- The American Conservative - https://www.theamericanconservative.com -

Was Destructive ‘Slingshot’ Malware Deployed by the Pentagon?

Earlier this March, cyber-security firm Kaspersky Labs released information on a newly discovered, highly advanced piece of malware dubbed Slingshot [1]. The malware targeted Latvian-made Internet routers [2] popular in the Middle East, Africa, and Southeast Asia.

Kaspersky’s reports reveal that the malware had been active since at least 2012, and speculates that it was government-made, owing to its sophistication and its use of novel techniques rarely seen elsewhere.

Those investigating the matter further have drawn the conclusion that Slingshot was developed by the U.S. government, with some reports quoting former officials as connecting it to the Pentagon’s JSOC [3] special forces. For those following the cyber security and malware sphere, this is a huge revelation, putting the U.S. government in the hot seat for deploying cyber attacks that harm a much greater range of innocent users beyond their intended targets.

Kaspersky’s own findings note that the code was written in English, using a driver flaw to allow the implanting of various types of spyware. Among those mentioned by Moscow-based Kaspersky was an implant named “GOLLUM,” which notably was mentioned in one of the leaked Edward Snowden documents [4].

Advertisement

Further findings suggest that Slingshot had common code with only two other known pieces of software, both malwares, which were attributed to the NSA and CIA, respectively, by analysts. Though various U.S. agencies are all denying comment, things are clearly pointing uncomfortably in their direction.

Cyberscoop [3], one of the first news outlets to break the story, reported a mixed reaction among officials. Some noted that Kaspersky Labs was simply doing what a security company is supposed to do. Others, however, were less agreeable, suggesting it was an intentional attempt by Kaspersky to undermine U.S. security.

The argument, as far as it goes, is that given the ostensible target areas—the Middle East, North Africa, Afghanistan—Kaspersky should have concluded it was related to the War on Terror and sat on their findings. The Trump administration already views Kaspersky as a sort of hostile actor—banning the use of Kaspersky products [5] by any government or civilian federal contractor in December, citing Kremlin influence (a charge that has been vehemently denied by the company). This just gives them more justification for seeing Kaspersky as an adversary in the space.

Unfortunately for the Russian company, some American retailers have even followed suit, pulling the software from the shelves on the grounds that it’s Russian, and that therefore suspect.

There has been no clear evidence that Kaspersky’s software was serving as a backdoor for Russian intelligence, though it was reported last fall that sensitive documents were stolen from a National Security Agency (NSA) contractor’s laptop via its Kaspersky-made antivirus software [6]. In a statement at the time, the company said, “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts.” Turns out that Israeli spies, spying on the Russian spies, disclosed the intrusion to U.S. officials.

Kaspersky has consistently ranked near the top of antivirus ratings from virtually all third-party reviewers. The company has sold its products to nearly 400 million users worldwide, with 60 percent in the U.S. and Western Europe. Until now, Kaspersky was being used by several major agencies in the federal government, including the State Department and Department of Defense.

Ironically, this new Slingshot issue itself appears just to be a testament to how well the company’s security works at digging up extremely dangerous malware. It also underscores the uneasy reality that the U.S. has been engaging in its own brand of cyber warfare all along.

Any claims that a specific piece of U.S. malware—in this case, Slingshot—was targeting only al-Qaeda or ISIS bad guys is disingenuous as well. The exploit on routers is hitting an entire region, infecting an untold number of innocent people [7]. Internet cafés are said to have been hit in this, meaning everyone going into the cafes is at risk.

Malware is not a precision munition, it hits wide targets and spreads out to bystanders. This is particularly disturbing to note if, as some reports are indicating, this malware was Pentagon in origin.

U.S. civilian government surveillance is already doing great harm to general Internet security, and does so by remaining in denial about the balance of good to harm that is being done. The U.S. military, by contrast, has shown its willingness to inflict major harm on innocents in pursuit of any war goal. As they start hitting regions with malware, all bets are off on how far it will spread.

Security companies like Kaspersky Labs only afford the private user limited protection from all of this malware, because they’re constantly playing catch-up, finding new variants and new exploits that the various pieces of software are using. Slingshot, for instance, went undetected for six solid years [8].

The discovery means fixes can finally be implemented for the routers and the computers. Novel exploits like this are rarely a one-time fix, however, as a slew of similar exploits from other sources tend to crop up after one gets taken out. It’s a never-ending battle.

In August, President Trump made U.S. Cyber Command a formal military command [9], reflecting the growing view of the Internet as a military objective. Much as America’s other battlefields result in collateral damage on the ground, the cyberwar is going to have a deleterious impact on day-to-day life in cyberspace. The big questions are how bad things will get, and how quickly.

Jason Ditz is news editor at Antiwar.com [10], a nonprofit organization dedicated to the cause of non-interventionism. In addition to TAC, his work has appeared in Forbes, Toronto Star, Minneapolis Star-Tribune, Providence Journal, Daily Caller, Washington Times and Detroit Free Press.

8 Comments (Open | Close)

8 Comments To "Was Destructive ‘Slingshot’ Malware Deployed by the Pentagon?"

#1 Comment By IT Manager and Patriot On March 22, 2018 @ 1:36 pm

I would never use software made in Russia, China, or Israel. These countries are the top three espionage threats against America — this according to the FBI, no less. So just say “No”.

#2 Comment By Fran Macadam On March 22, 2018 @ 2:04 pm

How naive, to believe that software made here in the U.S. would not target the domestic population. U.S. corporations do not have the option to “Just Say No” when Uncle Sam requires them to engage in mass domestic surveillance, as the news stories published over the last decade by major U.S. news media have exposed.

#3 Comment By b. On March 22, 2018 @ 2:13 pm

The timing suggests that the push against Kapersky products preceded these particular “Slingshot” revelations, unless the US government knew early Kapersky was investigating this specific malware, or Kapersky made the mistake of asking/notifying them, and the US attempted “preventaliation”.

Given that Kapersky also had a leading role in the Stuxnet investigations, and given the convenient “Russia!” hysteria, it is certainly credible that so-called “National Securities Interests” would consider them an adversary regardless of Kapersky’s actual motives.

Between Stuxnet and Slingshot, there is more and more evidence that the Projection Theory of US Public Posture holds strong: the more stridently the Obama and Trump administration accuse others of “cybah” malfeasance, the more likely that the US has actually gone there firstest with the mostest.

#4 Comment By romegas On March 23, 2018 @ 5:09 am

IT Manager and Patriot says:

“I would never use software made in Russia, China, or Israel. These countries are the top three espionage threats against America — this according to the FBI, no less.”

If you had any sense you would stick solely to open source – if you don’t know what is in the code then you are at the mercy of others. Kaspersky has published the code for it’s anti-virus software:

[11]

Will US products do the same?

US products are full of backdoors – from the Windows Operating system to switches and routers – even hard disks.

#5 Comment By Mark Thomason On March 23, 2018 @ 5:25 am

Cyberwar is like nuclear war, in that using it is to release it into our lives, and is self defeating.

Once used, just once, the code is out there to be copied, modified, re-used by anyone.

We need deals based on deterrence, not to spin up more and more actual use.

#6 Comment By Balder the Dash On March 23, 2018 @ 6:42 am

Kaspersky Labs isn’t “based in Moscow”. Headquarters are in Belarus. Last time I looked Belarus was an independent state and Kaspersky is, still, an independent corporation.

I’d ask where were all the other BIG internet security players? One thing they’re not good at is identifying crap when it happens (2012???) or being able to offer up more than opinions on ‘the forensics’.

If you don’t ‘know’, you’re probably infected.

#7 Comment By Ernesto Balza On March 23, 2018 @ 2:51 pm

It is really naive for some american who are sure USA gov isnt targeting american citizen, remember what Snowden revealed several years before. Information is Power and a gov with no ethic wont stop at nothing to get this data.It is a Big Brother policy On Trump steroids.

#8 Comment By TruthIsALostVirtue On March 27, 2018 @ 1:09 pm

You know, what’s really ironic is that all of their (US Intel community’s) equipment has been compromised by a very similar method, with an extra caveat that guarantees persistence. Their time is running out, and what a glorious day it will be when their walls come crashing down.