Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT

Russian Police Know Who Wrote Gpcode Virus 201

rifles only writes "Russian police almost certainly know the identity of the programmer responsible for the frightening 'ransomware' crypto virus, Gpcode, which has hit the Internet several times since 2006, says a story at Techworld, which has tapped a Kaspersky Lab researcher. Gpcode used 1024-bit RSA/128-bit RC4 to lock up victims' data, an uncrackable combination that left the world with only one solution: find the virus author to get the master key. So why don't the cops do anything? Good question, but this is Russia we're talking about."
This discussion has been archived. No new comments can be posted.

Russian Police Know Who Wrote Gpcode Virus

Comments Filter:
  • by Eg0Death ( 1282452 ) * on Tuesday September 30, 2008 @10:13AM (#25204871)
    . . . virus encrypts you!
  • by zappepcs ( 820751 ) on Tuesday September 30, 2008 @10:14AM (#25204881) Journal

    Who is to say that Russian authorities are not using this coder as a cover for much more malicious activities? All we know is that there is a virus that encrypts your data. What is it that we don't know yet?

    • by MightyYar ( 622222 ) on Tuesday September 30, 2008 @10:46AM (#25205321)

      Who is to say that Russian authorities are not using this coder as a cover for much more malicious activities?

      No, no - they are TRYING to get him, but he lives in Georgia.

    • by martyb ( 196687 ) on Tuesday September 30, 2008 @10:51AM (#25205387)

      All we know is that there is a virus that encrypts your data. What is it that we don't know yet?

      I'll take a stab at that one: the decryption key! <grin>

    • That the last version of the virus does have very strong encryption, and that it fails to erase the plaintext files properly.
    • by kestasjk ( 933987 ) on Tuesday September 30, 2008 @11:07AM (#25205623) Homepage

      Who is to say that Russian authorities are not using this coder as a cover for much more malicious activities? All we know is that there is a virus that encrypts your data. What is it that we don't know yet?

      I've read the RTFA, if you thought "Russian KGB are letting mysterious virus author do as he wishes" was too bizarre to be true you're right.

      This is how it breaks down:

      • The virus author contacted Kaspersky asking for money for the tool to decrypt the encrypted files
      • Kaspersky attempted to trace the author, and found that (surprise, surprise) he is using various proxies in the US, Hungary, Russia, etc
      • Russian authorities apparently haven't rushed to the location of the Russian proxies (there's no mention of whether the US and Hungarian ones did)

      Implying that the KGB are the master-mind hackers of an intricate spiders web of zombie-PCs may be a little premature based on this techworld.com article..

      I wish there were sites which reported computer security news like it is, without the bullshit

      • by kestasjk ( 933987 ) on Tuesday September 30, 2008 @11:14AM (#25205731) Homepage
        (Just to be 100% clear and frank "Russian Police Know Who Wrote Gpcode Virus" is just a plain lie)
      • Re: (Score:3, Informative)

        by Vagnaard ( 1366015 )
        Sorry to interupt you but :

        On December 21, 1995, the President of Russia Boris Yeltsin signed the decree that disbanded the KGB, which was then substituted by the FSB, the current domestic state security agency of the Russian Federation.

        • I know, I was making fun of the GGP's paranoia
        • Re: (Score:3, Informative)

          by Cyberax ( 705495 )

          Wrong. KGB has been substituted by FSK (Federalnaya Sluzhba Kontrrazvedki - Federal Service of Counter-Intelligence) on 1991 (right after the USSR collapse).

          In 1995 it was again renamed and reformed (this time it was called 'FSB').

        • Sorry to interupt you but :

          On December 21, 1995, the President of Russia Boris Yeltsin signed the decree that disbanded the KGB, which was then substituted by the FSB, the current domestic state security agency of the Russian Federation.

          Sure...whatever...that's what the man wants you to believe.

      • by billcopc ( 196330 ) <vrillco@yahoo.com> on Tuesday September 30, 2008 @11:29AM (#25205949) Homepage

        Yet again the summary misleads, but it's no secret the Russian authorities don't have the resources to investigate anything of importance, and that problem leads to the iconic corruption that brings it full-circle.'

      • Re: (Score:3, Insightful)

        you mean not everything bad that happens is a communist plot?

        on a more interesting note, TFA states that yahoo has refused to cooperate with law-enforcement on this case on "privacy grounds." but didn't they hand over the user info on several Chinese dissidents, which led to an American national being falsely imprisoned?

        i guess Yahoo will protect a user's privacy as long as they're a malicious criminal, but not if they're a prisoner of conscience. i guess it's time for me to close up my Yahoo! mail account

      • Re: (Score:3, Interesting)

        Well, to be completely accurate, you can't rule out the possibility of the Russian KGB supporting the virus author, you just don't have evidence for it ;)
        • given that as explained above the KGB dont exist, i think I can.

