The US Department of Homeland security along with the Federal Bureau of Investigation identified code that they concluded was being used by Russian Intelligence service. After further digging it has been found that the software in question is an old malware that was created by Ukrainians and can be acquired online. This was contained in a Blog post by the founder of WordFence.
WordFence is a WordPress plug-in that has been installed several millions of times. The report, which was made public last Thursday by the DHS and FBI contains a PHP malware which was dissected by WordFence employees.
“We spend a lot of time studying PHP malware because WordPreess runs on PHP,” read the Friday blog post that was written by Mark Mauder, the CEO of the firm. “Using PHP malware indicator of compromise (IOC) made available by the DHS, we found the full malware sample.
The firm was able to locate the name of the malware and what version it was. According to Malder, the malware is called “P.A.S 3.1.0.” This was available for download on the internet from a website which has for now gone defunct.
The CEO stated: “We have concluded that the malware they gave us is P.A.S version 3.1.0 which is available for download on a Ukranian website whose owners claim they developed the malware. It has also been found to be a number of versions behind the current version 4.1.1b. It is strange that Russian intelligence operatives are using other people’s tools instead of developing their own or at least using updated software created by others.”
According to FAQs published on Monday, Maulder went on to criticize the report by the DHS and FBI. He said TechFence performed a check on the IP addresses that the DHS found to belong to more than 38 organizations, many of which are popular webhosting providers. There is, however, no direct link to Russia.
The links that the FBI has identified as leading to Russia as the hackers have been criticized by cyber security experts. One reason for the allegation is that the hacker responsible for the DNC emails was Guccifer 2.0 but the malder was modified by Felix Dzerzhinsky, the founder of the Soviet Secret Police.
Cyber security expert, in a blog post stated, “OK put up your hand if you believe that a GRU or FSB officer would add Iron Felix’s name in the metadata of an illegally acquired document prior to releasing it to the entire world and at the same time pretend to be a Romanian hacker.”