Open source code is often a great thing: The sharing of information online can enhance the collaborative nature of technology and improve the ways in which we communicate and work. If the code for software is made available, the online community is able to freely share the code with others and even improve it. For instance, Netflix has its own version of an open source program, Netflix Open Source, which now has over fifty projects operating within it. Companies around the world are using the collaborative projects created by Netflix and other developers within this program, making it a useful open source code that benefits many businesses.
However, there are those who would use open source code to enact harm on other entities. This is a very distinct issue with open source malware that can be found on the Internet. Anyone who has the ability to find and implement these kinds of programs could potentially use them to exploit businesses and individuals. Two of the most recent examples come in the form of Hidden Tear ransomware and BlackEnergy malware.
The problem with Hidden Tear
Trend Micro researchers recently discovered a loophole being exploited by malicious actors that originated with open source malware. The program is a piece of ransomware, which works by locking a computer or network behind a paywall such that the user has to pay an amount – usually in Bitcoins – in order to access his or her encrypted information.
The back story behind the malware found by Trend Micro is this: In August 2015, Otku Sen, a Turkish security group, published an open source code for a ransomware program called “Hidden Tear.” The group did this in order to educate Internet users about the malicious program, and their publication of the ransomware came with a distinct message:
“While this may be helpful for some, there are significant risks,” the security group warned. “Hidden Tear may be used only for educational purposes. Do not use it as a ransomware! You could go to jail on obstruction of justice charges just for running hidden tear, even though you are innocent.”
Of course, not everyone is going to abide by this warning. Trend Micro researchers found that this code was being used to hack a website in Paraguay from Sept. 15 through Dec. 17, and again on Dec. 18. The ransomware, which went by the name RANSOM_CRYPTEAR.B, had been created by modifying the open source Hidden Tear code. In other words, a Brazilian hacker had found the code on the Internet, modified it to fit his or her agenda, then used it to infiltrate the Paraguayan website. This clearly demonstrates the dangers of allowing open source malware to be published on the Internet for anyone to use.
Even more issues with open source code
In mid-January, hackers targeted Ukraine’s power grid, according to International Business Times. These attacks were the follow-up to strikes that occurred in December, which caused a power outage that affected hundreds of thousands of people. On Dec. 23, the outage was caused by malware called BlackEnergy, which is known to be used by the Russian cyber crime group Sandworm. There were some who theorized that the Russian government was behind the hacks.
In January, the story was much the same, with grid incidents that left many without power. However, the attack was delivered via a different kind of malware — though with the same social engineering technique. This is causing some to doubt as to whether or not the Russian government was actually to blame.
“What’s particularly interesting is that the malware that was used this time is not BlackEnergy,” said Robert Lipovsky, a malware researcher with Slovakian security company ESET. “The malware is based on a freely available open source backdoor — something no one would expect from an alleged state-sponsored malware operator. “
As Lipovsky described, the malware was based on an open source code found online. While the Ukrainian government will continue to face challenges surrounding who to blame this attack on, the outcome was the same: An freely available piece of malware was able to wreak havoc on the power system and cause issues that affected people around the country.
What can be done?
These issues will no doubt continue to plague companies and individuals around the world. Hackers that perform targeted attacks are becoming more resourceful, and being able to transform code found on the Internet gives them another backdoor into our networks. Protecting computer systems with server malware protection that may have been modified from open source code is a matter of making sure firewalls and virus protection are in place. There will always be those who take advantage of open source code on the Internet, whether for bad or for good. Effective security management solutions can help keep systems safe in the event that malicious code is used by amateur hackers to infiltrate networks.