FSB contractor breach exposes secret cyber weapons program leveraging IoT vulnerabilities


The hack of an FSB contractor has exposed details of the Russian
intelligence agency’s cyber weapons program aimed at exploiting vulnerabilities
in IoT devices.

Digital Revolution, a Russian hacking group, has claimed credit
for the April 2019 breach of subcontractor ODT
(Oday) LLC, which was working with frequent Russian Ministry of Internal
Affairs contractor InformInvestGroup CJSC, and published 12 technical documents
revealing what the FSB has dubbed the Fronton Program.

Inspired by the Mirai botnet, the program developed in 2017
and 2018, according to a ZDNet report,
suggests creating an IoT botnet for the FSB marshalling devices – particularly internet
security cameras and digital recorders – that still use default logon credentials
or easy-to-crack user names and passwords.

Once pulled into the botnet, the devices could be used to
execute DDoS attacks. “If they transmit video, they have a
sufficiently large communication channel to effectively perform DDoS,”
the report cited an expose
by BBC Russia as saying.

The FSB’s unit 64829, or FSB Information Security Center, apparently placed a procurement order for the project.

“This is the first time the use of IoT botnets by nation-state actors has been revealed as fact,” said Ben Seri, vice president of research at Armis. “This illustrates the tip of the iceberg in terms of IoT attacks taking place in the wild by a wide array of threat actors.”

But the technique of taking advantage of unsecured IoT devices, to
create a powerful army of devices that can carry out massive DDoS attacks tried
and true. “This leak shows a few critical things. First, how certain nation
state actors may use this technique to carry out similar DDoS attacks,” said
Seri. “Second, how they may distance their core operation from it, in an
attempt to hide behind the benign looking IoT devices.”

Finally, he contended, this is only the beginning, “given that IoT
devices represent the easiest route into a business.” 

“This is the first time the use of IoT botnets by nation-state
actors has been revealed as fact,” said Ben Seri, vice president
of research at Armis. “This illustrates the tip of the iceberg in terms of IoT attacks
taking place in the wild by a wide array of threat actors,”

But the technique of taking advantage of unsecured IoT devices, to
create a powerful army of devices that can carry out massive DDoS attacks tried
and true. “This leak shows a few critical things. First, how certain nation
state actors may use this technique to carry out similar DDoS attacks,” said
Seri. “Second, how they may distance their core operation from it, in an
attempt to hide behind the benign looking IoT devices.”

Finally, he contended, this is only the beginning, “given that IoT
devices represent the easiest route into a business.” 

This isn’t the first time the FSB has suffered
an embarrassing breach. Hackers reportedly stole
7.5 TB of data from the intelligence service’s contractor SyTech, which
revealed details on several of its activities or prospective projects,
including the collecting of information on users of social media services Tor
and P2P networks.

SyTech,
has worked for FSB’s radio-electronic intelligence unit 71330 since 2009. The
July 13 breach reportedly exposed details on “Nautilus,” a plan to gather
information on users of Facebook, MySpace, LinkedIn and similar services;
“Nautilius-S,” a project to deanonymize Tor traffic using Tor servers; and
“Reward,” a scheme to secretly penetrate P2P networks.



Source link

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *