KGB was tapping Russian billionaire?

Belarusian secret services again distinguished themselves as computer spies.

The website charter97.org saw one more a Trojan from the Belarusian secret services. Analysis of the program allowed to reveal and neutralize a botnet that was collecting data from compromised computers.

We remind that specialists neutralized and analyzed a similar network of compromised computers of Belarusian politicians, journalists and public activists in early January.

The Trojan program was sent via Skype from an anonymous user to Iryna Khalip, a “Novaya Gazeta” journalist and wife of 2010 presidential candidate Andrei Sannikov. A file with a .scr extension looked like an image and  contained a photo of the agenda for Lukashenka's urgent meeting and a Trojan horse, which installed itself into the system (different versions of Windows).

The program analysis allowed to identify it as an Andromeda versatile modular bot. A Russian-language author of the bot sells it on the internet at a price from 300 to 900 dollars. The program description says the product “can be used as the foundation for a botnet with an endless variety of possibilities. The bot’s functionality can be expanded through a system of plugins, any number of which can be added at any time.”

Client-side part of the program is located on victim's computer and collects data depending on a plugin used. The admin panel and logs are kept on a server on the internet. Specialists of charter97.org managed to receive an access to logs and figure out the victims of hacking and “tapping”.

The botnet was created in late January 2012.

The list of victims leaves no doubts about who controls the botnet. The attack was successful for 15 computers most of them belonging to Belarusian political and public activists:

–  Volha Kazulina (the daughter of 2006 presidential candidate and former political prisoners Alyaksandr Kazulin);

–  An anonymous member of the IPM Research Centre (logs do not contain his or her name, email and skype account);

–  Vasily Zadnepryany, the head of the Republican Party of Labour and Justice;

–  The Assembly pf NGOs ( tizonadelsid@gmail.com, skype: ulkazora, vladimir56@tut.by);

– an anonymous person working for Belarusian media (logs contain Outlook Express folders with mails from The Press House, BelaPAN, Belta, press releases, S&P, Human Rights Institute, Belpresscentre, Amnesty International, the EU);

– Kyrgyz citizen Zhyldyz Apyzakova ( jyldyz0303-71@mail.ru);

– Belarusian Yulia Timofeyeva ( skype: yukla2, yuradart@mail.ru, skype: yltimof, yltim@yandex.ru, ulka666@mail.ru, info@papa.by);

– user  Michele Petull;

and other users whose personality and job were not established.

Logs of user “Alexander Lebedev” appeared to be the most sensational. The logs analysis allows to state the sister and closest aide to Russian billionair Alexander Lebedev, Olga, has become a victim of “tapping”. Alexander Lebedev is known to have no personal computer. His sister Olga Levedeva carries on correspondence on his behalf and heads Novaya Gazeta Editorial and Publishing House.