Week in Review: Project Sauron, Delta & Privacy International

Media Division | August 19, 2016

If you got a little distracted by The Olympic Games this week and missed some of the major cyber news, that’s understandable.  The Olympics have had their own controversies this year to address.  Time to take a break from the gold and check out government malware, planes getting grounded and more of the latest in cyber news.  We’ve got you covered with some of the biggest stories in cyber land this week.

One Hack to Rule Them All

Experts at both Kaspersky Lab and Symantec have discovered a creepy malware, present for at least 5 years, in at least 30 organizations in several countries.  What’s more, they know this is just the beginning.

“Project Sauron” got its name from the “Sauron” appearing in identified source code (the moniker of JRR Tolkien’s evil main antagonist from The Lord of the Rings novels).  While much has yet to be learned about the malware, it does appear so far that government, military, telecom and financial targets were the primary object of Project Sauron.

Detecting hackers often, of course, relies upon searching for recognizable patterns. Project Sauron seems so advanced as to have variations and adaptations that have made it virtually undetectable.  So far the malware has been uncovered in Europe, Asia and Africa.

The sophisticated malware also apparently was able to collect passwords and jump air gaps, leading investigators to conclude that it was likely funded by a nation-state.

Flight Cancelled — You’re Not Alone — Are Hackers to Blame?

Delta sited a power outage near the hub in Atlanta as the source of massive computer system failure last week.   Everything was down: their website, kiosks, mobile apps, possibly even computerized navigation systems, causing Delta to ground hundreds of flights across several continents.

After Southwest experienced a similar computer “glitch” last month, some tough questions are being asked.  Is this the result of outmoded systems, or are airlines being targeted?  Even though the outages are costing the airlines millions of dollars with thousands of frustrated customers, is someone intentionally causing this, perhaps seeing how such emergencies are handled?  Are these outages a distraction from something else?  Not to mention the inconsistencies in the story, such as: Delta claiming a power outage near their facility and Georgia Power (the power service provider) saying they experienced no such thing.

While at this time too little data is known to unquestionably blame hackers, there is also not enough evidence to rule it out.

Privacy International

Privacy International, the UK-based charity dedicated to defending the right to personal privacy, has taken on the UK government’s hacking against foreigners.  Currently, the GCHQ is seeking the right to hack all electronic devices, so long as the hack is in a foreign nation and deemed necessary for national security (by whom? Well, themselves, of course).

Across the pond a similar conversation is ongoing by the American Civil Liberties Union (ACLU).  The U.S. has an antiquarian Electronic Communications Privacy Act (ECPA, from 1986).  The ACLU has called for a modernization of the policy, accommodating for the devices of today like smart phones and laptops, and protecting individual privacy rights.

Since both the NSA and GCHQ have been caught red-handed before, so to speak, it is safer to assume that reverse-engineered software and other intentional backdoor access points exist in most devices.  Both governments claim that backdoor access is only necessary for criminal investigation, but what’s to stop hackers from using such access for malicious purposes?  Also, in an age when hacking isn’t just data collection, but can include turning on a device’s microphone or camera, do we really want anyone with that level of access, even for our “personal safety.”?

Which side do you take in the question of personal privacy, protect it? Or give it up for safety?

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.