DarkHotel: A Sophisticated New

Hacking Attack Targets High-Profile

Hotel Guests

BY KIM ZETTER

11.10.14 |

11:06 AM |

PERMALINK

Share on Facebook

709

inShare412

Getty Images

The hotel guest probably never knew what hit him. When he tried to
get online using his five-star hotels WiFi network, he got a pop-up
alerting him to a new Adobe software update. When he clicked to
accept the download, he got a malicious executable instead.
What he didnt know was that the sophisticated attackers who
targeted him had been lurking on the hotels network for days
waiting for him to check in. They uploaded their malware to the
hotels server days before his arrival, then deleted it from the hotel
network days after he left.
Thats the conclusion reached by researchers at Kaspersky Lab and
the third-party company that manages the WiFi network of the
unidentified hotel where the guest stayed, located somewhere in
Asia. Kaspersky says the attackers have been active for at least

seven years, conducting surgical strikes against targeted guests

at other luxury hotels in Asia as well as infecting victims via
spear-phishing attacks and P2P networks.
Kaspersky researchers named the group DarkHotel, but theyre also
known as Tapaoux by other security firms who have been separately
tracking their spear-phishing and P2P attacks. The attackers have
been active since at least 2007, using a combination of highly
sophisticated methods and pedestrian techniques to ensnare
victims, but the hotel hacks appear to be a new and daring
development in a campaign aimed at high-value targets.
Every day this is getting bigger and bigger, says Costin Raiu,
manager of Kasperskys Global Research and Analysis Team.
Theyre doing more and more hotels. The majority of the hotels
that are hit are in Asia but some are in the U.S. as well. Kaspersky
will not name the hotels but says theyve been uncooperative in
assisting with the investigation.

This Is NSA-Level Infection Mechanism

The attackers methods include the use of zero-day exploits to
target executives in spear-phishing attacks as well as a kernel-mode
keystroke logger to siphon data from victim machines. They also
managed to crack weak digital signing keys to generate certificates
for signing their malware, in order to make malicious files appear to
be legitimate software.
Obviously, were not dealing with an average actor, says Raiu.
This is a top-class threat actor. Their ability to do the kernel-mode
key logger is rare, the reverse engineering of the certificate, the
leveraging of zero daysthat puts them in a special category.

THEIR TARGETING IS NUCLEAR THEMED, BUT THEY ALSO

TARGET THE DEFENSE INDUSTRY BASE IN THE U.S.
Targets in the spear-phishing attacks include high-profile executives
among them a media executive from Asiaas well as government
agencies and NGOs and U.S. executives. The primary targets,
however, appear to be in North Korea, Japan, and India. All nuclear
nations in Asia, Raiu notes. Their targeting is nuclear themed, but
they also target the defense industry base in the U.S. and important
executives from around the world in all sectors having to do with
economic development and investments. Recently there has been
a spike in the attacks against the U.S. defense industry.
The attackers seems to take a two-pronged approachusing the
P2P campaign to infect as many victims as possible and then the
spear-phishing and hotel attacks for surgically targeted attacks. In
the P2P attacks thousands of victims are infected with botnet
malware during the initial stage, but if the victim turns out to be
interesting, the attackers go a step further to place a backdoor on
the system to exfiltrate documents and data.
Until recently, the attackers had about 200 command-and-control
servers set up to manage the operation. Kaspersky managed
to sinkhole 26 of the command server domains and even gained

access to some of the servers, where they found unprotected logs

identifying thousands of infected systems. A lot of the machines in
the attackers logs, however, turned out to be sandboxes set up by
researchers to ensnare and study botnets, showing how
indiscriminating the attackers were in their P2P campaign. The
attackers shut down much of their command infrastructure in
October, however, presumably after becoming aware that the
Kaspersky researchers were tracking them
As far as I can see there was an emergency shut down, Raiu says.
I think there is a lot of panic over this.

Signs Point to South Korea

That panic may be because the campaign shows signs of possibly
emanating from an important U.S. ally: South Korea. Researchers
point out that one variant of malware the attackers used was
designed to shut down if it found itself on a machine whose
codepage was set to Korean. The key logger the attackers used also
has Korean characters inside and appears to have ties to a coder in
South Korea. The sophisticated nature of the key logger as well

as the attack on the RSA keys indicates that DarkHotel is likely a

nation-state campaignor at least a nation-state supported
campaign. If true, this would make the attack against the U.S.
defense industry awkward, to say the least.
Raiu says the key logger, a kernel-mode logger, is the best written
and most sophisticated logger hes seen in his years as a security
researcher. Kernel-mode malware is rare and difficult to pull off.
Operating at the core of the machine rather than the user level
where most software applications run, allows the malware to better
bypass antivirus scanners and other detection systems. But kernelmode malware requires a skillful touch since it can easily crash a
system if not well-designed.
You have to be very skilled in kernel-level development and this is
already quite a rare skillset, says Vitaly Kamluk, principal security

researcher at Kaspersky Lab. Then you have to make it very

stable. It must be very stable and very well tested.
Theres no logical reason to use a kernel-level keylogger says Raiu
since its so easy to write key loggers that hook the Windows API
using about four lines of code. But these guys prefer to do a kernellevel keylogger, which is about 300 kilobytes in sizethe driver for
the key loggerwhich is pretty crazy and very unusual. So the guy

who did it is super confident in his coding skills. He knows that

his code is top-notch.
The logger, which was created in 2007, appears to have been
written by someone who goes by the name Chpiea name that
appears in source code for the logger. Chpie is the name used by a
South Korean coder who is known to have created another kernellevel key logger that Raiu says appears to be an earlier version of
this one. The key logger in the DarkHotel attack uses some of the
same source code but is more sophisticated, as if its an upgraded
version of the earlier keylogger.
Aside from the sophisticated key logger, the attackers use of digital
certificates to sign their malware also points to a nation-state or
nation-state supported actor. The attackers found that a certificate
authority belonging to the Malaysian government as well as
Deutsche Telekom were using weak 512-bit signing keys. The small
key size allowed the attackers, with a little super-computing power,
to factor the 512-bit RSA keys (essentially re-engineer them) to
generate their own digital certificates to sign their malware.
You very rarely, if ever, see such techniques used by APT
(advanced persistent threat) groups, Raiu says. Nobody else as far
as we know has managed to do something similar, despite the fact
that these certificates existed for some time. This is [an] NSA-level
infection mechanism.
These sophisticated elements of the attack are important, but the
most intriguing part of the DarkHotel campaign is the hotel
operation.

Unravelling the Mystery of DarkHotel

The Kaspersky researchers first became aware of the hotel attacks
last January when they got reports through their automated system
about a cluster of customer infections. They traced the infections to
the networks of a couple of hotels in Asia. Kamluk traveled to the
hotels to see if he could determine how guests were being infected,
but nothing happened to his machine. The hotels proved to be of no
help when Kamluk told them what was happening to guests. But
during his stay, he noticed that both hotels used the same thirdparty firm to manage its guest WiFi.
Some hotels own and operate their network infrastructure; others
use a managed services firm. The company managing the WiFi
network of the two hotels Kamluk visited wishes to remain
anonymous, but it was an unusually willing partner in getting to the
bottom of the attacks. It acted quickly to provide Kaspersky with
server images and logs to track down the attackers.
Although the attackers left very few traces, There were certain
command lines which should not have been there in the hotel
system, a senior executive with the managed-services company
says.
In one case, the researchers found a reference to a malicious
Windows executable in the directory of a Unix server. The file itself
was long gone, but a reference pointing to its former existence
remained. [T]there was a file-deletion record and a timestamp of
when it happened, says Kamluk. Judging from traces left behind,
the attackers had operated outside normal business hours to place
their malware on the hotel system and infect guests.
They started early in the morning before the hotel staff would
arrive to the office and then after they leave the office they were
also distributing the malware then, says the senior executive. This
is not just something that happened yesterday. These are people

who have been taking their time. Theyve been trying to access
networks over the last years.
Its unclear how many other hotels theyve attacked, but it appears
the hackers cherry-pick their targets, only hitting hotels where they
know their victims will be staying.
When victims attempt to connect to the WiFi network, they get a
pop-up alert telling them their Adobe Flash player needs an update
and offering them a file, digitally signed to make it look authentic, to
download. If the victims accept they download, they get a Trojan
delivered instead. Crucially, the alerts pop up before guests actually
get onto the WiFi network, so even if they abandon their plan to get
online, they are infected the moment they hit accept. The

