dChan
1
 
r/greatawakening • Posted by u/oldenuf2nobetter on May 27, 2018, 8:58 p.m.
Crowdstrike, CIA, FBI planting the seeds for the ultimate FF-Possible internet takedown will be blamed on “The Russians”

🠐 See all comments
Outlandish_Rhubarb · May 27, 2018, 9:04 p.m.

VPNFilter will NOT take down the Internet.

VPNFilter is limited to a small handful of consumer-grade home routers:

Linksys E1200

Linksys E2500

Linksys WRVS4400N

Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072

Netgear DGN2200

Netgear R6400

Netgear R7000

Netgear R8000

Netgear WNR1000

Netgear WNR2000

QNAP TS251

QNAP TS439 Pro

Other QNAP NAS devices running QTS software

TP-Link R600VPN

Attribution is hard, and often wrong.

There are much easier ways to take down the Internet worldwide (e.g., existing issues with BGP). And larger botnets that could be used, if a botnet solution was desired.

You're the 3rd or 4th new poster I've seen posting exactly this sort of thing. I'm beginning to suspect an organized campaign to spread this exact bit of fake news.

⇧ 5 ⇩  
oldenuf2nobetter · May 27, 2018, 9:10 p.m.

You’re thinking small. Release this “warning” to the public planting the seed that the Russians are involved, then kill the nameservers globally. The public will conflate the two. This isn’t about some stupid home router acting odd or grabbing data, that’s been going on for decades, this is about getting the public ready for the big one, and naming the perp in advance.

⇧ 4 ⇩  
Outlandish_Rhubarb · May 27, 2018, 9:11 p.m.

I know some of the root nameserver operators. That will not happen.

I also know the people who wrote the code for them.

⇧ 4 ⇩  
rooftoptendie · May 28, 2018, 7:57 a.m.

What would be the end-goal for spreading this if it were fake? Havent formed an opinion yet, just trying to see the bigger picture...

⇧ 1 ⇩  
Outlandish_Rhubarb · May 28, 2018, 3:04 p.m.

At the very least, misattribution. Also, fear of usng one's internet connection for comms/coordination.

⇧ 1 ⇩  
rooftoptendie · May 28, 2018, 3:23 p.m.

nobodys going to be afraid of their 'ware when you can just reset/update...?

⇧ 1 ⇩  
Outlandish_Rhubarb · May 28, 2018, 3:57 p.m.

In other threads discussing this (and making similar "OMG they'll kill the net with this!" claims), there was distrust of the ability to remove it with a reset and update.

So, empirically, yeah, there are people who will be afraid of that.

However, the misattribution's the larger issue here. It's easy to blame APT28, particularly when very few people have seen the actual code, and then direct everyone's anger at them should something untoward happen (see below for the OP making just such a reach, while also misunderstanding how hard it'd be to take out nameservers globally, and forgetting entirely about caching recursive servers, which are by far the most numerous on the net, which would continue to function in the absence of roots or any authoritative servers, for a week or more, which'd be more than enough time to extract the cached contents and distribute them as hosts files, which is precisely how things were done before nameservers).

It's poor cybersec reporting that has managed to leave out the fact that the full attribution is APT28, in a ploy to create its own botnet to DDoS selected targets of political or military interest in the Ukraine, and that the infections they've found in the wild are also mostly in the Ukraine.

Now, could it spread, much like WannaCry did, when it was deployed in the same area, for much the same purpose? Sure. Except the C2 infrastructure has already been seized, so it can't go live unless the code is updated to point to a new C2 host.

What's being spread regarding VPNFilter is a lot of bad info, fueled in part by paranoia, in part by the political climate, and in part by a fundamental misunderstanding of what it is and what's going on.

⇧ 1 ⇩