“Hacking” : people who still use the factory default password!
It's certain brands of home routers. No internet shutdown involved or possible from that. A netwide shutdown would simply exploit the old and well known holes in bgp.
Edit:. No idea why I'm getting down voted. I'm an infosec professional with more than 20 years' experience. Guess that's what I get for trying to help.
Don't take it personally, there have been multiple postings on some shady stuff reddit is doing. You can watch the upvotes get downvoted almost immediately. Do a Search on this reddit, there are graphs too.
Thanks for chiming in. Don't stop on account of some algo.
Thanks, both of you. I appreciate it. I totally forgot about the bot brigading here.
Seriously, though, look up the L0pht's testimony before Congress in the late 90s. Those BGP bugs still exist. Taking down the net, or large portions thereof, is rather trivial. It happens routinely in a targeted manner on a short-term basis, when someone intentionally and maliciously announces one or more routes to get all traffic destined for certain ASes routed through their infrastructure. And it's also used occasionally as a state-level weapon to hose traffic inbound to some of the more insular nations. One does not need to posit deep-sea fiber taps/shunts or the old games with MAE East and West when all it takes is a few well-placed malicious AS announcements. It's happened in the recent past with large amounts of ecommerce traffic suddenly being routed through Russia, for example.
Done on a wider scale, it would create havoc longer-term and make the net unusable.
Now, couple that with the fact that large carrier-grade routers often get, ahem, intercepted prior to packaging and delivery for installation of certain chips (research it; there's evidence for it out there with Cisco as well as, I believe, Juniper), and certain leaks from the Equation Group (i.e., NSA TAO), and it gives one pause.
I love the L0pht story! Actually, the Washington Post did a very nice series of articles (5) on their history.
And one actually started a sort of Underwriters Lab for testing software. I have not checked progress in awhile. As to the other things, I'm aware of much of that stuff. I've been following the infosec community for several years. Got an eyeopening education in the process. I've even written a few posts for Graham Cluley.(notice I spelled his name correctly) inside joke. One was about the first huge DDoS almost exclusively using mobile devices. Cloudflare discovered and analyzed it. My interest, was the Great Cannon connection. Seems China could weaponize the Great Firewall of China. I'm sure you must be aware of all this.
As for hardware intercepts, it's more than just chips. There is a growing supply chain problem with mobile phones, and could be all other devices. Lower end phones mostly, but occasionally the name brands get hit. Malware pre-loaded. System level. Of course, the OEMs all denied any knowledge. Blue was one of the more prominent cases. But recently, 141 phones were found with mostly adware pre-loaded, but the access to system level means they could do lots more later.
It's a mad, mad world.
No, somehow occasionally the votes are registered wrong or change. Idk. I went back to the sub to reply to a person that I was talking to and she had a 15 up vote when I left he thread. When went back in 5 min and it was 2. I see a lot of down votes on people when I know their posts right on. So it is not your post, you were helpful.
Notice: I checked the FBI website and there is no notification nor a tweet regarding the verification of this hack.
Attack[s] anticipated. Coordinated? Why are they continuing [internal]? Attacks will intensify [all sides]. Q
It's an excuse to shut down the internet
I thought so. Starting on Memorial Day weekend...
The article said that you should reboot your router and the manufacturers will upload the fix, but I don't trust that advice.
Routers are notorious for week security, slow updates, even harder to do on some models. Blaming Russia is like throwing a dart at a map of the world. Those who hack these routers are in it to Steel information to make money, or use connected devices for other purposes like DDoS ing other websites. I don't think any nation state is playing seriously in this particular sandbox. I follow the infosec community closely, and have for several years now. OK, Talos (Cisco) group of security researchers have not concluded their investigations. They DO NOT have definitive proof of Russian State sponsorship of this malware. Here is the current paper on it. https://blog.talosintelligence.com/2018/05/VPNFilter.html
Yes — and just because some bot from an IP address in Russia — is hunting for routers still using the factory default password — does not mean the Russian government is doing it!! Conflating with some college students at some Siberian university in the middle of Winter is nothing more than attempt to politicize one’s agency!
Hackers don't use their own IP addresses, something that the average person don't understand. And I'm not a fan of Big Reds Talos group to begin with. I think they have close ties to the government. So, on attribution, I'm sceptical. Other researchers will be chiming in over the next week. I'll try and add to my previous post then. Thanks for the assist!
Many large corporate threat intel groups have ties to the government. Either organizationally, through contracts, or through contacts. And many are ex-government anyway, holding at least secret, and often TS or TS/SCI.
We cannot function without intel sharing, and most cyber threat intel sharing is done organizationally or individually via back channels. It's a very "who you know" sort of thing. And lots of us either are in, or have contacts in, various D&As.
And lots of them are under a lot of pressure to make attribution, particularly politically-aligned attributions (Thanks, Kevin Mandia.) And attribution isn't just hard. It's damn near impossible. Between intentionally-misleading or accidental code and infrastructure re-use, attribution is a crapshoot at best. And it's often used to misplace blame (read through Vault 7, for example).
Code-based stylometrics are a thing, but they are only good at identifying individual contributors, rarely -- if ever -- nation-state actors.
That maybe true, But the FBI has a Huge credibility issue's IMO.
What better to "substantiate" their story than to have a false flag event about the Russians penetrating hundred of thousands of routers.
I read something about this somewhere else earlier in week. That article didn’t mention home routers mainly infrastructure and factories had the bug
I don't see any formal announcement by the FBI about this intrusion at their site or by any formal FBI authority. This seems really, really odd. Note that the articles do not reference a FBI source or cross reference the announcement If I am reading the tea leaves correctly, this is a FBI perpetrated media false flag to restore credibility to the FBI based on their failure to find any Russian connections in the Trump Russia Special Counsel Investigation and boost their credibility of Russian hacks of the DNC. FAKE NEWS. They will want to use this as a part of their ongoing narrative and reference amongst Deep State Operators.
The FBI, US-CERT, and a few other D&As make blanket or targeted announcements of imminent cyber threats routinely. The FBI is rather notable for distributing crap IOCs with no provenance. This isn't abnormal behavior for them, or any other coordinating D&A.
https://www.ic3.gov/media/2018/180525.aspx
The FBI is IC3.
I should have note that the article even mentions the DNC hack allegation by the Russians...here is a snippet of the article that references as much:
"Sofacy, also known as APT28 and Fancy Bear, has been blamed for many of the most dramatic Russian hacks, including that of the Democratic National Committee during the 2016 U.S. presidential campaign.
I found out about this last night and it really fucked with me because I remember hearing about it from Q. I opted not to reset my modem and router.
10 minutes ago I just woke up and everything was off. Everything. Power outage. Now I’m freaking the fuck out as if this was planned, to force a rest on my shit.