malware doesnt then immediately go to work. Instead it sits

quietly for six months before waking up and calling home to a
command-and-control server. Raiu says this is likely meant to
circumvent the watchful eyes of IT departments who would be on
the lookout for suspicious behavior immediately after an executive
returned from a trip to Asia.
At some of the hotels, only a few victims appear to have been
targeted. But on other systems, it appears the attackers targeted a
delegation of visitors; in that instance, evidence shows they tried to
hit every device attempting to get online during a specific period of
time.
Seems like some event occurred or maybe some delegation visited
the hotel and stayed there for a few days and they tried to hit as
many members of the delegation as possible, Raiu says. He thinks
the victims were ones the attackers couldnt reach through ordinary
spearphishing attacksperhaps because their work networks were
carefully protected.
Kaspersky still doesnt know how the attackers get onto the hotel
servers. They dont live on the servers the way criminal hackers do
that is, maintain backdoor access to the servers to gain re-entry
over an extended period of time. The DarkHotel attackers come in,

do their deed, then erase all evidence and leave. But in the logs, the
researchers found no backdoors on the systems, so either the
attackers never used them or successfully erased any evidence of
them. Or they had an insider who helped them pull off the attacks.
The researchers dont know exactly who the attackers were
targeting in the identified hotel attacks. Guests logging onto WiFi
often have to enter their last name and room number in the WiFi
login page, but neither Kaspersky, nor the company that maintained
the WiFi network, had access to the guest information. Reports that
come into Kasperskys automated reporting system from customers
are anonymous, so Kaspersky is seldom able to identify a victim
beyond an IP address.
The number of hotels that have been hit is also unknown. So far the
researchers have found fewer than a dozen hotels with infection
indicators. Maybe there are some hotels that use to be infected
and we just cannot learn about that because there are no traces,
the network-management executive says.
The company worked with Kaspersky to scour all of the hotel servers
it manages for any traces of malware and are fairly confident that
the malware doesnt sit on any hotel server today. But that is just
one network-management company. Presumably, the DarkHotel
operation is still active on other networks.
Safeguarding against such an attack can be difficult for hotel
guests. The best defense is to double check update alerts that

pop up on your computer during a stay in a hotel. Go to the

software vendors site directly to see if an update has been
posted and download it directly from there. Though, of course,
this wont help if the attackers are able to redirect your machine to a
malicious download site.

Howard Treesong

a day ago

"Hi, I'm a process on a server you don't know. Can I install some files on
your computer?"
No. The answer is no. Never.

I find all stories about problems with computers and malware a bit odd,
seeing as how at some level the user has to cooperate. This user does
not cooperate. This user trusts no one, for any reason, ever.
I don't know what strangled-by-his-own-umbilical-cord idiot came up
with the idea of 'trusted certificates'. What is going to be the first
vector for any attack? That which the user ostensibly [has to] trust[s].
Do these characters have no idea what words mean? It's all a meme
now, it no longer matters?
Who can you truly trust in life? Very few people. Who can you trust
online? Absolutely nobody. Is this something people are really too dumb
to learn or will the lesson sink in at some point?
o

12

Reply

Share

RationalCenter Howard Treesong

a day ago

The point of the article is that the site was able to successfully
masquerade as a trustworthy site. This is not an example of
clueless users, it's an example of a very sophisticated attack
that would work on the vast majority of computer users, even
many experienced ones.
Our entire technology ecosystem is predicated on constant
updates - Windows, Adobe, even Kaspersky need updates on an
almost daily basis, many just for security reasons. You can't tell
people that they have to keep their computers updated to be
safe, and then call them stupid for installing an update that by
all appearances is from a trusted source. That's a system issue,
not a user issue.

14

Reply

Share

Howard Treesong RationalCenter

9 hours ago

"masquerade as a trustworthy site".

Hello? *knock knock* is there anyone alive in there?
There are -no- trustworthy sites. Such a thing does not
exist on this planet. Read the words. 'trusted sites'. There
are sites the traffic of which you begrudgingly have to
accept. That does not mean I trust them. That is never
what it means. I do not trust them, I have not trusted
them before and I will never trust them hereafter. The
concept of 'trust' is something entirely different than the
need to accept traffic from the site. Entire national
security departments are filled with people chuckling at
the notion of users 'trusting' sites.
Seriously, do people no longer care about what words
mean?

Reply

Share

Unlo4 Howard Treesong

3 hours ago

You keep using that word. I don't think it means

what you think it means (in an IT context).

Reply

Share

Sergio Ortiz Howard Treesong

a day ago

So you're saying you don't download updates for your

operating system then? Or for your antivirus? Because if you
do, then you're trusting someone somewhere online.

Reply

Share

Howard Treesong Sergio Ortiz

9 hours ago

No. I -have to- accept traffic from certain sites, always

grudgingly, I trust them -absolutely never-.
Has anyone ever taken the time to explain to you what
trust means? Because I have the uneasy feeling you're
substituting it for something I call gullibility. The two are
not equivalent.

Reply

Share

Andy H Howard Treesong

21 hours ago

"Is this something people are really too dumb to learn or will
the lesson sink in at some point?"
I think we both know the unfortunate answer to that question.
Some users just shut off their brains when it's anything
computer related and others refuse to take even basic
precautions because it's just too inconvenient. Somehow they
don't understand that "it shouldn't work that way", "it should
know what I want/mean" and "they shouldn't be able to do
that" are fine sentiments but utterly meaningless in the real
world.

Reply

Share

moleculethecat Howard Treesong

a day ago

Well said. I NEVER download and install software from a server I

don't know and/or trust.

Reply

Share

Unlo4 moleculethecat

3 hours ago

Hacking DNS and a RSA cert means that your browser

can be pointed to "https://www.wired.com" and the SSL
icon is green/encrypted, and there is absolutely NO enduser indication that you aren't exactly where you think
you are. It's impossible for the end user to know they
aren't on the legit site.

Reply

Share

o
o

Justicer23

21 hours ago

Hmmmm... Rats at night,.....Ghosts at daylight!!! Insider Job?

Negative... -> Many Hotels!...
Outsider? With the ability to deep intrusion every night and purging
their bread crumbs till morning!!!... -> NotSuchAgency skills!!!
o

Reply

Share

o
o

YaPiDo

19 hours ago

"The best defense" is to insist on a MicroSoft product that stops stuff

like this. Instead they keep messing with the GUI and the Start Button.
o

Reply

Share

JaitcH YaPiDo

14 hours ago

The best defence is NOT to use Windows or Mac. There are

many of other decent OS to use is high risk areas.

Reply

Share

thauber JaitcH

4 hours ago

True, but the article only mentioned Windows. I am

curious whether they created a kernel level trojan for the
Mac.

Reply

Share

o
o

bogorad

a day ago

Kasperski! Stopped reading right there. These pitiful fear-mongers will

say anything to cheat you out of your money.
o

Reply

Share

o
o

slave138 bogorad

a day ago

Maybe next time you should try reading a little more then. If
you had, you might have realized that your whine makes no
sense at all in the context of this article.
If they were trying to scare people out of their money, why
would they admit they don't know who exactly is doing it,
where (other than a few examples they could find) it has been
done, or how to stop it from happening again?

Their software obviously wasn't stopping it because they

received the reports of suspicious activity from users who were
already infected.

Reply

Share

bogorad slave138

a day ago

Oh, this one's easy - they just want to keep paranoia in

people's minds as strong as possible. I knew a guy from
Elya-Shim (google it!) who told me that most viruses
were written by them. Big surprise it goes on.

Reply

Share

slave138 bogorad

21 hours ago

I know a guy from McAfee who told me most

viruses were written by Norton. I know a guy from
Norton who told me most viruses were written by
Memco. I know a guy from Memco who told me
that Elyashim wrote most of the viruses but blames
Kaspersky for doing it. I know a guy from Kaspersky

who doesn't say much of anything because he's

always drunk.
Similar rumors have been going around the
antivirus industry for just about as long as the
industry has been around. None of which
hasever been proven. They always have the
earmarks common to urban legends and chain
email B.S.
Don't you think if Elyashim (or any other AV
company) had proof that one of their competitors
was writing viruses to drum up business, they
would expose them properly rather than starting a
friend-of-a-friend whisper campaign?

Reply

Share

Unlo4 bogorad

3 hours ago

So... this is all a big lie?

o
o

Reply

Share

Rick Fictus

a day ago

Users should not have permission to update software, period. If you

want to do any updates, you should have to log out, log in as an
administrator, and do it there. Yes, I'm aware of how sudo works, but
complete separation of the accounts, with lockdown of the
administrator account as far as install vectors, is the only way to go.
o

Reply

Share

FistOfReason Rick Fictus

a day ago

Interesting how that's how OSX is configured by default. Plus,

even if the user has permissions, the file must be set to
executable before it can run. Yay POSIX!

