A brief point on double standards…
Whilst trawling the internet for the topic for a blog I came across a fascinating POC attack for a method in which a user could payload Microsoft excel/word documents without the use of a macro. This exploited an inbuilt MS office suite utility in order to run commands on an end-user machine.
And right before I began writing this article I thought I’d check BBC News technology subsection to see if there were any competing articles…
Fascinating I thought – I’ll have a look into this. Usually the diatribe of BBC News claims to have irrefutable proof that (INSERT DISLIKED NATION STATE HERE) had hacked (INSERT ANYTHING HERE).
n/b - Beyond the fact that it is virtually impossible to determine the actor of most attacks on the internet, I wondered how the Israeli spies had managed to ascertain the guilt of Russian agents.
An excerpt from the article1 itself:
“Israeli spies looked on as Russian hackers breached Kaspersky cyber-security software two years ago, US media report.
The Russians were allegedly attempting to gather data on US intelligence programs, according to the New York Times and Washington Post.
Israeli agents made the discovery after breaching the software themselves.
This poses very interesting questions as to our moral compass (yet again) – is it okay for an Israeli company to breach Kaspersky and make allegations about supposed Russian actors (who may or may not have hacked Kaspersky).
Should we not castigate all hacking of private companies for private or national gain?
Why is it only Russia which seems to be blamed for these things?
Why is the article not ‘Israeli & Russian spies breach Kaspersky software’
I guess the article should actually be ‘We suspect Israeli & Russian spies breached Kaspersky software (but we have no evidence)’
Or even no article at all... preferably.