SaveSave story

Report: Olympic Destroyer malware a false flag operation

US big air athelete Kyle Mack competes at the Pyeongchang 2018 Winter Olympic Games. Photo Franck Fife/AFP via Getty Images

Researchers at Kaspersky Lab found evidence that the Olympic Destroyer malware, which briefly downed Pyeongchang systems in advance of this year's olympics opening ceremonies, was a false flag operation trying to pin the attacks on North Korea. The security firm presented the research at its yearly conference, the Security Analyst Summit, on Thursday.

Why it matters: Attribution is a tricky business with real consequences. If the U.S. was to incorrectly attribute the attacks to North Korea, that could mean sanctions, war or a host of undesirable outcomes.

The details: Olympic Destroyer contained coding similarities with a group tied to two attacks the United States government attributed to North Korea. The segment of the code designed to erase data was extremely similar. However, Kaspersky noted, while the North Korean attacks always used very long, secure passwords to protect the malware's operations — all longer than 30 characters — Olympic Destroyer used the less impressive password "123".

Rich headers: But the best evidence North Korea was being framed came in the curious choice to make it look like the malware was designed in out of date software.

  • Olympic Destroyer contained a section known as a "Rich header" identical to North Korea's. Rich headers identify the programs used to design software. Olympic Destroyer's header claimed the malware was written using Microsoft Visual Studio 6.0, state of the art in 1998, just as North Korea did.
  • Kaspersky researchers demonstrated the code was actually created in Visual Studio 10, a quantum leap from the programs North Korea used in the past.
  • Tampering with Rich headers is a more elaborate form of obfuscation than attackers normally attempt.

If not North Korea, then who? No one in the private sector has made a particularly strong case yet for any specific actor, although different pieces of evidence point to everyone from Russia to China. A press release from the company suggests there is weak evidence the attackers were the Russian group Fancy Bear. But Kaspersky cautions that a group using novel techniques to frame another country could easily be framing Russia, too. It would be best, said the company, to let this play out before jumping to any conclusion.

Haley Britzky 6 hours ago
SaveSave story

Zuckerberg happy to testify if it is "the right thing to do”

A portrait of Facebook founder Mark Zuckerberg
A portrait of Facebook founder Mark Zuckerberg. Photo: Jaap Arriens / NurPhoto via Getty Images

Facebook CEO Mark Zuckerberg said he would be "happy" to testify before Congress if it was "the right thing to do," in an interview with CNN's Laurie Segall.

Why it matters: Facebook has been under the microscope lately for what Zuckerberg called earlier today the "Cambridge Analytica situation." Zuckerberg said if he was the "person...who will have the most knowledge," then he'd be the one to testify in the face of Facebook's data-collection situation.

Bob Herman 4 hours ago
SaveSave story

Jamie Dimon's $141 million payday

JPMorgan Chase CEO Jamie Dimon speaks at an event.
JPMorgan Chase CEO Jamie Dimon speaks at an event in 2016. Photo: Win McNamee / Getty Images

JPMorgan Chase CEO Jamie Dimon took home more than $141 million in 2017 after calculating the actual realized value of his stock, according to a preliminary draft of the banking giant's annual proxy document. Dimon's compensation is calculated as $28.3 million when using the estimated fair value of his stock. But that compensation figure doesn't matter as much because it doesn't reflect what executives report in their personal income tax filings.

Why it matters: It's the highest pay package of any active corporate CEO from 2017, based on Securities and Exchange Commission documents that have been filed thus far. Dimon's compensation is also 1,818 times higher than what the average JPMorgan employee makes.