          • by gnick ( 1211984 )

            given that as explained above the KGB dont exist, i think I can.

            That's right. We don't. Just keep believing that and everything will be fine.

            Actually, we're just biding our time waiting for the US and China to go to blows. Then we thaw out Lenin, reunite the Soviet Union, and the world is our kotlety!

            MWUAHAHAHA!

    • Did you go and leave your tinfoil hat at home again? The tinfoil taped around your finger wasn't enough of a reminder, huh?

  • what? (Score:5, Insightful)

    by SolusSD ( 680489 ) on Tuesday September 30, 2008 @10:15AM (#25204887) Homepage
    "Good question, but this is Russia we're talking about." ?? Someone care to enlighten me what that was about?
    • Re: (Score:2, Informative)

      by grajzor ( 1307967 )
      Probably along the lines of this article: http://www.washingtonpost.com/wp-dyn/content/article/2006/04/07/AR2006040701972.html [washingtonpost.com]
    • Simple (Score:5, Insightful)

      by Shivetya ( 243324 ) on Tuesday September 30, 2008 @10:30AM (#25205139) Homepage Journal

      It is implied that in Russia there are no rights, if the government wants something or someone it doesn't think twice about getting it regardless of the ramifications.

      Of course that is not much different from Western Countries, we just like to pretend otherwise.

      • Re:Simple (Score:5, Insightful)

        by Anonymous Coward on Tuesday September 30, 2008 @10:46AM (#25205327)

        Wait, isn't this the modern Russia which has imprisoned and shut down all free media, poisoned the Ukranian head of state, also brazenly poisoning people in other countries. Holds Europe hostage with its petroleum, and Putin is now head of state for life.

        When the NYT's has a regime change by Bush after printing something unflattering to him, then come tell me that there is no difference.

      • by pembo13 ( 770295 )
        Thanks for the clarification.
    • Re:what? (Score:5, Interesting)

      by The Master Control P ( 655590 ) <ejkeever@nerdshac[ ]om ['k.c' in gap]> on Tuesday September 30, 2008 @10:38AM (#25205219)
      The implication is that the Russian government is explicitly corrupt and does not put on any pretense of enforcing the law but instead protects those with money or ties to money.

      See also: Russian Mafia.
      • Re:what? (Score:4, Insightful)

        by MoonlightSeraphim ( 1253752 ) on Tuesday September 30, 2008 @10:46AM (#25205329)

        The implication is that the ... government ... protects those with money or ties to money.

        now if we look at it this way it is not much different from any other government.

      • Re: (Score:2, Insightful)

        by mdm42 ( 244204 )
        Not at all like a $700-billion hand^H^H^H^H bailout to a bunch of rich fuckers who ripped you off in the first place, then...
        • Re:what? (Score:4, Insightful)

          by The Master Control P ( 655590 ) <ejkeever@nerdshac[ ]om ['k.c' in gap]> on Tuesday September 30, 2008 @11:29AM (#25205957)
          Fools act because something must be done.
          The wise act because they have something to do.

          In any case, the question is how to survive the Subprime Mortgate Plane's crash-landing. In the short term, the fallout has left credit markets paralyzed with fear and waiting for the market to unjam itself would most likely prove unpalatably painful. If we aren't to act until we have a solution, what do you propose that we may act?

          Long term, obviously, the solution is to bring back the regulation that stopped this nonsense from happening in the first place. Time and time again, we've seen that the markets are great at setting short-term prices and astonishingly, abysmally bad at planning for the future (witness the subprime ponzi scheme). Back in the thoroughly unregulated Robber Baron era, we'd have bank runs and financial panics like this literally every 5-10 years. Since the markets clearly can't regulate themselves to prevent this kind of screwup, the government needs to step in and do so. But this is long-term prevention to keep the Subprime Mortgage Plane from ever taking off again; What do we do now that we're stuck on it?
          • Re: (Score:3, Insightful)

            by MightyYar ( 622222 )

            Long term, obviously, the solution is to bring back the regulation that stopped this nonsense from happening in the first place.

            As much as it pains me to admit it, it looks like people suck at finance. Everyday people are responsible for this mess by taking on mortgages they couldn't afford. Banks are responsible because they bought risky debt from brokers who had no reason NOT to grant loans. Insurers are responsible because they underwrote this horrid debt.