Reply

Share

slave138 FistOfReason

21 hours ago

Interesting that OSX (with default configurations) still

manages to be compromised each year at the Pwn2Own
competition.

Reply

Share

FistOfReason slave138

6 hours ago

It takes a team of attackers to compromise OSX,

yet Windows can be compromised be any third rate
script kiddie.

Reply

Share

slave138 FistOfReason

3 hours ago

Even third-rate script kiddies know that

there's nothing worth stealing from an OSX
machine. Crappy indie films and emo hipster
poetry just isn't worth a scripted attack. Also,
this article is about a "team of hackers".
Funny that as soon as there's something
worth grabbing (celeb photos), the iCloud
was compromised pretty quickly by 3rd rate
script kiddies. It should also be noted that
Apple put out a warning today about the
exact same kind of vulnerability described

here affecting iOS devices - You know, their

only product with widespread usage?

Reply

Share

FistOfReason slave138

3 hours ago

HAHA!! You kids crack me up, no wonder

nobody takes you seriously. Actually iCloud
was penetrated with a device meant for law
enforcement, but I'm sure you know that
since you have such exteneive experience.
Plus, OMac users tend to have higher
incomes; thus proving to be very tempting
targets. But keep believing what your MCSE
tells you.

Reply

Share

slave138 FistOfReason

an hour ago

To quote your earlier post: Wrong.

iCloud was hacked by people on 4chan using

phishing and brute force methods to obtain
account passwords. It had nothing to do with
the law enforcement devices.
Where do you dream up your extensive
levels of complete B.S.?
As for incomes and OS usage: It's one of
those misleading statistics that get passed
around like it means something significant.
Yes, OSX users tend to have higher incomes
than the average Windows user, but there
are a lot more wealthy people using
Windows than OSX.
OSX is used by less than 10% the consumer
market. Assuming Windows is limited to only
60% of the market, that still means there are
likely a lot more wealthy users on Windows
than OSX. This is also not surprising since
OSX systems tend to cost significantly more
than Windows systems. It only goes to figure
that their userbase will have more wealthy
users.
As for iOS: it did manage to capture a
significant userbase with a higher average
income. Which is precisely why it is being
successfully targeted.

Reply

Share

FistOfReason slave138

an hour ago

Wrong, completely. You must enjoy being

abused! No, iCloud was hacked by this:
http://www.wired.com/2014/09/e...
Without the device the hack wouldn't work.
"none of the cases we have investigated has
resulted from any breach in any of Apples
systems including iCloud or
Find my iPhone." Plus you seem to forget
DropBox accounts were hacked too.
Wealthy people don't use $200 Acers. I work
for a Mercedes & BMW dealer, just about all
of our customers come in here with
Macbooks.
Sorry kiddo you're wrong, quit while you're
behind. As for market share, didn't GM have
90% of the car market for the world? Then
Toyota came in at 10%. Then 15%. The
biggest sector for Mac's growth? The
enterprise! w00t!
Having said that, OSX should be targeted
more because people want to rob the house
on the hill, not the crackhouse next to ehe
tracks. (Windows=house on the tracks,
OSX=house in the hill, for clarification).
As for iOS being "successfully" targeted, you
call this successful?
http://www.businessinsider.com...
How long was Wirelurker a threat? A week?
In China?
Don't be butthurt by Apple's superiority, just
accept it and move on with life.

o
o

Reply

Share

FistOfReason

a day ago

Figures, this awesome malware runs on... WINDOWS! What a surprise!

Sometimes I click on something I know is hostile and Safari downloads
an EXE file. What an absolute joke!
o

Reply

Share

Sergio Ortiz FistOfReason

a day ago

What figures is that this malware runs on the most popular

operating system BY FAR, regardless of who makes it.

Reply

Share

FistOfReason Sergio Ortiz

Wrong.

Reply

21 hours ago

Share

slave138 FistOfReason

21 hours ago

What part is wrong?:

- The malware doesn't run?
- The malware runs but not on the most popular
operating system?
- The malware runs on the most popular OS, but it
is not most popular "BY FAR"?
- etc...
Vague fail is vague.

