Russian Police Know Who Wrote Gpcode Virus

rifles only writes "Russian police almost certainly know the identity of the programmer responsible for the frightening 'ransomware' crypto virus, Gpcode, which has hit the Internet several times since 2006, says a story at Techworld, which has tapped a Kaspersky Lab researcher. Gpcode used 1024-bit RSA/128-bit RC4 to lock up victims' data, an uncrackable combination that left the world with only one solution: find the virus author to get the master key. So why don't the cops do anything? Good question, but this is Russia we're talking about."

In Soviet Russia . . .

[Eg0Death (1282452)]

. . . virus encrypts you!

The enemy of my enemy is my friend

[zappepcs (820751)]

Who is to say that Russian authorities are not using this coder as a cover for much more malicious activities? All we know is that there is a virus that encrypts your data. What is it that we don't know yet?

Re:The enemy of my enemy is my friend

[MightyYar (622222)]

Who is to say that Russian authorities are not using this coder as a cover for much more malicious activities?

No, no - they are TRYING to get him, but he lives in Georgia.

Re:The enemy of my enemy is my friend

[jcrousedotcom (999175)]

Well, I live in Florida, should I just drive up and get him/her? :)

Re:The enemy of my enemy is my friend

[martyb (196687)]

All we know is that there is a virus that encrypts your data. What is it that we don't know yet?

I'll take a stab at that one: the decryption key! <grin>

Re:The enemy of my enemy is my friend

[kestasjk (933987)]

Who is to say that Russian authorities are not using this coder as a cover for much more malicious activities? All we know is that there is a virus that encrypts your data. What is it that we don't know yet?

I've read the RTFA, if you thought "Russian KGB are letting mysterious virus author do as he wishes" was too bizarre to be true you're right.

This is how it breaks down:

• The virus author contacted Kaspersky asking for money for the tool to decrypt the encrypted files
• Kaspersky attempted to trace the author, and found that (surprise, surprise) he is using various proxies in the US, Hungary, Russia, etc
• Russian authorities apparently haven't rushed to the location of the Russian proxies (there's no mention of whether the US and Hungarian ones did)

Implying that the KGB are the master-mind hackers of an intricate spiders web of zombie-PCs may be a little premature based on this techworld.com article..

I wish there were sites which reported computer security news like it is, without the bullshit

Re:The enemy of my enemy is my friend

[kestasjk (933987)]

(Just to be 100% clear and frank "Russian Police Know Who Wrote Gpcode Virus" is just a plain lie)

Re:The enemy of my enemy is my friend

[NotBornYesterday (1093817)]

MI6 knows who he is. They used to have pictures [slashdot.org], but they lost them.

Re:

[Vagnaard (1366015)]

Sorry to interupt you but :

On December 21, 1995, the President of Russia Boris Yeltsin signed the decree that disbanded the KGB, which was then substituted by the FSB, the current domestic state security agency of the Russian Federation.

Re:

[Cyberax (705495)]

Wrong. KGB has been substituted by FSK (Federalnaya Sluzhba Kontrrazvedki - Federal Service of Counter-Intelligence) on 1991 (right after the USSR collapse).

In 1995 it was again renamed and reformed (this time it was called 'FSB').

Re:The enemy of my enemy is my friend

[billcopc (196330)]

Yet again the summary misleads, but it's no secret the Russian authorities don't have the resources to investigate anything of importance, and that problem leads to the iconic corruption that brings it full-circle.'

Re:

[lysergic.acid (845423)]

you mean not everything bad that happens is a communist plot?

on a more interesting note, TFA states that yahoo has refused to cooperate with law-enforcement on this case on "privacy grounds." but didn't they hand over the user info on several Chinese dissidents, which led to an American national being falsely imprisoned?

i guess Yahoo will protect a user's privacy as long as they're a malicious criminal, but not if they're a prisoner of conscience. i guess it's time for me to close up my Yahoo! mail account

Re:

[moderatorrater (1095745)]

Well, to be completely accurate, you can't rule out the possibility of the Russian KGB supporting the virus author, you just don't have evidence for it ;)

Misplaced your hat again?

