In their case against Sigurd Klomsæt I see that the State is still unwilling to climb down. This is not really a surprise, because the Norwegian State has entangled itself in a rather nefarious web that has had dramatic consequences – in some cases leading to Norwegians fleeing the country or living in partial exile in South America. From what I hear, these refugees actually have a sizable community, calling the Scandinavian languages – in a slightly derogatory term – ”Hornhelmet”. Alas, I don’t have the money to seek political asylum or I’d be long gone.
Anyway: the police has been roundly trounced for their incompetence in setting up their ”canary trap” for the supposed leaker.
But there’s also the incompetence in deciding who and what to trust. As with all other things in Norway, this has come down to a Soviet-style, party-book, nomenklatura.
So in 2009, the police’s computer systems were infested with Conficker, a well-known piece of malware, a worm. But the police is running Norman ASA’s NVC. Norman ASA does not generally, at the time, react well to actual cases – what it does is brag about its ”Sandbox Technology” which is one big mess of weaknesses (for a long time, the ”Sandbox” was unable to see anything programmed in Visual Basic, for example) – send its programmers on fat display tours, and skip any complicated detections in favor of simple, automated checksum detections.
But here’s another aspect: as with other fields of business where charlatans operate, the antivirus business floats on product tests. The product tests are mostly based on testing against something called the Wildlist. The Wildlist is a small subset of known malwares, kept small by having designated ”observers” for the list, the observers are mostly members of the testee class, and they have to have come across the malware in question in the wild. It’s a cheaters dream.
So weak performers are able to masquerade as normal or even ”hundred-percenters”.
Anyway, the police were running Norman and they were hosed. If I know Norman (and I do), they were probably given lectures on their stupidity in allowing the malware to flourish. Norman had some public mealy-mouth twitches on the affair:
http://www.vg.no/teknologi/artikkel.php?artid=561160
The consequence of a drubbing like that, of course, is that details about the police systems – weaknesses, structure, software, user accounts and God knows what else – may be delivered to the hacker, to be used at leisure.
The police eventually became dissatisfied with the Norman performance, and swapped it out with Trend Micro, At that point, of course, they were compromised, however you look at it.
This is my comment to an industry forum in April 2009:
ust had a chat with an old friend in the Norwegian Police. He’s telling me
they have thrown out their NVC during the conficker flap and are now running
Trend, which he says they’re very happy with :).
Can see nothing about it on the Norman or Trend sites. Congrats to Trend,
if this is correct.
But now we’ll get a little sharper, if not downright painful. The Norman rep at that time was the fellow at the bottom of this post.
https://junipersec.wordpress.com/2013/02/10/of-family-jewhaters-and-madmen/
and he was writing virus and hanging out with the international virus-writing and hacking gangs already when he was working as a vivisectionist at the University of Bergen.
Are we having fun yet?
junipersec 
Leave a comment