Tag Archives: Wapomi worm

From Pegasus to Pariah: Israeli Spying is Not Sexy

When international news organizations revealed that at least ten governments had used Pegasus, a powerful software tool created by Israel’s NSO Group, to hack into the smartphones of thousands of people around the world, including politicians, human-rights activists and journalists, the Israeli government shrugged. None of its ministers has publicly commented….Israeli defence exporters privately expressed ridicule. “Arms companies can’t keep track of every rifle and bullet they sell to legitimate customers,” said one. “Why should we have higher expectations when it comes to software?…Israeli spying is a sexy subject and these reports are the price for doing business.”

Countries that have received Pegasus software include Brazil, Hungary and India, along with Sunni Arab regimes with whom Israel recently established diplomatic relations: Bahrain, Morocco and the United Arab Emirates. Saudi Arabia, a fellow enemy of Iran, is listed, too. “Deals on cyber-surveillance are the kind of sweetener you can throw into a diplomatic package with a foreign leader,” says a former NSO consultant.

Excerpts from Let Pegasus fly: Israel is loth to regulate its spyware exports, Economist, July 31, 2021

Hacked to be Framed: N. Korea – Wapomi Worm

Foreign hackers could have broken into North Korean computers and used them to make the country look responsible for hacking Sony, experts have said.  Any attempt to blame North Korea for the attack because hackers used a North Korean IP address “must be treated as suspect”, security firm Cloudmark said. That is one of the reasons that the FBI has given for suspecting the country for the attack, which took down Sony Pictures’ systems for weeks.  Security experts have continued to be dubious of the claim, but FBI officials have continued to blame North Korea.

The country has a very small connection to the internet, run by its national telecom ministry and a Thai firm. As a demonstration of how few connections North Korea has to the internet, Cloudmark said that it has the same amount of IP addresses allocated to it as the entire country.  Cloudmark said that the North Korean addresses it traces tend to send out spam, which is usually the sign of an infected machine. It identified the Wapomi worm, which is transmitted by USB drives and file server shares, as the code that is allowing outside people to control the machine.

While there is no guarantee that the same worm is present on the computers that have carried out the attack, the prevalence of infected computers in the country shows how easy it could have been for Sony’s hackers to give the impression they were based on North Korea.  Cloud mark said that “unless the FBI releases more specific details of their case against North Korea, including email headers and mail server logs, some experts will continue to question if they are in fact correct”.

ANDREW GRIFFIN ,North Korea might have been hacked to frame it for Sony cyberattack, say experts, Independent, January 12, 2015