Prominent cryptographer victim of malware attack related to Belgacom breach

Other cryptographers were also targeted by the same attackers, the researcher said

By Lucian Constantin, IDG News Service |  Security

Quisquater said he clicked on the link, but quickly realized it was a spoof and shut down his computer. He claims he later ran scans with several anti-malware products, but they didn't find anything.

It's not clear if the LinkedIn attack was successful and installed the malware later found on the laptop or if some other attack vector was used, Quisquater said Monday via email.

"Why this attack? I don't know," Quisquater said via email. "Maybe cryptography research is under surveillance, maybe some people hope I have some interesting information or contacts or maybe there's another goal we'll never know."

The malware used encrypted communications so it's hard to tell what kind of information it stole, if any. However, the researcher says that no confidential data, commercial or otherwise, was stored on his computer. "I'm mainly doing my research on papers," he said.

Quisquater said that while he prefers privacy when preparing his research, the information is eventually made public. "The main part of my work is devising methods for security and cryptography: I'm a scientist and I'm publishing these methods in conferences, journals, patents and standards."

The researcher also performs audits of different commercial technologies, but according to him those are done using strong security precautions: only on the company's premises, on dedicated computers without network connection and with everything being destroyed at the end.

It's not clear what the attackers were after, but Quisquater said he wasn't the only target. Other cryptographers were targeted in attacks with the same source, but with different vectors, he said.

He declined to name any of the other persons who were targeted.

Quisquater believes it's premature to make any links between GCHQ or the NSA and the attack against him, or even the one against Belgacom.

Publicly, there is no proof today that GCHQ or the NSA were responsible for the attack reported at Belgacom in September, he said. "It is possible that there were several attacks and the attack from GCHQ-NSA was never detected."

Quisquater claims police investigators told him the malware found on his computer is likely variant of a threat called MiniDuke and that the attack might be Asian in origin. The malware is very clever, very difficult to detect and nearly impossible to remove, he said, adding that no antivirus program detects it at the moment.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness