|
|
|
|
|
|
by geofft
3006 days ago
|
|
|
Nobody is disputing that, given a remote-access tool running on a machine, actions taken by that tool are seen to come from that machine. What is being disputed is that making it look like it came from a Russian intelligence officer specifically, as opposed to from some random infected machine somewhere, is easy. I see that you're claiming that if you set up a botnet and start infecting people and wait, you'll eventually get someone who works for a bank or someone who works for the military, sure. But what are the changes that you'll find someone who happens to work for the specific intelligence agency that is widely suspected as being the actual perpetrator? Are you claiming that lots of botnet operators happen to have infected so many machines that their chance of being able to get to the machine of an employee of any government agency in the world is high? That the average GRU officer has hundreds of RATs in their home from hundreds of bored teenagers around the world? |
|
|
I believe that intelligence agencies are targeted all the time, and keeping machines clean is not that easy. Certain governments (like Singapore) adopted an air-gap approach, so the machines you use for work don't touch the internet.
But even then, it would be a lot easier to infect that persons's home machine.....Many of the people visiting Guccifers site were normal people, some were from intelligence agencies (proportionally probably a lot more than visit a normal site).
Assuming you had AWESOME undetectable malware, you'd have to infect the lot, get them to report in, and ferret out the interesting ones. Not exactly a weekend project, but if this was your passion in life, very achievable.
Spear phishing these guys is hard, watering hole may be easier.