Omega Owners Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Please check the Forum Guidelines at the top of the Newbie section

Pages: [1]   Go Down

Author Topic: State owned and placed malware  (Read 1600 times)

0 Members and 1 Guest are viewing this topic.

Rods2

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Male
  • Sandhurst Berkshire
  • Posts: 7604
    • 1999 3.0 Elite Estate
    • View Profile
State owned and placed malware
« on: 12 August 2018, 14:53:13 »

The Russian PM Medvedev yesterday warned the US against further sanctions due to the chemical warfare attack on the UK. The US due to their international obligations are legally bound to punish any state that breaks international law by using chemical weapons. US Congress in now debating a new law with more punitive sanctions against Russia. The Russian PM has said they will consider this an economic attack on Russia and will retaliate using any means they see fit to use including unconventional ones. You can take this to mean from their attacks multiple times on Ukraine which is a Russian cyberwar testing ground, this will involve placed malware, including power distribution control systems, Internet routers including domestic broadband ones. I was in Ukraine in June 2017 during such an attack that took down their countries airline booking systems and their banks financial systems including their ATM systems. The first thing I knew about it was when I couldn't withdraw any money ready for my trip the following day back to Kyiv's Borispol airport or check in and get my flight boarding pass. These are real attacks affecting many people. Several weeks a go the CIA and FBI detected Russian malware being placed on US routers and requested that SMEs and domestic Internet users to power down all their routers and reboot them to remove the malware they had detected.

We know this from Facebook, probable illegal, sharing of data with Cambridge Analytica and at least one Israeli company they have links to the Russian and Chinese (through Hong Kong front companies) intelligence. Both countries have heavily invested in US tech companies through anonymous front companies for espionage and influence reasons. Again we know from Cambridge Analytica that one of their favourite data collection sources for profiling 'subjects' are quizzes and even better online surveys. If you do either you are not only profiled by the US tech company advertising affiliates, but also by Russian and Chinese intelligence for use in targeted active measures propaganda profiled political adverts but also their useful fool front websites whose SEO ranking is boosted through botnets linked to social media and these routes will be used in cyber warfare attacks in the future. Through advertising profiling we know Facebook makes on average $50 a month for each UK user and $80 in the US. Other US tech companies will be earning similar amounts.

Two things: If something is free you are the product and being forewarned is being forearmed in an area that is likely to turn very nasty over the next six months or so.
Logged
US Fracking and Saudi Arabia defending its market share = The good news of an oil glut, lower and lower prices for us and squeaky bum time for Putin!

biggriffin

  • Omega Lord
  • *****
  • Offline Offline
  • huntingdon, Hoof'land
  • Posts: 9739
    • Vectra in a posh frock.
    • View Profile
Re: State owned and placed malware
« Reply #1 on: 12 August 2018, 21:21:58 »

o booger,, that means the link I posted earlier, for the quiz is probabaly owned or moniterd by mossad, kgb, or someother nations nasty people,  :o :o  Time to go off grid, pay by cash, that's a start.

Thanks for the warning. :y
Logged
Hoof'land storeman.

Sir Tigger KC

  • Get A Life!!
  • *****
  • Offline Offline
  • Gender: Male
  • West Dorset
  • Posts: 23427
    • 2 Fords
    • View Profile
Re: State owned and placed malware
« Reply #2 on: 13 August 2018, 12:01:16 »

Did they ever get to the bottom of what caused that massive systems crash at the NHS a few months ago?  ???  :-\
Logged
RIP Paul 'Luvvie' Lovejoy

Politically homeless ......

STEMO

  • Guest
Re: State owned and placed malware
« Reply #3 on: 13 August 2018, 12:10:16 »

Did they ever get to the bottom of what caused that massive systems crash at the NHS a few months ago?  ???  :-\
Wannacry?  ;D
Logged

deviator

  • Omega Knight
  • *****
  • Offline Offline
  • Chesterfield
  • Posts: 1398
    • View Profile
Re: State owned and placed malware
« Reply #4 on: 13 August 2018, 12:25:13 »

Did they ever get to the bottom of what caused that massive systems crash at the NHS a few months ago?  ???  :-\
Lack of funding?
Logged
FCR and cam lock off kit available. Deposit maybe required. Contact me.

Sir Tigger KC

  • Get A Life!!
  • *****
  • Offline Offline
  • Gender: Male
  • West Dorset
  • Posts: 23427
    • 2 Fords
    • View Profile
Re: State owned and placed malware
« Reply #5 on: 13 August 2018, 13:14:28 »

Did they ever get to the bottom of what caused that massive systems crash at the NHS a few months ago?  ???  :-\
Lack of funding?

