When the bits hit the FAN: US military accused of knackering Russian trolls, news org's IT gear amid midterm elections A Russian news service is claiming that US attacks on it and an organisation accused of state-sponsored trolling has left storage systems damaged and international servers wiped after multiple malware attacks. The Russian Federal News Agency (FAN) alleged earlier this week that US Cyber Command conducted an online attack …
“an organization based in St. Petersburg that US officials blame for spreading misinformation through social media to sow discord and interfere with elections.”
And that's our job :]
“The report lends support to claims that the US military conducted offensive cyber operations in Russia last year to prevent interference with the 2018 midterm elections.”
What is Cambridge Analytica? The firm at the centre of Facebook's data breach
There has been so much talk about Cambridge Analytica. Little gets rehashed, though, about Facebook providing its entire social graph to the Clinton campaign for free (but not to the Trump campaign), nor about Eric Schmidt's/Google's wild enthusiasm and aid (financial as well as individual preferences info) to the campaign. The voluntary aid provided directly to Hillary's (and only Hillary's) campaign far outweighed any foreign meddling.
Assuming what you say is true, sprograms, I have a much more likely scenario for why "nobody talks": Big Z doesn't want anyone asking why, with all that "meaningful information" in their hands, someone couldn't win an election.
"As if there's no way they couldn't carry out exactly the same attack with Android. Or with a hardware hacked USB key they could secretly swap one of the employees when he's traveling? Or one of a dozen different methods."
Indeed.
And you don't have to plug an infected phone into a computer for it to attack athe internal network either.
There are several Android apps available on Github for example that use programs ported from Linux that can scan the internal network, perform arp poisoning attacks, steal session cookies, MiTM attacks, DDoS, SSL stripping, DNS spoofing etc.
This is a major concern with apps that have permission to download and install other apps without user intervention.
Once a malicious app exploits a vulnerability and jailbreaks or gets root anything is possible.
I have seen several low budget Android devices that install unwanted apps and games without user intervention.
Can you magine in an all out cyberwar where the supply chain for these unwanted apps and games are taken over to push malicious apps on to millions of these devices at once?
This is why your mobile/guest devices aren't allowed on the same network as your corporate servers etc.
Ideally in fact the mobile devices should all be isolated from everything else (an option I have seen on all decent corporate aimed WiFi access points and controllers).
"Can you magine in an all out cyberwar where the supply chain for these unwanted apps and games are taken over to push malicious apps on to millions of these devices at once?"
Why bother imagining? Just look at the havoc that Windows Update already creates on Windows boxes.
...is that I'm not sure whether the FSB or my own (Yank) government lies to me more often.
For example, when Maria Butina was arrested in Washington D.C., the initial coverage in the Washington Post (which was based on court documents) used blurbs like this one to portray her as a serious Russian spy:
"In a note in March 2017, Torshin wrote, 'You have upstaged Anna Chapman,' a reference to a Russian spy who had lived freely in the United States for years before her 2010 arrest."
The average dolt who reads the Post would take that as a smoking gun - in short, Torshin admitting that Butina was a spy and complimenting her performance.
Anyone smarter than the average Post reader would remember that Chapman was a failed spy (making it a dubious compliment). They would also wonder why an FSB agent stationed in an unfriendly place would make purposeless self-incriminating statements by e-mail, encrypted or not. (Any communication with Russians makes you a statistical anomaly among US residents, and the NSA tends to notice those things.)
The full quote from Torshin - which the FBI had in-hand - was "You have upstaged Anna Chapman. She poses with toy pistols, while you are being published with real ones."
It had exactly nothing to do with spying, and was a reference to Chapman's publicity stunts since she returned to Russia.
I'm not sure whether the FBI tried to mislead the judge, or whether the Post tried to mislead its own readers, but at least one of those two institutions cynically lied to the public.
What's quite impressive is that your example of not being able to decide whether Russia or the US lies more is some really small half-quote in a newspaper once. Whereas an example of Russia lying is pretending that their soldiers are all on holiday when really they are invading a foreign country.
I mean, if you are going to say that the US lies, at least go with the fact that Trump, who I remind you is inexplicably the actual President right now, has lied more than 8000 times since taking office.
