Terracotta: The Chinese VPN that hides Beijing's hackers with pwned biz A China-based virtual private network (VPN) provider is powering some of the world's most capable hacking crews by selling infrastructure access stolen from at least 30 hacked businesses, RSA says. The company, which RSA codenamed 'Terracotta VPN', claims to have 1500 mostly-Windows nodes from 300 organisations distributed …
.. what a lovely list of arguments to declare those pesky VPNs suspect.
Moreover, hacking businesses offers APT scum the cover of a non-blacklisted exit node through which to target organisations: A hacking team stands a better chance at maintaining covert reconnaissance of a target when the packets trace back to a benign company.
The argument to make them even questionable for legitimate businesses.
I'm not saying this is isn't a legit report (and I'm glad they found this), I'm just hinting at the possibility that this may be used in a different way to what you expect.
Right around the recipe I'd be using were I of the black hat bent. At least one level, if not several when possible, of indirection would be #1 on my list of things to do. I do hope everyone pays attention that doing this complicates that pesky attribution problem when it comes to pwning other's systems.
They've already declared that they don't like encryption because it somehow stops them from identifying & convicting kiddie fiddlers & terrorists. The fact that the terrorists & kiddie fiddlers were operating without encryption in and around Westminster for a few hundred years, and over the last few decades with mass surveillance in place doesn't actually seem to have made it as far as the public narrative yet.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
