Screenshot of the acn.cu website on September 4, 2016, showing the security warning message as originally reported by Caribbean News Now
By Caribbean News Now contributor
HAVANA, Cuba -- A clipboard virus that appeared to be capable of attacking vulnerable computers that had visited the Cuban government information service website (acn.cu) was belatedly removed a day after Caribbean News Now
had raised the issue for the second time last week and after denials from the Cuban authorities that the problem existed in the first place.
In our first report, it was noted that the unique clipboard virus acted by launching a permission pop up (on the ACN website) that seemingly gave users an option either to allow it to control their computer clipboard data or to refuse permission.
However, although it was expected that most users would have instinctively clicked the “Don’t allow” option button on the pop up, researchers pointed out that even that option was encrypted with reversed coding that would in any case provoke a forced install via vulnerable browsers.
The analysis of the infection was done by the Guyana-based cyber security firm and regional anti-virus producer Computer Care, with some assistance from the international cyber security community.
Their analysis at the time had revealed that the virus was designed to take unauthorized control of a computer clipboard. Thereafter, it can then create a backdoor on a computer so as to allow for captured information to be sent out to a remote server, in the same way that internet traffic flows in.
The research, which was headed by Guyana-born software security analyst, Dennis Adonis, who is also the lead anti-virus developer and owner of Computer Care - Guyana, had determined that the infection could have either been planted by another foreign government or rogue group as part of a cyber warfare strategy or even by Cuban cyber intelligence experts themselves.
Adonis himself has previously worked with the cyber security units of several government agencies worldwide since 2012, and is said to have significant working knowledge in matters pertaining to underground cyber snooping. Hence his opinion on back-door cyber security matters is often considered by most cyber security agencies.
However, officials from the Cuban government side, along with regional apologists and supporters of the Communist regime, were critical of Adonis’ findings and had claimed that he had more than likely mistaken a minor Joomla platform bug for an infection – an erroneous result factor that is known as a “false-positive” in any sort of testing or research process.
Moreover, they insisted that there was no pop up security warning in the first place, despite easily demonstrated evidence to the contrary. In fact, the browser security warning still appeared on the ACN website for several days after our first article appeared and was only removed after we pointed out in a second article that it was still evident, notwithstanding claims to the contrary.
A second screenshot of the acn.cu website still showing the security warning message on September 6, 2016, even after the publication of a denial that any such security risk existed. The security alert was no longer evident the following day
Additionally, after other news agencies, including BBC News
, and the New York Times
, became interested in the story, one of them indicated to us that they were still able to find digital footprints of the infection.
Contacted for a further comment on the matter, Adonis’s anti-virus company reiterated that they are confident of their findings, and remained steadfast in their opinion of their original research.
The company explained that though the clipboard virus itself is not unique to the ACN website, its objectives and algorithm were.
In their opinion, this would have meant that someone must have altered the original clipboard virus to append Trojan functionalities and other classes of cyber-bots to it.
Since the publication of the original article, Adonis’ company is said to have received more than two dozen requests from cyber security officials across 20 countries, but was only willing to share the analysis with three of them.
While several media houses had also requested samples of the analysis, approval was only given to a cyber security researcher at the BBC
, and another at the New York Times
Questioned on whether his company may be inclined to share his findings with the Cuban government, Adonis said that once his company considers the credibility of the request, he would definitely do so.
Cyber attacks and infections on government websites has been a growing problem for cyber security experts all over the world.
It is estimated that at least 100 to 200 government affiliated websites worldwide are successfully infected with some sort of malicious code daily.
However, cyber security engineers usually manage to recognize and remove most of the infections before they can achieve their goals.
Thousands of computers possibly infected after visiting Cuban government website
Cuban News Agency refutes accusation of spreading internet virus