[macraig (621737)]

Did you go and leave your tinfoil hat at home again? The tinfoil taped around your finger wasn't enough of a reminder, huh?

what?

[SolusSD (680489)]

"Good question, but this is Russia we're talking about." ?? Someone care to enlighten me what that was about?

Re:

[grajzor (1307967)]

Probably along the lines of this article: http://www.washingtonpost.com/wp-dyn/content/article/2006/04/07/AR2006040701972.html [washingtonpost.com]

Simple

[Shivetya (243324)]

It is implied that in Russia there are no rights, if the government wants something or someone it doesn't think twice about getting it regardless of the ramifications.

Of course that is not much different from Western Countries, we just like to pretend otherwise.

Re:Simple

[by Anonymous Coward]

Wait, isn't this the modern Russia which has imprisoned and shut down all free media, poisoned the Ukranian head of state, also brazenly poisoning people in other countries. Holds Europe hostage with its petroleum, and Putin is now head of state for life.

When the NYT's has a regime change by Bush after printing something unflattering to him, then come tell me that there is no difference.

Re:what?

[The Master Control P (655590)]

The implication is that the Russian government is explicitly corrupt and does not put on any pretense of enforcing the law but instead protects those with money or ties to money.

See also: Russian Mafia.

Re:what?

[MoonlightSeraphim (1253752)]

The implication is that the ... government ... protects those with money or ties to money.

now if we look at it this way it is not much different from any other government.

Re:

[mdm42 (244204)]

Not at all like a $700-billion hand^H^H^H^H bailout to a bunch of rich fuckers who ripped you off in the first place, then...

Re:what?

[The Master Control P (655590)]

Fools act because something must be done.
The wise act because they have something to do.

In any case, the question is how to survive the Subprime Mortgate Plane's crash-landing. In the short term, the fallout has left credit markets paralyzed with fear and waiting for the market to unjam itself would most likely prove unpalatably painful. If we aren't to act until we have a solution, what do you propose that we may act?

Long term, obviously, the solution is to bring back the regulation that stopped this nonsense from happening in the first place. Time and time again, we've seen that the markets are great at setting short-term prices and astonishingly, abysmally bad at planning for the future (witness the subprime ponzi scheme). Back in the thoroughly unregulated Robber Baron era, we'd have bank runs and financial panics like this literally every 5-10 years. Since the markets clearly can't regulate themselves to prevent this kind of screwup, the government needs to step in and do so. But this is long-term prevention to keep the Subprime Mortgage Plane from ever taking off again; What do we do now that we're stuck on it?

Re:

[MightyYar (622222)]

Long term, obviously, the solution is to bring back the regulation that stopped this nonsense from happening in the first place.

As much as it pains me to admit it, it looks like people suck at finance. Everyday people are responsible for this mess by taking on mortgages they couldn't afford. Banks are responsible because they bought risky debt from brokers who had no reason NOT to grant loans. Insurers are responsible because they underwrote this horrid debt.

But government regulation is also at fault here. The government encouraged high-risk loans. That did us no favors in this situation. Without Fannie and Freddie, there'd be a who

Re:what?

[Bryan Ischo (893)]

I don't know very much about the actual causes of this issue, however I do find it really annoying that someone must invariably turn the discussion into an "it's the Democrats' fault! No, it's the Republicans' fault!" waste of time. You cited only Democratic presidents (and president hopefuls) in your post. I find it VERY hard to believe that there isn't blame to be place on just about every politician out there, regardless of party. So why do you feel the need to try to make this issue partisan? It's attitudes like yours that turn intelligent discussion into useless time sinks, which is the root cause of the USA's political environment being so dysfunctional.

In short: if voters use their brains, then they will elect politicians who use their brains. You are encouraging voters not to use their brains with arguments like yours. So you and people like you are the real root of the problem.

