A group of Russian government-backed hackers gained access to important U.S. government and defense industry computers, according to a report from Reuters They’ve done so by using a method of infiltration and communication that involved online photo data and social media site Twitter Inc TWTR.
Cybersecurity company FireEye Inc FEYE, which has been investigating the Russian group, has discovered that the hackers used stenographic tweets to convey instructions to previously infected computers.
Tweeting In Code
FireEye says that the hackers created algorithms that checked different Twitter accounts every day looking for specific messages. Russian agents would then access these Twitter accounts and tweet coded messages that contained hidden instructions for the computers running the algorithms.
How It Worked
According to FireEye, the tweets would contain a web address, a number and a handful of letters. The computer running the algorithm would then go to the specified website and search for a photo in the site with the specific dimensions of the numbers contained in the tweet. Finally, once the correct photo was identified, the computer would use the letters contained in the tweet to decode hidden messages in the digital display data of the photo.
‘Advanced Persistent Threat’
FireEye has identified the latest scheme as the work of a known group of Russian hackers it calls APT29, an acronym for “advanced persistent threat.” This group could also be working with other Russian hacking groups as well, such as APT28 which has used vulnerabilities in Adobe Systems Inc ADBE’s Flash software gain access to valuable information.
Cybersecurity Market Booming
While data breaches will continue to cause billions of dollars of damage to international businesses and governments, the cybersecurity business is booming. FireEye’s stock is up 46.0 percent in 2015, and the PureFunds ISE Cyber Security ETF HACK is up 14.7 percent this year.