Operation Medusa: FBI uncovers gigantic Russian espionage action – and uses it for snooping

Operation Medusa
FBI uncovers gigantic Russian espionage action – and uses it for snooping

The hacker network Snake was in operation for almost 20 years

© South_agency / Getty Images

For almost 20 years, a Russian intelligence unit has been spying on NATO targets. What they didn’t know: The FBI had gained access to the “Snake” program used for this purpose – and used it against its creators.

It’s an operation that’s been going on for decades: Russian malware has been spying on targets in over 50 countries since at least 2004. Now it has been switched off. The Federal Bureau of Investigation, better known by its acronym FBI, had managed to take control of the program – and tricked it into destroying itself.

This emerges from a detailed report by the US Department of Justice. The software, dubbed “Snake”, is “Russia’s most sophisticated tool for cyber espionage”. The responsible group Turla will be assigned to the KGB successor FSB. The program had been used for nearly two decades to spy on targets in the United States and other NATO countries, explained US Attorney General Merrick Garland

High Complex Attack

The hackers’ approach was highly professional, as a detailed analysis of the program shows. “Snake” was run over a network of infected machines around the world. This not only concealed the origin of the attacks, but also made it more difficult to counteract the attacks. The software has been repeatedly revised to make detection more difficult and to upgrade it with new capabilities. The targets would have included military units, companies, but also journalists and individuals.

Once installed, “Snake” went undetected for years, according to the FBI. According to the authority, there are even known cases in which those affected tried to remove the software and it remained active anyway. Depending on the purpose, the hackers were able to load different modules, for example to steal documents and forward them to the backers via the network.

Operation Medusa

Codenamed Medusa, the FBI and allied agencies launched a counter-operation back in 2015. With painstaking work, the US hackers managed to identify 19 infected computers in the USA. They studied the program for several years. Until they finally made a breakthrough – and cracked the encryption of the malware. All of a sudden, the officials were able to read along with “Snake” – and track how and where the attackers struck, what they stole and where the data was ultimately transferred.


Operation Medusa: FBI uncovers gigantic Russian espionage action - and uses it for snooping

Above all, this breakthrough enabled them to counterattack: FBI experts developed software called “Perseus” that made use of the strengths of “Snake” – and infiltrated the program. After the US federal police had obtained special permission from the Department of Justice to be allowed to work outside of their own jurisdiction, the counteroffensive was launched: With “Perseus”, the officers took over parts of the “Snake” network. They made the program delete important parts of its own code. The authorities emphasized that the previously infected computers would not have had to fear any disadvantages as a result of this deactivation.

However, the danger has not been completely averted, warns the Ministry of Justice. “The operation to shut down ‘Snake’ does not fix any of the exploited vulnerabilities and does not remove any additionally installed malware,” the statement said. The companies and authorities identified as affected would therefore be informed separately in order to be able to solve any further problems. The idea is not entirely far-fetched: in the past, thanks to a special permit, the FBI had actually taken over hundreds of company networks via remote access without being asked – and secured them against attacks (find out more here).

Sources: Statement from the US Department of Justice, Threat Analysis

source site-5