Last December, US
President Donald Trump signed a decree banning the use of Kaspersky Lab
software within US government agencies. This latest iteration of
anti-Russian sanctions demanded all individuals employed by Washington
to wipe the world-renowned anti-virus software off their computers
within 90 days of the decree’s signing.
CyberScoop
experts and their sources believe that Kaspersky Lab couldn’t know for
sure, but suspected that one of the countries of the Five Eyes
intelligence alliance, which includes Australia, Canada, New Zealand,
the United Kingdom and the United States, was behind developing
Slingshot.
However, as the latest IT news show, Kaspersky Lab which received
recognition for its achievements in the fight against all sorts of
malware was not thrown out the door for genuine security concerns, but
as a part of ongoing anti-Russia propaganda efforts we’ve been
witnessing lately across the West. It’s also clear that Washington
couldn’t care less about the efforts that Kaspersky Lab has been taking
in countering high-profile cyber-espionage and government-sponsored
malicious activities on the Internet that American intelligence agencies
have been exposed as engaged in.
Such conclusions can be made based on outcomes during the recently
held Kaspersky Security Analyst Summit (SAS), where Kaspersky Lab
experts blew the lid off about the sophisticated spy-ware program known
as Slingshot.
It turned out that this malware has been operational since 2012, but it
took IT security firms years to spot it. And it was the Russian-based
company Kaspersky Lab that exposed this spy-ware of US intelligence
agency-design to establish total surveillance over the Internet, as it’s
been noted by the The Times.
According to this British publication, Kaspersky Lab, now barred
from US markets, uncovered this malicious software, which allows US
agencies to access routers to monitor user activity across the web.
Originally, Slingshot was created by the US military to track
suspected terrorists who would use Internet cafes across the Middle East
and North Africa to coordinate their activities. This malware was
deployed in Afghanistan, Iraq, Kenya, Sudan, Somalia, Turkey and Yemen
and, according to some experts, and over just six years of Slingshot
becoming operational, a great many of both individuals and government
agencies suffered across the Middle East and Africa.
 |
| Image: Since the US sponsors Al Qaeda and the US Defense Intelligence Agency admitted the US and its allies intentionally created the so-called "Islamic State," Slingshot is obviously not being used to track Al Qaeda terrorists in nations targeted by the cyber espionage program. More likely it is tracking opponents to US ambitions throughout MENA and Central Asia. |
This Slingshot spy-ware is similar to the program created by the
NSA for establishing total surveillance in the Western segment of the
Internet. Experts from CyberScoop, while citing anonymous
US intelligence agents (both retired and acting), report that Slingshot
is a special operation launched by the Joint Special Operations Command
(JSOC), a component of the United States Special Operations Command
(USSOCOM). Researchers also agree that the algorithms used by Slingshot
are similar to those used by such hacker groups as Longhorn and The
Lamberts affiliated with the CIA and the NSA, developed with the tools
of the two above mentioned groups that were disclosed by WikiLeaks.
According to cyber security experts, Slingshot is an extremely
complex platform for attacks that one couldn’t develop without investing
huge amounts of effort, time and money. According to those same
analysts, the complexity of Slingshot makes even Project Sauron and
Regin pale in comparison, which means that government-sponsored hackers
could only develop something like this.
According to the statement released by Kaspersky Lab:
While analysing an incident which involved a suspected
keylogger, we identified a malicious library able to interact with a
virtual file system, which is usually the sign of an advanced APT actor.
This turned out to be a malicious loader internally named ‘Slingshot’,
part of a new, and highly sophisticated attack platform that rivals
Project Sauron and Regin in complexity.
The initial loader
replaces the victim´s legitimate Windows library ‘scesrv.dll’ with a
malicious one of exactly the same size. Not only that, it interacts with
several other modules including a ring-0 loader, kernel-mode network
sniffer, own base-independent packer, and virtual filesystem, among
others.
While for most
victims the infection vector for Slingshot remains unknown, we were able
to find several cases where the attackers got access to Mikrotik
routers and placed a component downloaded by Winbox Loader, a management
suite for Mikrotik routers. In turn, this infected the administrator of
the router.
What is clear is that this malware is aimed at hijacking all sorts
of sensitive information, including network traffic, screenshots and
passwords, while monitoring its own invisibility. Re-flashing firmware
doesn’t help the user get rid of this malware, since Slingshot is
capable of self-copying and employing all sorts of tricks to stay
operational, some of which haven’t been fully exposed. To divert the
attention of anti-virus software, Slingshot independently initiates
security checks, which allowsed it to mask its presence from 2012
onward.
In recent years, Slingshot has been actively used by US
intelligence agencies to establish total control over the Internet by
spying upon US citizens and abroad, including among Washington’s
“allies.”
And given that it was Kaspersky Lab that was able to track
spy-ware Washington invested so many resources to develop, it’s no
wonder that Trump decided to put an end to the operations of this
Russian-based company in the United States, trying to carry on its lies
about “Russian hackers” that nobody has ever seen or tracked, while
continuing with America’s criminal cyber espionage activities at the
highest level.
Vladimir Platov, an expert on the Middle East, exclusively for the online magazine “New Eastern Outlook”.