The mere fact that someone like Torshin even emailed her at all is enough to cast serious doubt on her "innocent student trying to form bonds with Americans" story.
It's like a random American student in Russia receiving an email from John Bolton. Wouldn't that look kinda suspicious?
If you were really interested in critiquing the WaPo story, you could have linked directly to it. Among other things, that would have told your readers who the heck this 'Torshin' guy is, which is something I doubt more than one American in a thousand would know off the top of their head.
I wouldn't say it was a failure. Depending on what you believe they destroyed evidence.
Though an IPhone hijacking a windows machine from iTunes to destroy a raid array and two disks is some next level spy stuff, if I was a suspicious fellow I would say Apple are seriously in bed with the government here despite their many protestations. Maybe that's why they kept this a bit quiet.
"Though an IPhone hijacking a windows machine from iTunes to destroy a raid array and two disks is some next level spy stuff"
There are published Intel hardware vulns that allow full system pwnage (including the Management Engine) via USB. Furthermore there are also published privilege escalation attacks to break into the System Management Mode as well that would permit a server's firmware to get walloped. Bricking RAID adapters is pretty low end vandalism given what could have been done...
I used to have many contacts in Russia who emailed me on a regular basis.
Ivana from Salsk, who loved me and wanted to meet up,
Roxsanna, from Belovo, who saw my photo and wanted to meet up,
Mellina, from Azov, who saw my photo and wanted to have sex,
Tatiana, from Klin, who misses me so much and wants to get married.
. . . and many, many more.
'That should end well :/'
Hmm. Certainly it won't be pleasant or do the economy much good while it is going on and if it escalates to a proper shooting war then it will be far worse than unpleasant.
However, if the world engages in overt cyberwar it will become part of *your* nation's security interest to get rid of insecure IoT tat - and that may actually be a good result.
Well shaudenfreude might have a part to play but it is unclear that it was an Apple device that was required - reading the story implies that any windows update would have had the same effect, and Android based infections would have been easier to introduce and more likely to succeed based on the relative number of devices.
I'm not clear why the US would waste a precious Apple exploit in damaging something apparently so (relatively) insignificant.
If all nations would uphold both of the above, there would be no more war. I'm just saddened that one of our NATO allies is striking first having had military training to _defend_ against Russia...
I've travelled extensively across the world and all people everywhere just want the same thing:
* To have a good life...
* To have a better life for their children.
* For the government to leave them the hell alone!
True for Australia, Africa, Europe, Russia, the US, ...
I suppose nastyware on the iPhone might infect the PC and send it to a fake Windows Update server? But then why do that, and not just put all the nastyware on the iPhone in the first place?
Who knows. And given the source aren't all that trustworthy, perhaps they've missed some major points from their account.
and what do you see? Neary every PC has an iPhone or Android phone plugged into it for charging purposes (or worse, for "convenient" synhronisation).
Likelihood of security team within an organisation being able to ban this as a result of reading this story? Nil.
Cause of ban not being approved? Big Manager wants to charge iPhone at work. Security be damned.
From a technical point of view, I don't understand the (claimed) attack vector.
"... automatically launched iTunes when connected to a USB cable, prompting synchronization and Windows updates on the host PC, which apparently allowed the takeover of the connected computer."
What does the (automatic) launching of iTunes have to do with "prompting [...] Windows updates", and how does that create/activate a vulnerability?
Of course the iPhone could have malware that attempts to take over the Windows PC it is connected to, but this doesn't sound like what is described here...
FAN is being vague about the means - but it sounds as though the updates were intercepted or meddled with to allow the news org to be infected.
Here's verbatim from the news article - take with a pinch of salt.
"After connecting the Apple iPhone 7 Plus mobile device to the personal computer, not only the automatic launch of iTunes and the synchronization of user data were performed, but also Internet access was obtained from the Windows operating system and some system update files were downloaded that were installed automatically.
After that, the computer was actually managed remotely and all the necessary procedures were carried out to fully invade the local area network. It is worth noting that the intrusion into the local network was carried out from IP addresses controlled by American companies, including Amazon servers, which are usually used by hackers to sweep their tracks and hide the real source of attack."
C.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