Re:

[The Master Control P (655590)]

Hearing this kind of nonsense in response to criticism of broken governments really gets old after a while. When our officials tell big business to fuck off, they run smear ads during the next election. When Russian officals tell Gazprom to fuck off, or journalists criticize Putin's government, they tend to die of extreme cranial bullet trauma.

It's like people who complain about Bernanke's inflationary policies when Zimbabwe is discussed. Does anyone actually think these are comparable?

Re:

[binarylarry (1338699)]

In Soviet Slashdot, first post copies YOU!

Re:

[Saint Stephen (19450)]

Damn it, I finally had a funny Soviet Russia joke. Didn't see it when I posted :-)

So why don't the cops do anything?

[Daimanta (1140543)]

Simple. They have an ulterior motive in not dragging his ass to prison. That or they're lying. Or lazy.

Re:So why don't the cops do anything?

[MightyMartian (840721)]

Simple. They have an ulterior motive in not dragging his ass to prison. That or they're lying. Or lazy.

Like cops the world over.

Re:

[gad_zuki! (70830)]

He probably works for the FSB now.

Goodfellas

[pete-classic (75983)]

So why don't the cops do anything?

And when the cops assigned a whole army to stop Jimmy, what did he do?

He made them partners.

-Peter

Re:

[bigredradio (631970)]

Nice pull. That made my morning. (/me puts Goodfellas into netflix queue).

Tapped?

[Hatta (162192)]

I'm not sure it's relevant who at Techworld is tapping who at Kaspersky Labs

Changes in the wind.

[Ostracus (1354233)]

"According to Kaspersky, stopping ransomware-based malware in the future will require more effective law enforcement, the use of forensic software analysis to tie suspects to their malevolent creations, and possibly building restrictions into the Windows cryptographic software libraries used to create Gpcode itself."

This concerns me more than what the cops do as pointed out in the story there's the difficulty of getting the money back to the ransomware author.

Re:Changes in the wind.

[jimicus (737525)]

"According to Kaspersky, stopping ransomware-based malware in the future will require more effective law enforcement, the use of forensic software analysis to tie suspects to their malevolent creations, and possibly building restrictions into the Windows cryptographic software libraries used to create Gpcode itself."

Then Kaspersky are idiots - any malware author with half a brain will simply statically link their code with a stripped down OpenSSL library.

This just in

[Windows_NT (1353809)]

They'll never catch me, HAHAHA!
# encrypt /mnt/cppp/super_secret_files /mnt/cppp/putins_wife.jpeg -a 1024 --key="motherland"

ee+BfO3iVLaBGTTcTioI6Ax4

[BlackPignouf (1017012)]

hQIOA9E1fHW L3Cs+EAf+ LWFxdp1PrTde8Qie 1RCbJcYw+wje0tBapGwhioSd8+yQ
1HgIDg7 zfLYXpPL4Pqlv FvyE810ZzpfzhcI2WhNI2O 1TT6pl8nXeEWbDr39TOXCf
FNBkdmXnkZ /2+iF7/2ht/yAmNQm 4dX6v1BaHSHccN RTCsa74Rq58BfYKAJm2AEf/
gI0eKtXH SUiCT 8MBdee+BfO3iVLaBGTTcT ioI6Ax45ODsz5zColQz0VJb99LmjGw
AGVLf4dMLxm8WpZb Ni7RX8WLACnJAP t5MNhOee/J4 vwohQDrfQpux85HKsbQ6nFm
6Q5HKf4 l68DyPo yYvuvNSg0TlYov03G xYxEA6T4xAwgAi7ahv huEhPFexhNru/S

This highly interesting post has automatically been encrypted.
Please Paypal-send 10$ to john.doe@gmail.com to read it!

Re:ee+BfO3iVLaBGTTcTioI6Ax4

[beacher (82033)]

B e s u r e t o d r i n k y o u r O v a l t i n e.

Ovaltine? A crummy commercial? Son of a bitch!

So why don't the cops do anything?

[Richard_at_work (517087)]

Good question, but this is Russia we're talking about.

Theres a world of difference between knowing who did something, and having enough proof to be able to arrest them, charge them and convict them.

