computer network becomes a giant hydrant blowing information to some server in Moscow, or wherever Snake's control center is.