[anon(3310921)]

Red October Malware Spies On Governments Worldwide . . .interesting to note what systems are vulnerable. . .even though I'm pretty sure Blackberry devices aren't any more immune. . .

[jesse_h]

Red October Malware Spies On Governments Worldwide . . .interesting to note what systems are vulnerable. . .even though I'm pretty sure Blackberry devices aren't any more immune. . .

Was that a typo by you? I'm pretty sure that BlackBerry devices ARE immune to this type of security breech.

[mrfreetruth]

notice how the canada was unaffected by the attack as i am sure the canadian government uses nothing but blackberries unlike the US which in some cases dropped blackberry in favour of ios and android and suffered a wide open attack. IMO

[Superfly_FR]

. . .interesting to note what systems are vulnerable. . .even though I'm pretty sure Blackberry devices aren't any more immune. . .

Microsoft's Windows Phone, the iPhone and Nokia models are all said to be vulnerable.

#boom

[Tre Lawrence]

notice how the canada was unaffected by the attack as i am sure the canadian government uses nothing but blackberries unlike the US which in some cases dropped blackberry in favour of ios and android and suffered a wide open attack. IMO

Oh wow.

[mrfreetruth]

People will learn the hard way.

[Bold_until_Hybrid_Comes]

but it hasnt effected the daily life of an instagram ***** yet so no one will care

[anon(3310921)]

The article doesn't mention blackberry but does say it can take advantage of any device using email. . .also it states that this could have been going on for the last 5 years . . . governments have only recently been moving toward other mobile solutions so it's unclear if Blackberry is in fact susceptible . . .I don't know. . .I hope not

[cjcampbell]

The article doesn't mention blackberry but does say it can take advantage of any device using email. . .also it states that this could have been going on for the last 5 years . . . governments have only recently been moving toward other mobile solutions so it's unclear if Blackberry is in fact susceptible . . .I don't know. . .I hope not

Seeing as this is from Kaspersky, and they have only one agenda, to inform of, and combat, virus' and malicious attacks, their lack of including both BlackBerry and Android devices may actually mean something. The latter probably because no government in the world would use them, and the former, probably because of it's encryption both to and from the device. I don't know for sure but if BlackBerry's were suseptable, I would assume that a completely independant body would have stated so in their press release.

[Andrew4life]

notice how the canada was unaffected by the attack as i am sure the canadian government uses nothing but blackberries unlike the US which in some cases dropped blackberry in favour of ios and android and suffered a wide open attack. IMO

It hasn't affected Canada, because we have nothing worth stealing. The federal government we have is a joke. They can't even make a proper purchase of new fighter jets without being bullied and pressured by the US gov.

but it hasnt effected the daily life of an instagram ***** yet so no one will care

True as this may be, it also solidifies their arguments to enterprises and government entities that security is definitely not to be sacrificed.

The article doesn't mention blackberry but does say it can take advantage of any device using email. . .also it states that this could have been going on for the last 5 years . . . governments have only recently been moving toward other mobile solutions so it's unclear if Blackberry is in fact susceptible . . .I don't know. . .I hope not

Here are more details about the exploit. The "Red October" Campaign - An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies - Securelist

I was reading in depth about how some of how the exploit is being done and it would seem to be mostly targeted to windows. It also seems to be exploiting very specific vulnerabilities with many different modules for specific devices.
I know very little about device security, but I do know that Blackberry phones are constantly asking users before something is installed. So I would assume the exploit would only work on a Blackberry if the user specifically clicked "Allow", to some unknown application.

[RubberChicken76]

It hasn't affected Canada, because we have nothing worth stealing. The federal government we have is a joke.

You should run for office. Clearly you feel you'd be the greatest leader the world has ever known

[Andrew4life]

You should run for office. Clearly you feel you'd be the greatest leader the world has ever known

Of course! I'd susidize RIM and make sure BB10 phones are awesome and dirty cheap in Canada. I'd also force them to release the BB10 phone on launch date!

[Shanerredflag]

It's amazing how some of these viruses have evolved...some smart people out there. Clearly a conspiracy to overthrow the Canadian Government…it’s obvious now…sigh

[Branta]

their lack of including both BlackBerry and Android devices may actually mean something. The latter probably because no government in the world would use them, and the former, probably because of it's encryption both to and from the device.

It is clear from the reports that the dominant targets have been government and diplomatic users, and the detected distribution worldwide may be more a factor of where targeted nations have a presence. It is possible the non-detection within nations like China and Korea is due to representatives of target states in a potentially hostile environment taking more care over cybersecurity, both to reduce the risk of attack and by improved firewalls preventing outside detection of a successful attack.

The apparent age of the attack (ongoing 5 years) and relatively recent introduction of Android may be a factor. Other factors might include relatively low uptake of Android in government usage until very recently, and the prevalence of Blackberry under locked down BES making it a difficult target to get access and crack.

[Dapper37]

Well this Org, is not in the business of promoting companies. Instead informing people of threats. The fact that the study centers around BlackBerrys most prominent customers "Government Agency's" Yet "Does Not" include RIM/BlackBerry in the assessment, is in fact a ringing endorsement!!

[rexxenex]

#boom

#BOOM!!!!

[ctuffy]

Seeing as this is from Kaspersky, and they have only one agenda, to inform of, and combat, virus' and malicious attacks, their lack of including both BlackBerry and Android devices may actually mean something. The latter probably because no government in the world would use them, and the former, probably because of it's encryption both to and from the device. I don't know for sure but if BlackBerry's were suseptable, I would assume that a completely independant body would have stated so in their press release.

