Kaspersky Lab PDF
UPDATE 1, February 13, 2014: In their report the Kaspersky Lab leaves open the possibility that the Careto campaign may also be a false flag attack. “We should also not exclude the possibility of a false flag operation, where the attackers intentionally planted Spanish words in order to confuse analysis,” which of course doesn’t automatically mean that it is, though this option should be further investigated.
UPDATE 2, February 13, 2014: The Kaspersky report mentions an Anne Rasmussen as a registrant of a domain used in the Careto campaign. A. Rasmussen is claimed to be located at Storgatan 21, Goteborg, Sweden. Yet the financial director of Temple Israel is also named Anne Rasmussen.
UPDATE 3, February 20, 2014, by 4KEY.NET: Online search results (1, 2) indicate that, aside from a few exceptions, mainstream media outlets refuse to even publish Kaspersky’s alternative conclusion regarding the possibility that Careto may also be a false flag campaign, as described in “Update 1, February 13, 2014,” of the following article. This can easily be proven since Truth News International and Jim Stone’s forum are listed on the very first page of those online search results. Both websites are known to be anything but mainstream venues.
Also important to point out is that the term “Careto” refers to a Portugese tradition which the Spanish use for the term is likely to refer to. Portugal is not mentioned as a target in the Careto campaign.
Yet even more interesting is this.
On April 10, 2013, Israel’s Homeland Security wrote about 6 cyber warfare tools developed by the U.S. for “allowing … to better compete for increasingly scarce Pentagon funding.” Reasonable it is to assume then that Stuxnet (developed by the U.S. and Israel. 1, 2, 3, 4, 5, 6) and Flame or Flamer (created by the NSA, the CIA and Israel) are part of those 6 “cybertools” since it has been admitted in the Washington Post that they are “elements of a broader assault.” Given the nature and complexity of Careto this latter cybertool may as well be a third element of the 6 “cybertools” as mentioned by Israel’s Homeland Security.
G.a.u.s.s., as reported about in 2012, may be defined as a 4th element of the 6 “cybertools” for it “comes from the same factory or factories,” according to Kaspersky.
“The authors forgot to remove debugging information from some of the Gauss samples, which contain the paths where the project resides. The paths are: Variant Path to project files; August 2011 d:\projects\gauss; October 2011 d:\projects\gauss_for_macis_2; Dec 2011-Jan 2012 c:\documents and settings\flamer\desktop\gauss_white_1. One immediately notices “projects\gauss,” wrote Stan Datsko.
“I also noticed “c:\documents and settings\flamer… .” Gauss was said to be in Flame family. Flame, ‘flamer’… coincidence? Doubtful in this case,” wrote Nick P in a reply to Datsko’s comment on February 15, 2014, at schneier.com. (Other sources for this editor’s note also include Geektime.com and eisp.org.il.]
February 12, 2014 – Truth News International
Last week it was reported in the media that one of the 6 eyes’ divisions (USA, UK, Australia, Canada, New Zealand and Israel), the British JIC’s JTRIG, had conducted cyber attacks (DDoS and the planting malware on breached systems) against hacktivists, in 2011. In doing so the UK government is now again known to commit terrorist activities themselves since cyber attacks of this nature are being branded as such by them and the other 5 eyes wholeheartedly.
That SC Magazine report from last week led us to another, more recent, article. Yesterday, February 11, SC Magazine wrote about the “largest ever DDoS attack,” whereby one of CloudFlare’s clients was allegedly hit by one of the biggest distributed denial of service (DDoS) attacks ever seen on European networks. The attack is claimed to be a sign that “someone’s got a big, new cannon” and that it marks the “start of ugly things to come.”
However, research into both cases led us to yet another series of attacks or rather a cyber espionage campaign known as Careto.
On February 11, 2014, The Hacker News published an article about the Careto cyber campaign that was discovered by Kaspersky Labs, which is being described as a sophisticated high-level multi-platform nation-state spying tool, operational since 2007. Careto is credited with targeting and surveilling government institutions, embassies and other diplomatic missions; energy, oil and gas companies; research institutions, private equity firms and activists among other targets.