            But government regulation is also at fault here. The government encouraged high-risk loans. That did us no favors in this situation. Without Fannie and Freddie, there'd be a who

            • Re: (Score:2, Informative)

              But government regulation is also at fault here.

              Ding ding fuckin' ding. The Community Reinvestment Act of 1977 (thank you, Jimmy Carter, thank you, 95th Congress) began this fucked slide. Clinton continued and encouraged it with the 1995 amendments to the CRA that essentially forced banks into predatory lending practices.

              (Oh, and BTW: Obama worked for one of the law firms involved in suing banks who weren't giving out enough high-risk loans to people who couldn't afford it. Fun, huh?)

              • Re:what? (Score:5, Insightful)

                by Bryan Ischo ( 893 ) * on Tuesday September 30, 2008 @02:20PM (#25208233) Homepage

                I don't know very much about the actual causes of this issue, however I do find it really annoying that someone must invariably turn the discussion into an "it's the Democrats' fault! No, it's the Republicans' fault!" waste of time. You cited only Democratic presidents (and president hopefuls) in your post. I find it VERY hard to believe that there isn't blame to be place on just about every politician out there, regardless of party. So why do you feel the need to try to make this issue partisan? It's attitudes like yours that turn intelligent discussion into useless time sinks, which is the root cause of the USA's political environment being so dysfunctional.

                In short: if voters use their brains, then they will elect politicians who use their brains. You are encouraging voters not to use their brains with arguments like yours. So you and people like you are the real root of the problem.

                • I name Democrats because Democrats were in power for the two major causes for it. I'm not a Republican, and I don't want to vote for McCain; he's not that much better. That said: in 2005, John McCain actually did talk about this and pushed a bill to address the problem; it was shot down, both by Democrats and Republicans. So we've got one Presidential candidate who tried to do something, and one who worked for a law firm exacerbating the problem.

                  But no, I'm causing dysfunction, right? Since I focused on the

        • No, the money that was ripped off is long gone, with no one left to hold the bag. That's the problem. The $700 billion is essentially to subsidize the mortgages of the "wannabe-rich fuckers" who bought houses only to have them lose 30% or more of their value in a year, making selling or refinancing impossible and leaving default and bankruptcy on the table as very appealing options compared to dealing with mortgage payments that ballooned well beyond their expectations (whether they weren't diligent enoug

      • Re: (Score:2, Interesting)

        by AK Marc ( 707885 )
        Sounds like the Libertarian Utopia. How's that working out for them?
        • it is not so much a troll as it looks like.
          russia of the nineties was pretty much a laissez-faire libertarian utopia.

    • "Good question, but this is Russia we're talking about." ?? Someone care to enlighten me what that was about?

      To give you an example, I have a client who had bought servers last year and put them in a datacenter in Moscow. Eventually the project they were intended for didn't work out, so they tried to ship them back to their HQ in western Europe. The bribes requested to get it past the customs were so high that they gave up on that. Selling them on the local market looked like it was going to be a PITA, for both logistical and accounting reasons, so the servers are rotting away.

    • that they've already stormed his house and killed him.

      Oh come on, it's a joke! Have you seen how their police handle hostage situations?
    • here [bash.org.ru] is a good explanation

    • by rtechie ( 244489 ) *

      Russia as a nation, and the KGB in particular, have a reputation for fostering, or at least "turning a blind eye", to hackers and hacking in Russia. In particular, they refuse to extradite hackers to other countries.

      The most famous example of this is the recent "cyberwar" against Estonia by Russian hackers. Russia has made no attempt to catch the Russians responsible and in the eyes of many observers the Russian government organized and endorsed the attacks.

      I'm sorry Russians might get offended by this. May

  • by Daimanta ( 1140543 ) on Tuesday September 30, 2008 @10:15AM (#25204899) Journal

    Simple. They have an ulterior motive in not dragging his ass to prison. That or they're lying. Or lazy.

  • Goodfellas (Score:4, Insightful)

    by pete-classic ( 75983 ) <hutnick@gmail.com> on Tuesday September 30, 2008 @10:16AM (#25204911) Homepage Journal

    So why don't the cops do anything?

    And when the cops assigned a whole army to stop Jimmy, what did he do?

    He made them partners.

