NEWS - August 14, 2012

Researchers at Kaspersky Lab in Russia are asking the public for help in cracking an encrypted warhead that gets delivered to infected machines by the Gauss malware toolkit.

The warhead gets decrypted by the malware using a key composed of configuration data from the system it's targeting. But without knowing what systems it's targeting or the configuration on that system, the researchers have been unable to reproduce the key to crack the encryption.

"We are asking anyone interested in cryptology, numerology and mathematics to join us in solving the mystery and extracting the hidden payload," the researchers write in a blog post published Tuesday.

The payload is delivered to machines via an infected USB stick that uses the .lnk exploit to execute the malicious activity. In addition to the encrypted payload, infected USB sticks deliver two other files that also contain encrypted sections that Kaspersky has been unable to crack.

"The code that decrypts the sections is very complex compared to any regular routine we usually find in malware," Kaspersky writes. Kaspersky believes one of these sections may contain data that helps crack the payload.

Last week, Kaspersky disclosed that it had found a http://wired_threatlevel.api.contextly.com/redirect/?id=JszqfLqQeE&click=inbody, apparently designed by the same people behind the http://wired_threatlevel.api.contextly.com/redirect/?id=yETOJ8ZniT&click=inbody, that has infected at least 2,500 machines so far, primarily in Lebanon.

Continued : http://www.wired.com/threatlevel/2012/08/gauss-mystery-payload/

@ the Kaspersky Lab Weblog: The Mystery of the Encrypted Gauss Payload ....

'We are providing the first 32 bytes of encrypted data and hashes from known variants of the modules. If you are a world class cryptographer or if you can help us with decrypting them, please contact us by e-mail: theflame@kaspersky.com.'

"Wikileaks' latest trove of leaked Stratfor emails details the breadth and potential impact of the TrapWire surveillance system. What is it, and are you affected?"

Wikileaks has released as part of its The Global Intelligence Files series another vast cache of leaked emails from private intelligence firm Stratfor. Brought to the public eye is a system called TrapWire. This previously little known technology may have the ability to impact our everyday lives in the U.S. and abroad.

This serves as an FAQ to what we know so far.

What is TrapWire?

In short, TrapWire is surveillance software used by both private industry and the U.S. government and its allies oversees, allowing both public and private sector users to help in counter-terrorism and anti-crime efforts. The software uses algorithms and data from a variety of surveillance sources -- including CCTV and human-input from spotted 'suspicious' behavior -- to, in essence, 'predict' potentially criminal activity.

One leaked Stratfor-owned document, describes it as follows:

There are a variety of new tools, such as TrapWire, a software system designed to work with camera systems to help detect patterns of pre-operational surveillance, that can be focused on critical areas to help cut through the fog of noise and activity and draw attention to potential threats.

While ordinary CCTV cameras are often 'passive' and monitored by humans, TrapWire-connected cameras, such as 'pan-tilt-zoom' cameras, are able to track people, along with license plate readers, called Automatic Number Plate Recognition (ANPR) from place to place.

Continued : http://www.zdnet.com/wikileaks-uncovers-trapwire-surveillance-faq-7000002513/

Related: WikiLeaks.org is crippled under a massive DDoS. Is the TrapWire leak to blame?