Reply

Share

FistOfReason slave138

6 hours ago

Everything. Literally everything you say is

wrong. Here's some friendly advice, do the
opposite of what you're thinking. It worked
for George Castanza.

Reply

Share

slave138 FistOfReason

3 hours ago

I suppose that's the kind of response I should

expect from someone who is obviously
delusional. I'll let you get back to failing in
the super special way you do it.

Reply

Share

FistOfReason slave138

2 hours ago

Wow! quite a comeback! Discussing anything

with you people is like arguing with a drunk.
"No! I'm find to drive! You're wrong about
OSX! Its crap! Droid's has a butt butt that
won't quit..." *THUD*

Reply

Share

slave138 FistOfReason

an hour ago

"Discussing anything with you people is like

arguing when you're drunk"
There, I fixed it for you.

Reply

Share

FistOfReason slave138

14 minutes ago

I'm the rubber you're the glue?

Reply

o
o
o

Share

Sergio Ortiz FistOfReason

21 hours ago

wow, you should try our for your high school

debate team

Reply

Share

FistOfReason Sergio Ortiz

6 hours ago

I got kicked off my high school debate team.

Reply

Share

slave138 FistOfReason

3 hours ago

Traded you for a ringer from Special Ed, huh?

Reply

Share

FistOfReason slave138

3 hours ago

No, streaking.

Reply

Share

Andy H FistOfReason

21 hours ago

Yeah... You might want to curb that habit of clicking on known

infected links for giggles... http://www.businessspectator.c...

Reply

Share

FistOfReason Andy H

6 hours ago

That's iOS not OSX and the WireLurker threat has been
taken care of. Once again Apple fixed a problem instead
of just letting users deal with it a la Microsoft.

Reply

Share

thauber FistOfReason

4 hours ago

And it could only be done thru a USB (hardwire)

connection. So obviously unless you connect your
iOS device to strange machines you were okay.

Reply

Share

FistOfReason thauber

4 hours ago

I had a similar philosophy in college. Well, it

was more of a guideline. And it didn't involve
USB. Or Macs.

Reply

Share

Andy H FistOfReason

4 hours ago

What part of "allows hackers to infiltrate iOS

devices through an infected Mac" makes you think
it isn't a Mac that's infected?

Reply

Share

FistOfReason Andy H

4 hours ago

The fact that it's already been fixed and is no

longer an issue. Maybe you should find a
vulnerability from five or six years ago to
help prove your point.

Reply

Share

thauber FistOfReason

4 hours ago

I would be careful about that. One of these days that

executable you download will work on your Mac.
It is only a matter of time, before those script kiddies spend the
time to write some malware for the Mac.

Reply

Share

FistOfReason thauber

4 hours ago

Correct, a few times I downloaded a package file, but it

doesn't execute automatically like it normally does in IE.
That's the problem with Windows, one false click and
you;re infected.

Reply

Share

o
o

Ryan Egan

39 minutes ago

It is a best practice to not install something you don't recognize, but

these professionals are good at spoofing you into thinking the update is
legit. Just be careful while you're in luxury hotels...Or just go to Motel 6
and you're safe ;)

http://techsmash.net/be-carefu...
o

Reply

Share

o
o

JC

6 hours ago

So they only attack Windows OS? And if the user click "no" on the
update is gameover for the hackers intentions? That seems too simple.
o
o

Reply

Share

o
o

Sarah M

13 hours ago

"Raiu says the key logger, a kernel-mode logger, is the best written and
most sophisticated logger hes seen in his years as a security
researcher. Kernel-mode malware is rare and difficult to pull off."
I don't know anything about this keylogger or modern
keyloggers/malware, however there have been kernel-level keyloggers
dating back as far as 2005. Back then kernel-level malware was often
called a rootkit. Even Sony had one.
http://en.wikipedia.org/wiki/K...
https://www.schneier.com/blog/...

The article says this one first appeared in 2007, 2 years

after the 1st one appeared, but appears to be upgraded, e.g. it
has seen active development. Even if I assume, for the sake of
argument, that getting caught 2 years later equals 2 years
worse it still appears to be only 2 years behind the 1st in the
world. It obviously isn't unique and sophisticated in the stuxnet
kind of way. I have no idea what sophistication level is needed
to pull that off- but it is easily plausible that this does in fact
represent a world class component.

Reply

Share