The developers “used a complex tool-set which includes highly developed malware, bootkit, rootkit etc. that has the ability to sniff encryption keys, VPN configuration, SSH keys and RDP file via intercept network traffic, keystrokes, Skype conversation, PGP keys, WI-Fi traffic, screen capturing [and] monitoring all file operations,” writes The Hacker News.
Careto victims were found in “Algeria, Argentina, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, France, Germany, Gibraltar, Guatemala, Iran, Iraq, Libya, Malaysia, Mexico, Morocco, Norway, Pakistan, Poland, South Africa, Spain, Switzerland, Tunisia, Turkey, United Kingdom, United States and Venezuela. The malware remained untraceable for about 7 years and was able to infect Mac OS X version, Linux, Windows, iPad/iPhone and android running devices.”
Given the short time frame in which all three reports have emerged, that Israel is not in the Careto list of targeted countries and the date of the publications of two reports, February 11, rather unwillingly, we were somehow reminded of the words of Col. Sharon Afek of the Israeli National Defense College when he wrote, according to an article published by Haaretz in January, that only an event like a “Pearl Harbor or Twin Towers attack in cyberspace” would spur efforts to draw up formal internet regulations and cyber laws.
As strange as it may seem, the two mentioned events happen to be acts of war in which the target government, of the U.S., had foreknowledge of what was going to happen on those specific days yet opted to order to stand down.
Based on Sharon Afek’s study, as reported by Haaretz last month, the world needs a suspicious event like Pearl Harbor or 9/11 in order to allow governments to control the internet and to impose cyber warfare laws.
Interesting it is that we had Israel stepping forward last month declaring that they want to control the internet “jungle,” a fact that was completely misrepresented by numerous news outlets even in the alternative media.
According to Omri Ceren, a 37-year-old freelance computer expert who spent years working at some of Israel’s largest cyber security companies, “[Israel] basically let the devil out of the box, and now they’ve convinced the whole world that they’re the only ones who can save them from this new hell,” in reference to the creation and use of the Stuxnet virus by Israel.
“We’re the best at defending because we invented the attacks,” says a hacker going by the name of Robomob at last month’s cyber conference in Israel, writes Buzzfeed. “Where do you think I started? In the IDF. I enlisted, I learned the systems, and now I’m going to get a payday from one of these companies that want me to teach them how to defend themselves.”
“I think Israel sometimes plays a bit too much with this ‘Oh, poor us’ sort of thing. Like everyone should feel bad because we are probably attacked more than any other country,” Robomob was quoted as saying. “But let’s be honest here, we also probably attack more.”
Robomob probably refers to IDF Unit 8200, Israel’s cyber army which was established to “conquer cyber warfare,” according to Israel Muse. Thousands are said to have signed up since the 1990s and have been incorporated into Unit 8200.
Through Stuxnet and the Mossad, Israel is known to have already sabotaged foreign nations and their installations like in Iran [1, 2, 3], Egypt and Japan [1, 2]. Furthermore, it should be mentioned that it is not because the Careto cyber campaign seems to be Spanish in nature that that automatically means that it is Spanish in origin. The possibility exists certainly yes, but so does the possibility exist that it concerns a part of propaganda 2.0 whereby the impression can be given that the attack comes from Spain while it is not. Although the BBC describes propaganda 2.0 as Israeli “government pays students to fight internet battles” and The Guardian describes propaganda 2.0 as an Israeli policy and plan for “organizing volunteers to flood news websites with pro-Israeli comments,” this shouldn’t mean that it can not be deployed in any other form with any other applications or in any combination with a cyber attack or campaign.
Anything will be deployed to make the public believe that terror is just around the corner or one click away. When we can think of it then a well-funded military division or cyber warfare unit can certainly think of it as well.
A major false flag on the internet is coming and it might be only months away from now. Anyway you observe the facts, this report may as well be a party crasher for those who are planning their cyber 9/11, cyber 3/11 or cyber Pearl Harbor with their “big, new cannon.”