By Sam Jones in London
An aggressive new cyber weapon called Snake has infected dozens of Ukrainian computer networks including government systems in one of the most sophisticated attacks of recent years.
Also known as Ouroboros after the tail-devouring serpent of Greek mythology, experts say it is comparable in its complexity to Stuxnet, the malware that was found to have disrupted Iran’s uranium enrichment programme in 2010.
The cyber weapon has been deployed most aggressively since the start of last year before protests that climaxed two weeks ago with the overthrow of Viktor Yanukovich’s government.
Ouroboros gives its operators unfettered access to networks for surveillance purposes. But it can also act as a highly advanced “digital beachhead” that could destroy computer networks with wide-ranging repercussions for the public.
Cyberwarfare experts have long warned that digital weapons could shut off civilian power or water supplies, cripple banks or blow up industrial sites dependent on computer-controlled safety programmes.
The origins of Ouroboros remain unclear, but its programmers appear to have developed it in a GMT+4 timezone – which encompasses Moscow – according to clues left in the code, parts of which also contain fragments of Russian text.
It has infected networks run by the government and systemically important organisations. Lithuanian systems have also been disproportionately hit.
Ouroboros has been in development for nearly a decade and is too sophisticated to have been programmed by an individual or non-state organisation, according to the applied intelligence unit at BAE Systems, which was the first to identify the malware.
The Financial Times has corroborated the existence of Snake with security and military analysts. BAE has identified 56 apparent infections by Snake since 2010, almost all in the past 14 months. Ukraine is the primary target, with 32 recorded instances, 22 of which have occurred since January 2013.
Dave Garfield, managing director for cyber security at BAE, said that the instances were almost certainly “the tip of the iceberg”.
“If you look at it in probabilistic terms . . . then the list of suspects boils down to one,” said Nigel Inkster, until 2006 the director of operations and intelligence for MI6 and now director of transnational threats at the think-tank IISS.
“Until recently the Russians have kept a low profile, but there’s no doubt in my mind that they can do the full scope of cyber attacks, from denial of service to the very very sophisticated”.