Russia's #1 Malware Was Just Sabotaged (Thanks FBI)
ฝัง
- เผยแพร่เมื่อ 30 ก.ค. 2024
- $5 Free Credit 👉 PCBWay pcbway.com/g/gS3qI9
Timestamps:
0:00 What is Snake?
0:18 Elite Russian Hackers
1:03 How Snake Works
2:34 Mistake #1
3:05 Mistake #2
3:35 Mistake #3
4:24 PERSEUS
4:47 MEDUSA
5:44 PCBWay
6:23 Outro
Sources:
www.justice.gov/opa/pr/justic...
www.justice.gov/usao-edny/pr/...
www.cisa.gov/news-events/cybe...
www.nsa.gov/Press-Room/Press-...
www.documentcloud.org/documen...
media.defense.gov/2023/May/09...
www.documentcloud.org/documen...
www.documentcloud.org/documen...
www.secureworld.io/industry-n...
www.hackread.com/fbi-gchq-foi...
www.bleepingcomputer.com/news...
thehackernews.com/2023/05/us-...
www.theregister.com/2023/05/0...
arstechnica.com/information-t...
www.wired.com/story/turla-his...
www.nytimes.com/2014/03/09/wo...
www.rferl.org/a/russia-fsb-ma...
arstechnica.com/information-t...
thehackernews.com/2023/05/sta...
go.theregister.com/feed/www.t...
www.wired.com/story/red-sting...
thehackernews.com/2022/04/fbi...
www.hackread.com/russian-hack...
www.malwarebytes.com/blog/new...
===============================================
My Website: www.seytonic.com/
Follow me on TWTR: / seytonic
Follow me on INSTA: / jhonti
=============================================== - บันเทิง
![[#SHORTS CLIP] ครูอึ้ง กรรมการอึ้ง ฮ่าๆ l ซานิเบาได้เบา l One Playground](http://i.ytimg.com/vi/qeBTuMJs4t0/mqdefault.jpg)
The "operating times" thing gets me every time.
Every hacker worth their salt knows schedules are a weakness.
meh, its not like russia has friendly relations or extradition treaties anyway.
They're probably state sponsored so they're never gonna be caught unless they leave Russia
thats why you need an unhealthy sleeping schedule when youre a hacker lol
So stupid to use that as the only evidence of it being from some region. What if they worked night shift after they got back from their real job? Like 5PM to 1AM.
They work for the government, it makes sense they operate on office hours
... And here was i thinking snake was just the first ever electronic game on a phone, (c) Nokia
ooo
And I thought it was a commonly used interpreted scripting language
And I thought it was what I called my penis.
@@Mempler you were wrong
In our hearts it still is 😌
To be fair, requiring the permission of the pc owner to execute the self destruct function of the malware on it is stupid. It's like a firefighter needing your permission to fill your burning apartment with water so that the adjacent apartments don't catch.
Yeah i think it's a nesscesary evil.
@@kendarr same
id rather have no malware on my computer than some.
As long as theyre transparent about what they did
Yeah with a botnet like this you can't just distribute the cure and hope people use it. Every single node needs to go.
Thank you 3-letter agency for fixing my stuff!!
They glow so bright aswell
If your system is so unsecure, so fbi can just asset it without using their "authority". I think they have the right to fix your hentai malware.
every intel CPU and i think AMD has a backdoor that lets the alphabet boys access your computer as long as there is a power source meaning the only way to stop it is to modify the on die chip or to unplug your PC
hahahaha snake was just the private hentai CDN of Putin the rest was just happy little accidents
@@soubs242 source?
@@wlockuz4467 streaming your desktop takes 4% of your cpu capacity, latest forced and unreversable "security patch" for intels takes 7% of its capacity
@@soubs242 yeah you need Pentium 4 or amd FX, last CPUs without me or psp
Finally TH-cam giving notifications at the right time and early
Shocked AND delighted
It's criminal these topics are never discussed for the general public.
It’s literally being discussed in the public like right now
Just people aren’t nerdy and don’t give a shit normally
@@saosaqii5807 that's really a debate as to whether media is transformative or reflective.
@iamnottheking saystheking lmao bruh
Most people aren't this techy, they don't really care
bro half the general public can barely use a pc lmfao.
I mean, what if hackers intentionally operate in such times to make them seem like they are from a place, for example russia, while actually operating somewhere compleatly diffrent, a schedule red herring per say?
the schedule isn't the only way their location can be found, it's just a basic way to get an idea of the region they are based out of
Thats what ameriKKKa has been doin
Observe that most reports like this only show Russia, Chinese and Iran, no IsFake, ameriKKKa etc...its almost as if ameriKKKans in infosec have a propaganda or something
Would be foolish to assume they wouldn't try it.