Re:

[Eg0Death (1282452)]

Probably along the lines of this article: http://www.washingtonpost.com/wp-dyn/content/article/2006/04/07/AR2006040701972.html [washingtonpost.com] [washingtonpost.com]

The picture this arcticle paints leads me to believe that proof is optional in the arrest, charge, convict process.

Re:So why don't the cops do anything?

[phayes (202222)]

Theres a world of difference between knowing who did something, and having enough proof to be able to arrest them, charge them and convict them.

There is a only a world of difference in countries that have an independant judiciary. In Putin's Russia where the judiciary is only there to serve as a fig leaf for Putin's ambitions, there is no difference at all...

but how does it work?

[by Anonymous Coward]

That's a good point someone brought up. In the situation of ransom, how
will it ever work?
If large amount of funds are transferred by bank, they can
find and freeze the bank account.
If large amount of funds are transferred in cash,
the money can be traced so you would be caught if you use it.

So What is the the point in ransoming in the current era? There must be
something I am missing.

RC4 is broken, not unbeatable..

[nweaver (113078)]

Ransomware crypto is not that effective: Backups are good, and the problem is payment is traceable.

And RC4 isn't good for ransomware crypto, it IS broken, badly so.

Re:

[sexconker (1179573)]

Unless:

By the time you need the data all of your good backups have been rotated through, and now you only have backups of the encrypted data.

The cost of the key is less than the cost to restore the latest good backup, check integrity, and get to the current point in time again (or eat the losses).

You use Western Union.

Your country of origin knows who and where you are, and what accounts your ransom money is being funneled into, and just doesn't care.

You have no incentive to hack away at the encryption becau

Re:RC4 is broken, not unbeatable..

[by Anonymous Coward]

No, RC4 is NOT broken.

What IS broken is the implementation required for 802.11 (Wireless LAN) (weak Initialisation Verctors).

Hardest part is getting the money

[curty (42764)]

The trojan and encryption could be written by any reasonably savvy malware author, but I guess laundering the money you receive would require a certain level of criminal knowledge.
The money goes into an e-gold or Liberty Reserve account, presumably one that has been stolen from a legitimate user, and from there somehow it has to get into the hands of the perpetrator.
If the authorities could track the money after it gets into e-gold ( they have tried before [securityfocus.com]) they could get a handle on who is behind this.

Good business for the average Joe

[Piranhaa (672441)]

1. Move to Russia
2. Create virus that encrypts helpless users' data
3. ???
4. Profit!

There is no police in Russia

[svadu (858161)]

It's funny to mention there is no police in Russia, It's actually called militia :)

Re:in America

[I'm not really here (1304615)]

DISCLAIMER: I have friends from each of the countries mentioned below, and do not think this of them or their countries of origin.

It is not xenophobia, it is simply stereotyping other cultures. Not that this is the best behavior, but it is common. Here are a few others that are often seen bandied about:

• French: Stuck up snobs who run away from any fight.
• German: Stubborn amoral mules who are in denial of Hitler and the Nazi regimes atrocities.
• Australian: Down-under hicks who always say "G'Day mayte"
• Americans: Fat slobs who think they're better than everyone else
• British: Inbred, with bad teeth
• Africa: Everyone is poor, hungry, and lives in a mud hut.

Now that I've evenly offended pretty much everyone, please read the following before modding me into oblivion:

Stereotyping is what happens when somenoe only sees what little they see in the news or what little they see from video games or movies.

People from France are people (some nice, some not). People from Germany are people (some nice, some not). Etc., etc...

Point being - People are just people, but often, for convenience, people latch onto the stereotypes and just repeat those.

To be honest, for many Americans, their understanding of Russia is likely as follows:
AllOfMP3.com, Russian Mafia from movies, and the Cold War in the history books.

It's sad, I know.

Re:in America

[Thiez (1281866)]

> Now that I've evenly offended pretty much everyone

I was going to complain about how my country isn't on the list, but then I realized its very omission was offending me, implying it is small and insignificant. Sir, I must congratulate you on finding such an extremely concise way of offending the dutch.