– Sergey asked about the size and name of the largest hacker group in history.
The response explained that the Lurk group, a Russian collective, has long been considered the largest documented in history. Its organizer and members were individuals who ended up in prison after arrests in 2016, with the investigation and trial stretching over more than five years. The case was vast, reportedly comprising about 4000 volumes, with each volume around 250 pages. The speaker participated as an expert witness in this extensive proceedings.
When asked how many people were part of this group, the figure was estimated at roughly two hundred individuals scattered across the country. Several of them were convicted under Article 210 of the Criminal Code of the Russian Federation, which deals with organizing a criminal community. There was even footage from the Ministry of Emergency Situations showing the group being moved from their living quarters by private aircraft for trial, with some members sent to Moscow and others to Yekaterinburg where the proceedings took place.
– Could Lurk be considered the largest group in the world?
The speaker clarified that the answer hinges on how one defines a group under centralized leadership. If the measure is a collection controlled from a single center, Lurk might hold that distinction. However, the landscape also includes thousands of loosely organized entities like Anonymous, where individual actors lack a clear structure, formal hierarchy, or a single leader.
– Was Konstantin Kozlovsky the leader to whom the two hundred members reported directly?
– Yes. The discussion noted that the operation spanned fourteen years of strict discipline, a remarkable period for a crime conducted in the high‑tech space.
– If the question were asked whether Kozlovsky could be regarded as an outstanding professional in the field, especially in his role at Kaspersky Lab, would he be described as exceptional?
The interview suggested that the Lurk malware itself was extraordinary for its era. It operated in a way that left minimal traces on infected machines, earning the name Lurk, which translates to hidden in English. When hackers accessed compromised computers and performed actions such as transferring funds, traces were hard to detect later. Security analysts analyzing these machines often found little evidence of the malware.
In that sense, the program was considered remarkable for its stealth and quality of code. Kozlovsky was regarded as a standout figure in terms of records within the field when discussing Lurk’s technical achievements.
– The discussion turned to lawsuits against hackers: were there ad hoc cases as well?
– Yes. There were cases beginning at the moment a crime was committed (information leaks) and culminating in a courtroom verdict. Some outcomes were swift, taking roughly three months from crime to judgment. In one instance, a suspect pleaded guilty and received a suspended sentence. The details of additional cases remained confidential and could not be disclosed further.
– The Lurk program, like any other, has a baseline number of code lines. What was the shortest malware name?
The speaker indicated that the shortest still-valid malware name is Web Shell. These programs are used to compromise websites by granting unauthorized access to servers. They can be as small as about 10 bytes and are typically hidden within the site’s files. A memory noted that a few bytes could exist, such as a string of zeros and a one to trigger an infinite loop.
– And what about the longest running malware?
– There are notably large programs. Stuxnet is recalled as a prominent example. It is certainly among the largest in terms of code size, exceeding a megabyte and packaged with complex functionality. The malware’s reach was global, with a purpose tied to sabotaging industrial equipment, and it affected numerous systems around the world.
What exactly did the program do?
– It targeted industrial facilities, aiming at equipment used in production. Centrifuges, pressure sensors, and frequency devices were among the affected hardware. Readings were manipulated, and the malware spread across multiple countries, resulting in tens of thousands of infections.
– How long does it take to create such a program?
– A few years is a reasonable estimate. Even with many experts, development would likely extend over at least a year with a continuous, around‑the‑clock effort.
– The Internet sometimes speculates that Stuxnet was a joint project of Israeli and U.S. intelligence directed against Iran’s nuclear program. Does that align with reality?
The responder acknowledged that such an opinion exists. It cannot be confirmed or denied, but it is part of the discussion in the public domain.
– What is the longest time from initial infection to activation of the malware’s payload? What record exists here?
The reply noted that the record is constantly updating. In one instance from the current year, an investigation into a company revealed that passwords and documents had been stolen from a system that had first been infected back in 2005. In this case, the attacker remained unseen for 18 years before the stolen data appeared in the attacker’s hands.
– Why would such long delays occur?
– It is often due to strategic control mechanisms, sometimes implemented as bookmarks that delay execution. A malware might sleep for increasingly longer periods, extending a compromise for years. In the cited incident, an 18‑year delay was observed before the attacker finally acted on the information.
– Are there instances of attackers who are exceptionally fast?
– Cryptographers can sometimes act in minutes. An imagined scenario described a remote intrusion into a company’s network, followed by a brief pause for a cup of tea and then a single keystroke that triggered rapid encryption of disks for ransom. The time between initial breach and encryption was estimated at about 25 minutes in that example.
– Do security tools ever log odd behavior?
– Yes. Some quirks can be explained later. For instance, a self‑checking code block might probe the environment and request system information to adapt its behavior. A program once began by asking the system if it was running elsewhere, a quirky line of logic that readers found perplexing.
– What was the purpose behind such quirks?
– It was noted that national coding traditions could explain some of these patterns. While Russian programmers might view certain quirks as unusual, Asian programmers sometimes treat them as standard practice. A memorable line referenced “Bothans are starting” and the metaphor of cows finishing work, a phrase that puzzled the team for a long time. The discussion also touched on a humorous reference to alien plot elements in popular culture, used by some developers to describe the origins of certain ideas in malware.
– Can drawings or photos be embedded in code?
– Indeed. An example from that year involved an image of a naked woman embedded in malware code. The question of why such images were used remains debated. A later discovery found one such photo hosted on a content platform with thousands of subscribers, seemingly tied to the malware’s author.
– How long was the investigation into a particularly old program?
– The longest timeline mentioned was about fifteen years, with investigators revisiting a very old malicious program to uncover new answers as details emerged over time.
– Are there young hackers in Russia today?
– The speaker recalled a few notable cases from Russia, then notes a widely publicized international example, Lapsus$, led by a teenager in Oxford who later faced trial in London. The discussion cited the group’s age and ongoing legal proceedings as part of the broader landscape of youth involvement in hacking.
– Do women participate in hacking?
– Yes. Female hackers have appeared at conferences, sometimes dressed in distinctive styles. The scene includes a mix of professionals, including many young practitioners with distinctive appearances, alongside the usual crowd of students carrying laptops and gear.
– Were there any memorable, even humorous hacking cases?
– A recent case involved an attacker attempting to siphon funds from a bank’s backup system. The bank relied on two identical machines: one controlled the transactions, the other merely monitored. The backup was supposed to be a safety net, but the attacker misjudged the setup. When the intruder tried to exploit the backup computer, the security systems kicked in. The physical proximity of the two machines, just a few centimeters apart, meant the deception failed, and the attacker did not succeed. That incident became a notable anecdote, illustrating both the ingenuity and the limitations of such intrusions.
– Were there any unusual targets in hacks?
– Robots have sometimes been involved. One case described an android meeting‑room robot that could relay messages, display information on a connected monitor, and access the corporate network. The device’s role in a meeting environment made it an appealing target. The attacker did not manage to complete all ambitions and the robot was returned to its owner after the scene was assessed.