@@wiger_ What other way was used here?
That's a good point
I think there is a difference between sending a signal that self destructs the software and the FBI hacking servers directly accessing data, less I am mistaken on what happened here.
I think it's a matter of principle (and that if they could reverse engineer to develop a dummy copy that kills the original version who's to say that it can't also have functionality allowing it to replace snake and funnel data to them instead of Russia or false data
The FBI reverse engineered the snake communication protocol, enabling them to use it to connect to snake bots. From there they could issue snake commands and disable the malware.
@@Seytonic so theoretically, the FBI had the same control over infected machines as the malware creators did?
@@thebevan Yes.
@@sebay4654 A different department may have done such a thing.
If this malware was 20 years in action you dont wanna know what they created in the recent years!
that's probably actually the best malware they have, russian government has a thing for staying stagnant once they have something that works
It was continuisly improved upon, it was their recent years.
That's the fear I gat😂
Heck, if they just clean those mentioned issues, it could have planted itself in several of the points it had before the perseus effect hit, and be now untrackable on a bunch of machines that at most have a hop entry on some server, if FBI recorded all of them successfully
We commonly use 256-bit ECDSA keys, which would take trillions of years to crack on a classical computer (but seconds on a quantum computer). 128-bit ECDSA can be cracked using Pollard's rho algorithm given a few thousand dollars and an AWS account. 128-bit DSA or RSA can be cracked on my 8-year old laptop with a Perl script. For reference, 1024-bit DSA is discouraged because everyone uses the same prime P, and the NSA is suspected of precomputing the GNFS for P over years and storing the exabyte-scale tables on hard drives, so that looking up an individual private key takes a few hours.
Can you link to a real world case of a quantum computer doing that in 2023? We are not there yet. Though we ought to prepare for it, it's scaremongering to repeat the fallacy that quantum computers are RIGHT NOW cracking strong cryptography.
Whenever I hear how these malware devs get caught. I just sit and crack my knuckles and go oh yeah CAN YOU UNDERSTAND MY SPAGHETTI CODE THO?!?!?
lmfao cant crack the code if even the creators dont know what they wrote
Soo Snake was in operation when we only had Snake to play on our phones...
Nice work on the vid bro. Do you edit these yourself or you got third party?
Great reporting job!
PERSEUS is such a good name for it.
I saw this in my feed shortly after it posted, but didn't get to it. I'm glad it popped in my feed again, but I put it in my watch later.
If Russia have Snake, I could only imagine China will have way bigger and more covert data exfiltration network, given how many telecom equipments manufactured by government influnced companies exported.
*babe wake up new seytonic video just dropped!*
Lately, I've been impressed with the US intelligence agencies. If they gotta fix something on my comp, please do. Maybe update some drivers while they're at it.
Is this a joke? I can't tell.
I think that permission shouldnt be an issue, there the fbi they WILL get permission. but i do think that it should follow the same procedure as any other warrent, a knock and a notice that its about to happen. I see no tech in the country getting a call from the fbi letting them know they are going to remove some malware responding any other way besides "cool, you want an easy way in or do you already have it?"
If you read the first source he cites it actually mentions a few times that they did get warrants for MEDUSA and that they did contact those who were infected. Whether or not they were told ahead of time doesn't really matter because in the case of a search warrant on your home they aren't going to call you up or wait outside if you aren't home.
I have to say I'm missing the multiple Topics format, it's a nice video but I feel like I'm not getting as much out of it, if this makes sense....
Maybe include a few (1-4) small "RapidFire" Topics at the end?
Keep it up, love the show!
Maybe some small "Up to Date" News/Breaches in the end, when covering older topics like this? I'm just brainstorming at that point
Unfortunately if someone was already in your pc why would they not just lock them out and fix the flaws and stay as hidden as they were....
No one is like, checking their outgoing packets? Especially at the Pentagon or where security is concerned?
I get it was obfuscated but when an air gapped machine is trying to send data out, you have to wonder why
Also I don't like any government touching my machine, which is why I use paranoid level of control on them
I still have tin foil hat Linux running on an old laptop for doing certain cryptographic functions, that literally is only used in a microwave
Just because you're paranoid don't mean there not after you
(From the song drain you, by nirvana)
Don't think anyone mentioned air-gapped?
And this wouldn't be the first malware to establish whether it had Internet (or even a network adaptor) before calling out. Benign methods exist.
On even a small network with a few thousand nodes, just getting sight of every packet is non-trivial.
Of you have a switch cabinet with 10GBps throughout, you need the same sensing capacity - meaning you basically need another switch cabinet the same size to feed your IDS/IPS. It gets crazy.
They had encryption but didn't used signed code checking for their updates!? And using custom http? Interesting. 🤔.
V2.0 already being tested, im sure.
