This document discusses different uses of malware by governments including law enforcement, espionage, surveillance, and sabotage. It provides examples of specific malware used by different hacking groups and intelligence agencies for these purposes, such as CosmicDuke, Havex, and Turla. It also outlines international surveillance cooperation between intelligence agencies through various multilateral agreements.

2. •Differentgovernmentalusesfor malware
•LawEnforcement
•Espionage
•Surveillance
•Sabotage
•Warfare

5. Protecting the irreplaceable | f-secure.com

6. CosmicDuke

7. Masking "file.scr"

8. • rcs.Заказ.doc
• rcs.18.jpg
• rcs.DSC_1365527283.jpg
CVE-2011-0611

9. CosmicDukeremnants
•c:botgenstudiogenerations8f1777b0binBot.pdb
•d:productionnitrosvagenerations809113ddbinBot.pdb
•d:svanitrobotgenstudiointerfacegenerations80ddfcc1binBot.pdb
•D:PRODUCTIONNITROKSKGenerations70BCDEA1binBot.pdb
•C:ProjectsNEMESISnemesis-geminanemesisbincarriersezlzma_x86_exe.pdb

11. Havex

15. Agent.BTZ/ Turla/ Snake / Uroburos

16. Turla
Agent.BTZ

17. DeveloperSignatures
$Id: event.c14097 2010-11-01 14:46:27Z gilg$
$Id: mime64.c 12892 2010-06-24 14:31:59Z vlad$
$Id: named_mutex.c15594 2011-03-18 08:04:09Z gilg$
$Id: nt.c20719 2012-12-05 12:31:20Z gilg$
$Id: ntsystem.c19662 2012-07-09 13:17:17Z gilg$
$Id: snake_config.c5204 2007-01-0410:28:19Z vlad$

18. 6es7-315-2 / 6es7-417

19. Protecting the irreplaceable | f-secure.com

23. "There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was the americanband acdcthunderstruck. It was all very strange and happened very quickly. the attackers also managed to gain root access to the machine they entered from and removed all the logs."

24. Gauss encryption
movecx, (LENGTHOF tToCrypt)-1
movedx, OFFSET tToCrypt
movebx, OFFSET tEncrypt
L1:
moveax, [edx]
XOReax, ACDC
noteax
mov[ebx], eax
incedx
incEBX
LOOP L1
movedx, OFFSET tOutEncr
callWriteString
movedx, OFFSET tEncrypt
callWriteString
callCrlf
ret

29. FinFly

31. UAE, Bahrain, Saudi Arabia, Syria…
•Finfisher(Gamma)
•RCS (HackingTeam)
•DarkComet
•BlackShades
•XtremeRAT
•Spynet

32. Image Source: When Governments Hack Opponents: A Look at Actors and Technology, Citizen Lab + ICSI

34. HackerUnitsindsideUKUSA intelligenceagencies
JTRIG

35. THE EYES
•FIVE EYES: USA, UK, Canada, Australia, New Zealand
•NINE EYES: FiveEyes + Denmark, Norway, TheNetherlandsand France
•FOURTEEN EYES: Nine Eyes + Sweden, Germany, Belgium, Italyand Spain

36. •freebrokep
FREE Peter Sunde

37. GenevaConvention
"Legitimate military targets are limited to those objects which by their nature make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage"

38. Pleasefillyourfeedback formifyouhavenicethingsto say. Otherwise, nevermind.
ThankYou