A tall, soft-spoken engineer, Soumenkov had a habit of arriving at work late in the morning and staying at Kaspersky's headquarters well after dark—a partially nocturnal schedule that he kept to avoid Moscow traffic.
One night, as his coworkers headed home, he pored over the code at a cubicle overlooking the city's jammed Leningradskoye Highway. By the end of that night, the traffic had thinned, he was virtually alone in the office, and he had determined that the header metadata didn't actually match other clues in the Olympic Destroyer code itself; the malware hadn't been written with the programming tools that the header implied. The metadata had been forged.
This was something different from all the other signs of misdirection that researchers had fixated on. The other red herrings in Olympic Destroyer had been so vexing in part because there was no way to tell which clues were real and which were deceptions. But now, deep in the folds of false flags wrapped around the Olympic malware, Soumenkov had found one flag that was provably false. It was now clear that someone had tried to make the malware look North Korean and failed due to a slipup. It was only through Kaspersky's fastidious triple-checking that it came to light.
A few months later, I sat down with Soumenkov in a Kaspersky conference room in Moscow. Over an hour-long briefing, he explained in perfect English and with the clarity of a computer science professor how he'd defeated the attempted deception deep in Olympic Destroyer's metadata. I summarized what he seemed to have laid out for me: The Olympics attack clearly wasn't the work of North Korea. “It didn't look like them at all,” Soumenkov agreed.
And it certainly wasn't Chinese, I sugges ..
Support the originator by clicking the read the rest link below.