Ah yes the Tories...  ::)
Logged
RIP Paul 'Luvvie' Lovejoy

Politically homeless ......

Rods2

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Male
  • Sandhurst Berkshire
  • Posts: 7604
    • 1999 3.0 Elite Estate
    • View Profile
Re: State owned and placed malware
« Reply #6 on: 15 August 2018, 01:20:28 »

This is a US NSA follow up in a Defense One magazine article. Not surprised to stage 1 hacking being persistent & rebooting only deleted stages 2 & 3 which can be added again where the Russians 'own' the device. This is worrying due to a lack of government / industry response to tools to get rid of the stage 1 malware.

If anybody is aware of any tools to test & remove this stage 1 infection then please let me know?

https://www.defenseone.com/technology/2018/08/russian-military-spy-software-hundreds-thousands-home-routers/150474/

Logged
US Fracking and Saudi Arabia defending its market share = The good news of an oil glut, lower and lower prices for us and squeaky bum time for Putin!

aaronjb

  • Guest
Re: State owned and placed malware
« Reply #7 on: 15 August 2018, 08:25:15 »

"What’s needed now, Joyce said, is for government, industry, and cybersecurity professionals to find a way to straightforwardly tell individuals how to detect the presence of the malware on their routers and then to restore the device to its trustworthy state."

That's virtually impossible, because we are dealing with consumer devices here - the kind of thing where there is no usable management console access and all you get is the (woeful) web UI. Heck, stuff bundled with your connection doesn't even usually come with the ability to manually re-flash the firmware, because ISPs don't make the firmware available for download.. in other words, because we've dumbed down technology to a level where non-IT folks can use it, we've also rendered it completely insecure.

Remember, the S in "IoT" stands for Security.
Logged

Kevin Wood

  • Global Moderator
  • *****
  • Offline Offline
  • Gender: Male
  • Alton, Hampshire
  • Posts: 36268
    • Jaguar XE 25t, Westfield
    • View Profile
Re: State owned and placed malware
« Reply #8 on: 15 August 2018, 10:31:31 »

Indeed. I'd say unless there is an "out of band" way to flash the device with its original firmware image there's no way, so it's back to the factory, or bin it. If you do clean it, what's to say it doesn't get owned again as soon as it connects back to the internet?

Even if there's a way for the consumer to load firmware, what's to say that hasn't been "got at" too?

There isn't really an answer to securing cheap consumer embedded systems such as this, IMHO, other than don't connect them to the internet. Less than useful for a router.  ::)

Probably the only solution is for ISPs to detect suspicious activity and boot them off the network. Then again, it's not their problem and that will just cause their support centres to get swamped with calls from unwashed plebs who can't get on @rsebook. ::)

I wonder if I should update my ancient Draytek router some time. Then again, it might now be so ancient that nobody's going to bother hacking it?
Logged
Tech2 services currently available. See TheBoy's price list: http://theboy.omegaowners.com/

aaronjb

  • Guest
Re: State owned and placed malware
« Reply #9 on: 15 August 2018, 10:49:29 »

I wonder if I should update my ancient Draytek router some time. Then again, it might now be so ancient that nobody's going to bother hacking it?

;D Probably the latter, yep. Best router I ever owned (right up until it died in a thunderstorm).

Personally I can be pretty confident that my router hasn't been owned (pfsense on a little Intel box), but the Virgin router that I'm stuck with (in modem mode)? Unless I crack it open and find some JTAG headers, I don't believe it even has a console ... beyond probably a "hidden" one for Virgin to connect in to, that likely has the same credentials on every unit. Y'know, handy for the Russkies. ;D

Do I worry about it all? No, not really. Given sufficient resources (i.e. government) someone can own my traffic no matter how hard I try and protect myself, so you're fighting a losing battle if you're worried about nation-state attacks.
Logged

Kevin Wood

  • Global Moderator
  • *****
  • Offline Offline
  • Gender: Male
  • Alton, Hampshire
  • Posts: 36268
    • Jaguar XE 25t, Westfield
    • View Profile
Re: State owned and placed malware
« Reply #10 on: 15 August 2018, 11:51:28 »

Indeed - where "My traffic" is stuff going to and from the internet anyway, so, if it's something you care about, and isn't already robustly encrypted...
Logged
Tech2 services currently available. See TheBoy's price list: http://theboy.omegaowners.com/
Pages: [1]   Go Up
 

Page created in 0.044 seconds with 21 queries.