There's actually a whole bunch of these by now
ive allways found it convient for some one to clean my pc, saves me few days of cleaning and installing, pretty much preciaited
5:20 they might as well offer the NSA-RMM-agent for download at that point 😂
They didn't mistake bits for bytes lmao.
So three letter agencies used Snake to install their own malware?
Do they instruct US based antivirus companies to ignore their malware?
Since you asked for the peanut gallery, the three-letter agencies should be getting the same punitive circumstances and punishments that any individual certified ethical hacker would get you're overstepping the bounds of their negotiated parameters.
I dont think its bad that the fbi removes malware or auto destructs it without permission, as long as they notify the owner of the breach so it can be handled properly
Its the "accessing my computer" part that I don't like. Malware or not, I don't like the idea of someone having the ability to remove software, because it means they can probably also add it.
@@jameswalker199 I agree, thats why they need to notify as well.
Outrageous example: "theres an explosivi device under your car", good luck. They got the skills to remove it. They know its there. Now they just removing it for you instead of leaving it there. And you maybe not noticing it. and shit happens.
It violates your consent in every worst way. Say if you wanted what they deemed "malware" (or any program) and they removed it, this is a violation of sovereignty. Consent is mandatory.
they are scum period. There's always an ulterior motive, don't be so naive "The government wouldn't do that" Yes, they WOULD
I think it should be allowed to do a update attack. But I do think it should only be allowed without being geven special access.
This way, it only targets pc that, in theory are already powned.
In that case, better have the CIA update your system than a bad actor.
imagine thinking the CIA aren't bad actors themselves
The fact that they think they have detonated Snake and haven't caught it again, means that it has improved itself and once again, is still FUD.
Jeez 2003 that’s crazy
Boomer malware.
alphabet boys have been using citizens PCs as playgrounds for long enough Id almost imagine this as fairly tame compared to other things they get up to.
The old bits vs Bytes will get the bestest of haxxers hahaha
This is so cool
thanks
Snake? Snake!
If they're allowed access to my servers without prior knowledge, am i liable if they inadvertently infect themselves with malware housed on my servers, even if i designed it specifically?
fucking genius
how long before they find the http communications ?
fun fact, 3 letters agencies started using snake to spay on other countries 😂
I once had the idea for a similar malware with the same functions, but it failed because of the implementation and the virtual lab
I don't recommend you posting your criminal intentions on TH-cam
@@wlord-lr3mp still a bit odd to post stuff like this, the alphabet boys are always on the look out, danke fur deine response
I found the DoD on my network this week lol..
Don't tread on me!
265 bit encryption💯
"Self-own." 😆
but isnt 128bit key safe ?
For symmetric encryption, yes. Asymmetric encryption typically needs 1024+ bits
@@Seytonic oh okay thanks
@@DodoLP no worries, thanks for watching :)
To be honest, I do consider it a kind of disturbing security violation, regarding how the FBI irradicating this thing. But the problem started way before the FBI did that. Just more reasons to not trust network tech too much.
Yes the Russians don't care about Snake at this point because, rest assured they have a much more modern and sophisticated attack already in motion!
If you're using an exchange server, FBI access is a given.
no step on snek
So people are mad at Microsoft Monday. Our cpu companies look for malware regardless of what country made it.
Sounds like the programmers are hard core nerds they've been reading too many books obviously. I guess it's better than watching too many tiktoks. I guess that makes me a nerd too for knowing about the books.
I feel like law enforcement doing this kinda thing isn't necessarily an issue because I get the distinct impression that the majority of people would not fix the issue themselves if some sort of patch was released.
sweet. just opened the app to a fresh video
imagine fucking over the fbi by just using a vpn and working in non conventional hours
if they pinpointrd their location to a spacific city then im sure they used mroe than just "time zones" also using a vpn means you rely on a central server, not great when youre trying to make a peer to peer network
perseus is the best name they could've chosen
goood vid
"Wired" magazine just did an article about this. Recommend. 6/2023
A lot of the work fighting the SVR infiltrations was done by commercial security companies that were angry they'd been bypassed!
Calling the counter tool Perseus is such a genius gigachad move
its an extremely obvious move, the tool it was countering had a bunch of ourobouros themed stuff in it this isn't really very smart, you wouldn't even need to be familiar with this mythology you'd just have to have a half hour of googling time to come up with a name
@@lilyk3734 what mythology ?
It’s a reference to the alleged Soviet spy from the Cold War
Edit : after googling now I know about the mythology
I thought it was a reference to the soviet era spy
@@Juanguar i would expect people at fbi to be a little less into gaming culture and a bit more mature
SNAKE, brought to you by Kaspersky
Getting rid of malware without my permission or knowledge.....I'm okay with that.