I have Kaspersky on my Android. Should I load it on my new BB10 unit (if it's compatible / if not another equivalent)? And, when I told my IT guy today that I would be getting the new BB, he actually tried to talk me into getting an Iphone instead, saying it was much more secure. Now I'm not very bright in IT but even I know that BB's are more secure that Iphones. Holy cow!

[VeGiTo]

It hasn't affected Canada, because we have nothing worth stealing. The federal government we have is a joke. They can't even make a proper purchase of new fighter jets without being bullied and pressured by the US gov.

Just FYI, the exploit didn't affect UK as well. One thing these 2 countries have in common is that their governments are still pretty much 100% BlackBerry.

[cjcampbell]

It is clear from the reports that the dominant targets have been government and diplomatic users, and the detected distribution worldwide may be more a factor of where targeted nations have a presence. It is possible the non-detection within nations like China and Korea is due to representatives of target states in a potentially hostile environment taking more care over cybersecurity, both to reduce the risk of attack and by improved firewalls preventing outside detection of a successful attack.

The apparent age of the attack (ongoing 5 years) and relatively recent introduction of Android may be a factor. Other factors might include relatively low uptake of Android in government usage until very recently, and the prevalence of Blackberry under locked down BES making it a difficult target to get access and crack.

Non detection in these countries has nothing to do with the security and limiting of internet, it has everything to do with where this malware originated.......That's right... China. The worlds most massive communist society. Then there's North Korea... the second most dominant communist society. WOW!!! Do you really think that the cyber security in China and Korea are far and above the other countries or do they have other things in common? The U.S., Britain, Canada, France, Italy, India, Germany.... etc etc etc.... Come on man.... They are all countries that have serious needs for security, and spend billions to ensure it. There is no way that China and Korea are more technically advanced than the rest of the world that they'd have better security. There are simply devices that are inherently less secure.

The only uptake of Android has been by a military channel that has taken the base OS and made it there own. It has ZERO similarity to the commercial or "enterprise" units out there. The locked down BlackBerry statement is the only place I feel you are correct, but, why haven't iPhones in business been locked down? How about WP devices? Aren't they all subject to the same limitations by their IT dept????? Come on man. That's the whole POINT!! BlackBerry units ARE MORE SECURE.

[Dapper37]

Just FYI, the exploit didn't affect UK as well. One thing these 2 countries have in common is that their governments are still pretty much 100% BlackBerry.

True Dat!!

[helis4life]

Just FYI, the exploit didn't affect UK as well. One thing these 2 countries have in common is that their governments are still pretty much 100% BlackBerry.

You guys are dreaming a bit. The article focuses mainly on windows and Im sure both those governments and branches use windows somewhere in their departments. To say that the lack of Red October being located inside these two countries being due to the possible reason that the governments use Blackberries is incorrect IMO

[cjcampbell]

You guys are dreaming a bit. The article focuses mainly on windows and Im sure both those governments and branches use windows somewhere in their departments. To say that the lack of Red October being located inside these two countries being due to the possible reason that the governments use Blackberries is incorrect IMO

Yes, you are correct, but what I was saying, is that from the mobile perspective, BlackBerry isn't listed and theres got to be a reason for that.

[Superfly_FR]

You guys are dreaming a bit. The article focuses mainly on windows and Im sure both those governments and branches use windows somewhere in their departments. To say that the lack of Red October being located inside these two countries being due to the possible reason that the governments use Blackberries is incorrect IMO

Yes and no.

1/ Propagation method - in very short - seems based on a combination of several tricks, one being the execution of macros in MS Office, the other a "mobile device activation". It makes sense windows based devices are in sight and easier-to-hack devices too. Remember the hack rules
#1 : never hack all the devices (if you want to act in the shadow); make the breach with whatever is the weakest and less monitored.
#1.1 Now you're in: sniff slow (do not increase traffic volumes/access/consumption significantly).
#1.2 Scatter slowly and silently in the dark. First target : monitoring systems.

2/ Canada and UK being missed by he spy just shows that overall security level is higher there, BlackBerry devices usage being one part of that security awareness. Stating "it's due to BB that these countries are not impacted" is "for the show" IMO, yet it is partially accurate.

[qbnkelt]

Bit deeper discussion.

The "Red October" Campaign - An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies - Securelist

This is one link I'll be sending to my director to point out this was exactly the reason I wanted us to wait for BB10 and stopped a plan to submit a request for information to go to another platform. Although it is possible that BBs are involved, the only phones mentioned are Nokia, Windows phones, and iPhones.

I've got to say....this, alongside clean BB10 phones with no issues like the 99xx bricking incidents, will be great news for RIM *inside the Beltway.* As a consumer, this won't keep me from using my iPhone or my iPad. I do not access any sensitive information on them.

And yes, as a consumer, I'll still use Instagram.

[Superfly_FR]

I do not access any sensitive information on them

Thanks for the link.

[I believe (oops, I must not use this word) think you're not personally concerned, but many will]

Just a question : do you use a different password for all your accounts ?
Scenario (I'm the hacker) :
I'm in your phone and gain access to your mailbox history.
I scan the messages; I'll probably get all the services you use (due to services messages like registration, notifications, etc).
For average user, this is the end. Bank accounts, mail accounts, social accounts ... "ohhh my precious".