Share

Related Stories

Top 5 Stories

News

Information Please: Kaspersky Lab needs help decrypting Gauss warhead

14 August 2012

Kaspersky Lab is asking for help from the information security community to decrypt the mysterious Gauss’ encrypted warhead suspected of targeting industrial control systems.

As reported previously by Kaspersky, Gauss is a new cyber surveillance malware related to Flame that has been staling banking credentials in the Middle East.

Kaspersky is now admitting that it is unable to figure out the encryption of the Godel module, which the company believes is designed to take down a supervisory control and data acquisition (SCADA) system or other high-profile targets.

“Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload”, Kaspersky Lab’s Global Research and Analysis Team wrote in a blog.

The team said that that the resource section, which contains the encrypted payload, “is big enough to contain a Stuxnet-like SCADA targeted attack code and all the precautions used by the authors indicate that the target is indeed high profile.”

The team added that it is providing the first 32 bytes of encrypted data and hashes from known variants of the modules. “If you are a world class cryptographer or if you can help us with decrypting them, please contact us by e-mail: theflame@kaspersky.com”, the blog concluded.
 

This article is featured in:
Encryption  •  Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×