SaveSave story

Report: Olympic Destroyer malware a false flag operation

US big air athelete Kyle Mack competes at the Pyeongchang 2018 Winter Olympic Games. Photo Franck Fife/AFP via Getty Images

Researchers at Kaspersky Lab found evidence that the Olympic Destroyer malware, which briefly downed Pyeongchang systems in advance of this year's olympics opening ceremonies, was a false flag operation trying to pin the attacks on North Korea. The security firm presented the research at its yearly conference, the Security Analyst Summit, on Thursday.

Why it matters: Attribution is a tricky business with real consequences. If the U.S. was to incorrectly attribute the attacks to North Korea, that could mean sanctions, war or a host of undesirable outcomes.

The details: Olympic Destroyer contained coding similarities with a group tied to two attacks the United States government attributed to North Korea. The segment of the code designed to erase data was extremely similar. However, Kaspersky noted, while the North Korean attacks always used very long, secure passwords to protect the malware's operations — all longer than 30 characters — Olympic Destroyer used the less impressive password "123".

Rich headers: But the best evidence North Korea was being framed came in the curious choice to make it look like the malware was designed in out of date software.

  • Olympic Destroyer contained a section known as a "Rich header" identical to North Korea's. Rich headers identify the programs used to design software. Olympic Destroyer's header claimed the malware was written using Microsoft Visual Studio 6.0, state of the art in 1998, just as North Korea did.
  • Kaspersky researchers demonstrated the code was actually created in Visual Studio 10, a quantum leap from the programs North Korea used in the past.
  • Tampering with Rich headers is a more elaborate form of obfuscation than attackers normally attempt.

If not North Korea, then who? No one in the private sector has made a particularly strong case yet for any specific actor, although different pieces of evidence point to everyone from Russia to China. A press release from the company suggests there is weak evidence the attackers were the Russian group Fancy Bear. But Kaspersky cautions that a group using novel techniques to frame another country could easily be framing Russia, too. It would be best, said the company, to let this play out before jumping to any conclusion.

Jonathan Swan 2 hours ago
SaveSave story

Trump to announce anti-China tariffs tomorrow

President Donald Trump
Photo: Kevin Dietsch-Pool/Getty Images

President Trump plans to unveil his aggressive package of tariffs against China tomorrow, with a charge led by U.S. Trade Representative Robert Lighthizer that will use Section 301 of the Trade Act of 1974 to target Beijing.

The big picture: Two sources with direct knowledge tell me Kevin Hassett has been crunching the numbers, and the dollar value of the tariffs will likely be around $50 billion per year — or slightly less. The administration has used an algorithm to select a batch of Chinese products and then apply tariff rates to those products in a way that will hopefully limit the harm to American consumers. 

Axios Mar 20
SaveSave story

LIVE: Jamie Dimon, Steve Case speak with Axios at Howard

Axios hosts a conversation on the future of work at Howard University in Washington, D.C., featuring JPMorgan Chase CEO Jamie Dimon, MSNBC hosts Stephanie Ruhle and Ali Velshi, AOL co-founder Steve Case and comedian and writer Baratunde Thurston.