Sign in / up

back to article Green Berets storm building after compromising its Wi-Fi

US Army Special Forces, aka the Green Berets, have been demonstrating their ability to use offensive cyber-security tools in the recent Swift Response 24 military exercises in May, the military has now confirmed. The elite org, one of whose remits is unconventional warfare, includes Operational Detachment Alpha (ODA) units of …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    milatiry graed haxx0rin teh wifis

    The verbiage is military-grade woolly but doesn't quite manage to hide that what we have here is some sort of "squaddie-proofed" kiddie scripts collection in-a-box.

    Given that "hacking" these times usually means "obtain a password and use as normal", well, I suppose it fits. But this "capability" does require the target to oblige and attach their security cameras to a wifi (with known-broken "protection") and their remotely unlockable doors to whichever windows box they have exploits for. That makes it about as impressive as the next s'kiddie. "Yes, you found the electronic key under the digital mat. Very good, carry on."

    22 6 Reply

    1. This post has been deleted by its author

    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: milatiry graed haxx0rin teh wifis

      We've been able to do this on the INSCOM side for a while, I'm not surprised USASOC is getting the tools.

      It's not exactly script-kiddie grade, the tools were built by NSA's APT group with a lot of input from the CSS side of the agency. It's also not like an obscure command line tool either, there's a GUI, but its not exactly intuitive. You have to be trained on it, and it's fairly in depth training, it's not something you can just give an Infantryman, it'll likely stay with Special Forces' E detachments, which is why I'm very surprised they're mentioning this, there's next to no information in open sources about the Special Forces Groups' 4th Battalion E and G dets or their capabilities, the SF Branch career counseling manual for Officers names them and thats all you're gonna find.

      Plus of course CAG or whatever they're calling them now (Civilians know them as Delta Force, we used to call them the Fort Bragg Bicycle Club as they can pick how they do their PT, its an individual responsibility for Operators, so a lot of them ride mountain bikes for their cardio), and whatever Royal Cape/Intrepid Spear/JSOC Task Force Black are being called now (Used to be called Intelligence Support Activity a long time ago).

      Anon for the obvious.

      17 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: milatiry graed haxx0rin teh wifis

        I think you're underestimating just how user-friendly the cookie-cutter tools are that the "dark web" cottage industry offers.

        But the comment on making this public is well-taken. Either someone overstepped or it's seen as suitably basic (ie more notable for not having it) but still useful for impressing the yokels. Could be a recruiting effort then.

        12 0 Reply
        1. John Brown (no body) Silver badge
          Reply Icon

          Re: milatiry graed haxx0rin teh wifis

          "But the comment on making this public is well-taken. Either someone overstepped or it's seen as suitably basic (ie more notable for not having it) but still useful for impressing the yokels. Could be a recruiting effort then."

          NATO exercises are almost always dual purposed to demonstrate to Putin that attacking a NATO member might not be a good idea. The war in Ukraine has brought to the fore the latest changes on the battlefield such as drone usage[*] and digital comms/hacking etc., so it's quite likely that this is just a glimpse at what NATO capabilities are for Putins benefit.

          * especially huge numbers of consumer drones for visual and electronic surveillance.

          9 0 Reply
          1. Guy de Loimbard Silver badge
            Reply Icon

            Re: milatiry graed haxx0rin teh wifis

            Totally with you on this point, the whole exercise is about posturing to our "friends in the East" and, as another poster mentioned, seeing if it generates any internal noise from the various interested parties inside those "friends in the East", there's a lot to be gained from this being published, much like watching a fire power demonstration on Salisbury Plains, it merely demonstrates capability to some extent.

            0 0 Reply
      2. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: milatiry graed haxx0rin teh wifis

        The whole point of sharing this could be something more obscure, like perhaps Russia or China are being monitored to see how they are internally responding to a story such as this. Would not surprise me at all if this was a psych op planted story. Could it have really happened? Yes. Could it have not really happened? Also yes. The only special forces that spill literally every secret are the SEALS. Leads me to believe this is a psychological operations project. Nothing wrong with that, because it’s effective for both the enemies of the US and the civilian population of the US. Also lol Rickrolled.

        I haven’t seen anything from Russia out of the war with Ukraine that would lead me to believe gaining entry to most of their assets would be more difficult than this was. Except maybe there’s no wifi, or electricity and we’d have to resort to shape charges and lock picking.

        4 0 Reply
    3. An_Old_Dog Silver badge
      Reply Icon

      Re: milatiry graed haxx0rin teh wifis

      The script-kiddie box is useful to them because it works more often then not.

      And that it works more often than not is because many people choosing security systems are insufficiently-educated on the subject, are gullible, and/or are cheapskates.

      How good is a cameras-are-directly-wired security system when the monitoring/control box is an Internet-connected PC with remote-access software running (with a manufacturer-mandated password of "ZelinoxSystems1234" - which is the same on EVERY system they sell) "for vendor support"?

      7 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: milatiry graed haxx0rin teh wifis

        Vendor default <explicit><nsfw language> service <gross obcentty> <offensive to sessile mollusca> "passwords".