Its the fact they can remove, and probably add, any other software that I don't like.
@@jameswalker199 Yes...totally agree with you. They do that all the time, and that does bother me.
IM FINALLY EARLY!! THANK YOU TH-cam FYP
🔥🔥🔥🔥
Another huge setup back for Russia in a year of major setbacks. FBI did stellar work here and I cannot stress that enough.
whos gonna tell em rofl
Yeah, one of their spyware was perfectly working for 20 years unnoticed.
Imagine what they have now!
But of course they can't compete with the NSA spying on each and everyone on the planet. You included.
@@RustedCroaker lmfao russia doesnt hold a candle to the NSA
I'm still in a dream... Snake Eaterrrrr...
I thoufht of reisdent evil when he mentioined uroboros
Mother snake 🐍 was busy in family planning then a villain came and copy mother identity to stop her children's. ❤
Is... Is it written in python?
yes
Russia would need NASA documents for what, do they even have a space program anymore??
Yeah Russia has a space program still
If the FBI's malware crawls through my system, I welcome it more than the russian. If we can have this transparency each time, and if they are truly honest. I think its fine.
What I worry is if the FBI leaves remnants on my systems that are backdoors themselves. I just want them to clean up after themselves.
i highly doubt the fbi broke 128 bit aes
This concerns asymmetric encryption, 128 bits is nowhere near enough to be secure.
Dayum I’m early
Id be happy for someone to sort it out for me, just like if someone came and mowed my lawn for free without bothering me :)
mowed your lawn with a Google street view camera aimed at your house
@@soulife8383 hahah awesome idea, whilst sucking up all the ssid’s
@@PhilCrombieMTB even better idea!
Oh yeaaa
ooo
The FBI doesn't have the authority to do that. If it was such a problem, they could call up the person with the infection and tell them about it or ask them if it is ok they purge it.
That is unfeasible given the time it would take to ask for every single infected system's owner. Also, doing it piecemeal would give the hackers further time to update the virus, remove the killswitch or whatever. I don't like the FBI or CIA very much, but if you just let these cyberattacks from foreign actors fester, major sectors of the economy,gov,etc will get pwned sooner or later. I do wish we could get some guarantees that they will solely target malware and do nothing else, but 9/11 already fucked everything in that regard.
But how they know Russia themselves did it and not a group
You've got the "SHINE"
The glowie shine, that is
Personally I think the fbi should tell people about the computer infection and ask to remove it.
Counter point: that would allow loyalists to keep it operating and it would re-spread.
I'm not a fan of it, but also counter point: some server admins suck at their jobs and would likely take way too long if told to patch it, if they even get around to patching it at all
It could also alert the bad actors to the vulnerability if word gets out
Much like covid, there will be many that won't get "vaccinated", even more so with fixing computers. The virus would remain forever if that was case.
It would be quite literally impossible for couple of very good reasons. 1) It is impossible to identify 100% of the people responsible for infected computers. 2) Even if that was possible, it would still be impossible to contact 100% of those people. 3) Even if both would be possible, it would be impossible to rely on voluntarism and expect 100% of the people asked to do anything about it.
It is simply not possible to have a scenario where the infection could be cleaned up without using the same network the malware itself uses. While I absolutely support transparency of governmental agencies as that is the only way to ensure working democracy, there are situations where it just doesn't work. In those situation it is the best to have the transparency after the fact as was done in this case.
So they got a name generator and the hackers got hacked😂😂😂😂😂😂😂😂😂
Sure an FBI agent may be invading my privacy, but at least they are helping me and my country
This is a Glowie comment
the us government is not helping the us, it's ruining it
Bootlicker.
Fighting foreign powers is laudable. It's when these skills get used domestically I have a problem.
Always lovely to hear of Russia getting rekt.
Hmm.. I think i'll have my webserver pretend to be a snake, to see what happens.
I think that if the FBI can hack you easily enough to fix your security, you should be thankful.
"Thanks colonial police"
Did it only hit windows operating systems. I bet GNU/Linux missed it all.
I should've mentioned it was cross platform, Windows/Mac and Linux I believe
Smarm fail.
There are plenty of ways to leave a RAT on a Linux system if said system contained a component that was vulnerable (say, a webserver)
first
you seem biased in favor of FBI over CIA.
This comment section is filled with glowies.
Bits and Bytes,
Blast in your face.
Bits and Bytes
Are not to replace.🤡
'If you Google it you'll find only a few instances where it's shown it's effects'
Don't worry seytonic, there's lots of stuff (and increasing) for which Google barely returns a few instances of useful results. Even regular day to day stuff gets that treatment
That's because their servers are overloaded processing stolen private data
cringe
... And here was i thinking snake was just the first ever electronic game on a phone, (c) Nokia