    -Peter

  • Tapped? (Score:5, Funny)

    by Hatta ( 162192 ) on Tuesday September 30, 2008 @10:19AM (#25204971) Journal

    I'm not sure it's relevant who at Techworld is tapping who at Kaspersky Labs

  • by Ostracus ( 1354233 ) on Tuesday September 30, 2008 @10:19AM (#25204983) Journal

    "According to Kaspersky, stopping ransomware-based malware in the future will require more effective law enforcement, the use of forensic software analysis to tie suspects to their malevolent creations, and possibly building restrictions into the Windows cryptographic software libraries used to create Gpcode itself."

    This concerns me more than what the cops do as pointed out in the story there's the difficulty of getting the money back to the ransomware author.

    • by jimicus ( 737525 ) on Tuesday September 30, 2008 @10:52AM (#25205405)

      "According to Kaspersky, stopping ransomware-based malware in the future will require more effective law enforcement, the use of forensic software analysis to tie suspects to their malevolent creations, and possibly building restrictions into the Windows cryptographic software libraries used to create Gpcode itself."

      Then Kaspersky are idiots - any malware author with half a brain will simply statically link their code with a stripped down OpenSSL library.

  • by Windows_NT ( 1353809 ) on Tuesday September 30, 2008 @10:22AM (#25205029) Homepage Journal
    They'll never catch me, HAHAHA!
    # encrypt /mnt/cppp/super_secret_files /mnt/cppp/putins_wife.jpeg -a 1024 --key="motherland"
  • by BlackPignouf ( 1017012 ) on Tuesday September 30, 2008 @10:24AM (#25205049)

    hQIOA9E1fHW L3Cs+EAf+ LWFxdp1PrTde8Qie 1RCbJcYw+wje0tBapGwhioSd8+yQ
    1HgIDg7 zfLYXpPL4Pqlv FvyE810ZzpfzhcI2WhNI2O 1TT6pl8nXeEWbDr39TOXCf
    FNBkdmXnkZ /2+iF7/2ht/yAmNQm 4dX6v1BaHSHccN RTCsa74Rq58BfYKAJm2AEf/
    gI0eKtXH SUiCT 8MBdee+BfO3iVLaBGTTcT ioI6Ax45ODsz5zColQz0VJb99LmjGw
    AGVLf4dMLxm8WpZb Ni7RX8WLACnJAP t5MNhOee/J4 vwohQDrfQpux85HKsbQ6nFm
    6Q5HKf4 l68DyPo yYvuvNSg0TlYov03G xYxEA6T4xAwgAi7ahv huEhPFexhNru/S

    This highly interesting post has automatically been encrypted.
    Please Paypal-send 10$ to john.doe@gmail.com to read it!

  • by Richard_at_work ( 517087 ) on Tuesday September 30, 2008 @10:26AM (#25205077)

    Good question, but this is Russia we're talking about.

    Theres a world of difference between knowing who did something, and having enough proof to be able to arrest them, charge them and convict them.

  • by Anonymous Coward on Tuesday September 30, 2008 @10:28AM (#25205093)

    That's a good point someone brought up. In the situation of ransom, how
    will it ever work?
    If large amount of funds are transferred by bank, they can
    find and freeze the bank account.
    If large amount of funds are transferred in cash,
    the money can be traced so you would be caught if you use it.

    So What is the the point in ransoming in the current era? There must be
    something I am missing.

    • There are a couple things that you are missing that make this particular scheme work.

      The first detail is that these guys don't ask for much to unlock your files. I have read they typically ask for $100 or $200. These amounts are is too small for most law enforcement to notice typically.

      Another detail here is the lack of reporting. I am sure that some folks just cough up the money to get stuff unencrypted and never report it to law enforcement.

      Another big detail is that they are in Russia. If the person

      • Personally, I think that the idea of a lone bad guy out there is probably naive. Frankly, I think it's the Russian Business Network behind this. They have the resources and the technical capability to hide behind multiple proxies, and won't have any problem processing the extorted funds.
  • by nweaver ( 113078 ) on Tuesday September 30, 2008 @10:38AM (#25205215) Homepage

    Ransomware crypto is not that effective: Backups are good, and the problem is payment is traceable.

    And RC4 isn't good for ransomware crypto, it IS broken, badly so.

    • Unless:

      By the time you need the data all of your good backups have been rotated through, and now you only have backups of the encrypted data.

      The cost of the key is less than the cost to restore the latest good backup, check integrity, and get to the current point in time again (or eat the losses).

      You use Western Union.

      Your country of origin knows who and where you are, and what accounts your ransom money is being funneled into, and just doesn't care.

      You have no incentive to hack away at the encryption becau

    • by einer ( 459199 )

      Not all payment is traceable, and not all payment is worth tracing.

    • by Anonymous Coward on Tuesday September 30, 2008 @10:54AM (#25205435)

      No, RC4 is NOT broken.

      What IS broken is the implementation required for 802.11 (Wireless LAN) (weak Initialisation Verctors).

    • Re: (Score:2, Insightful)

      by Kardos ( 1348077 )
      If RC4 is broken and "badly so", where is the recovery tool to find the keys?
  • The trojan and encryption could be written by any reasonably savvy malware author, but I guess laundering the money you receive would require a certain level of criminal knowledge.
    The money goes into an e-gold or Liberty Reserve account, presumably one that has been stolen from a legitimate user, and from there somehow it has to get into the hands of the perpetrator.
    If the authorities could track the money after it gets into e-gold ( they have tried before [securityfocus.com]) they could get a handle on who is behind this.
  • by Piranhaa ( 672441 ) on Tuesday September 30, 2008 @10:50AM (#25205365)

    1. Move to Russia
    2. Create virus that encrypts helpless users' data
    3. ???
    4. Profit!

  • Is this Russia? This isn't Russia.

  • They should lock him, er, excuse me, it up in one of their famous gulags. Make him carry huge rocks from one spot to another, and then back again. Don't let him leave until he verbally tells them the master key. I don't care if he'll have to look it up in his computer. They should keep him there until he verbally tells them the key.
  • According to Kaspersky, stopping ransomware-based malware in the future will require more effective law enforcement, the use of forensic software analysis to tie suspects to their malevolent creations, and possibly building restrictions into the Windows cryptographic software libraries used to create Gpcode itself.

    All that is required to stop ransomware is: 1) don't run malware. 2) back up, in case you forget to do step 1 or have other problems (malware isn't the only cause of data loss).

    Their last sugge

    • by Creepy ( 93888 )

      Most of the malware is set up to trick the user, such as fake e-cards sent on her birthday (which is how my wife got infected with a virus/spambot pack that included the Windows AV 2008 trojan + ransomware - I wonder if the date was harvested from somewhere...). It also doesn't benefit ransomware providers to ever remove the virus, so they charge money to a bank account in the Caymans or a fly-by-night business front in Russia, cash it in before authorities close in and disappear.

      Some ransomware like Windo

      • by Thiez ( 1281866 )

        > Most of the malware is set up to trick the user, such as fake e-cards sent on her birthday (which is how my wife got infected with a virus/spambot pack that included the Windows AV 2008 trojan + ransomware - I wonder if the date was harvested from somewhere...)

        Might have been harvested, then again, when you spam millions of people, 1 out of every 365 getting infected isn't that bad, so any date will do, and maybe your wife just got 'lucky'.

        • by Creepy ( 93888 )

          true - I should also point out the scamware Windows Antivirus XP 2008 (and 2009 now) is actually a software company run by a Florida guy [zdnet.com] who is getting sued - the trojan that delivered it as a payload, however is Russian in origin, as were all of the spambots and password and outlook email address cullers that came with it (a check of the dynamic libs the viruses use is an easy way to identify purpose). My bet is the guy hired Russian virus writers (as I implied above), but I just wanted to clarify that t

  • I'm putting my money on the fact that they *don't* know the identity of the programmer but have a pretty short list all of whom are under surveillance. Saying they know who it is might provoke some panic reaction on the programmer's part like, say, running out of the house with a suitcase and a terrified gaze. The rest is future history.
  • by svadu ( 858161 ) on Tuesday September 30, 2008 @12:06PM (#25206441)
    It's funny to mention there is no police in Russia, It's actually called militia :)
  • "So why don't the cops do anything?"

    Good one. And why didn't the US authorities do anything about the SubSeven author or several others I'm certain they knew about?

    I don't have an answer. Neither do they.

  • "So why don't the cops do anything? Good question, but this is Russia we're talking about."

    Wow, that's great journalism there. Really speaks out with a sense of unbiased, facts-only wordage there.

    • by Xenna ( 37238 )

      I'll tell my Russian friend, she must be prejudiced then.

      One of her friends - an old university professor - is forced (by poverty) to write the assignments for his own students (the ones who have money but are too stupid to write them themselves).

      You know any western countries like that?

  • It's a great treatment of this precise topic.

    Check it out here:

    Malicious Cryptography: Exposing Cryptovirology [amazon.com]

    It's an excellent book on the topic, with plenty of technical descriptions and the problems associated with the idea.

  • Cause I'm pretty sure you'd have a good chance at a known plaintext attack... being that it's your freakin' data and all.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...