        3 0 Reply
    4. UnknownUnknown Silver badge
      Reply Icon

      Re: milatiry graed haxx0rin teh wifis

      The most impressive thing is that someone in the Green Berets can use Google Translate real-time from Swedish to ‘Merican.

      Before they started did someone sing ‘Back Home Again in Indiana?’. Just wow.

      0 1 Reply
      1. Rich 11
        Reply Icon

        Re: milatiry graed haxx0rin teh wifis

        The Swedes probably set everything up in English just out of politeness.

        2 0 Reply
    5. Xr8
      Reply Icon

      Re: milatiry graed haxx0rin teh wifis

      Looks like it allows ODA teams to get into the EW game without having much national/strategic support. Fits with their target sets of low level foreign militias and non state actors for the most basic security countermeasures NSA doesn't want to spend time on in the field. Think of who would be using wifi cameras for counter surveillance. Probably a lot of low tech facilities in the support network but not strategic level. Its not zero or NSA wouldn't spend time developing this. ODA teams are typically supporting foreign military training and so on, not tip of the spear but specialized in limited support. It gives these teams ability to exploit a low tech facility trying to cut costs.

      0 0 Reply
  2. Natalie Gritpants Jr

    huh?

    How is "left signal jamming equipment to clear any trace of the attack." Supposed to work?

    20 0 Reply
  3. Pete 2 Silver badge

    A matter of time

    > After cracking the password, the team moved around the network, shutting off CCTV cameras, opening secured doors, and disabling other security systems.

    And if the military can do this, it is not unreasonable to assume that within a relatively short time, organised crime groups will have developed the same or similar capabilities. That is, if they don't pinch the army's version.

    And after that, "unfriendly" foreign actors and maybe protesters, too.

    6 3 Reply
    1. john.jones.name
      Reply Icon

      already and state of the art...

      why do you think range rover insurance is so much...

      most organised gangs already pay for wireless tools and have backpacks for clone of keys or relay attacks most camera's rtp server are trivial to overload/crash anything with a rolling keyfob again is trivial.

      picking locks digital or otherwise was always done by professionals and criminals better than the Military simply because of motivations

      looks like a lot of Teal box's that come from china in there...

      10 0 Reply
      1. Pete 2 Silver badge
        Reply Icon

        Re: already and state of the art...

        > picking locks digital or otherwise was always done by professionals and criminals better than the Military simply because of motivations

        And also because for the military it is often easier and quicker to just blow the bloody doors off Subtlety not being their trademark

        13 0 Reply
        1. khjohansen
          Reply Icon

          Re: already and state of the art...

          Well subtlety and speed CAN go hand in hand #DeviantOllam

          1 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    So, LoRa it is?

    The problem then is that they don't need to be near if they break into the connection. It appears 868Mhz gives you quite a range, but not much throughput.

    0 0 Reply
  5. Mr Sceptical
    Black Helicopters

    What now - Security system's WIFI ???

    Only consumer grade cameras or access control would be running over WiFi - anything professionally installed is normally hardwired for reliability and, you know, PoE for power!

    Door controllers might have ethernet to the controller but unless you can take over their server or MITM Comms to an off site system, forget hijacking it. Far faster just to clone some access cards or obtain one from a card holder (with prejudice?)

    Next, the kind of places the military would be interested in attacking are also those would that would have at least a few people aware of how to create VLANs, access control lists, etc.

    Unless they think drug barons, foreign powers and terrorists are so cheap they only stuff from Alibaba?

    Echoes of Necromancer (Colonel Corto / Op. Screaming Fist) - maybe they're just Gibson fans?

    4 0 Reply
    1. that one in the corner Silver badge
      Reply Icon

      Re: What now - Security system's WIFI ???

      > Echoes of Necromancer

      "Echoes of Post-mortem Communications", surely; Doctor Hix is quite insistent.

      7 0 Reply
      1. collinsl Silver badge
        Reply Icon

        Re: What now - Security system's WIFI ???

        Well since it's just him & Charlie left now I wouldn't take much notice

        1 0 Reply
    2. Kevin McMurtrie Silver badge
      Reply Icon

      Re: What now - Security system's WIFI ???

      This works great if you have somebody on the inside planting vulnerabilities in internal tools. These tools may have strong ACLs but minimal code reviews.

      0 0 Reply
  6. parrot

    We’ve known about you for so long

    Been packet sniffing and not too shy to say it.

    2 0 Reply
  7. Arthur Daily

    Silly Toy Soldiers

    Russia has pushed ELINT to a new frontier. Firstly they are running optic fibre drones - hackproof. Secondly they have Lancet missiles that home in on Traffic Analysis. So those boys doing the pentest - and that is what is really is - may have a 20 quid harm package delivered over their proverbial heads. For both sides, they have these 6+ band jammers with a linear amp, draining the battery pack like crazy. SDR receivers also spot who is using and where (Shades of the old UK TV license vans). In this age, drones mean elite forces have the same odds as a trench grunt being targeted. A really crude analogy is unidentified transmission source, fire an RPG and scoot. The correct use of the military hacking is to catch the Generals and supply clerks lining their own pockets, or tender corruption. Or concentrate DVI hires into the nerd unit who cant aim straight.

    0 2 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like