Jump to content

The Protestant Community

Sincerely inquiring about the Protestant faith? Welcome to Christforums the Christian Protestant community. You'll first need to register in order to join our community. Create or respond to threads on your favorite topics and subjects. Registration takes less than a minute, it's simple, fast, and free! Enjoy the fellowship! God bless, Christforums' Staff
Register now

Christian Fellowship

John Calvin puts forward a very simple reason why love is the greatest gift: “Because faith and hope are our own: love is diffused among others.” In other words, faith and hope benefit the possessor, but love always benefits another. In John 13:34–35 Jesus says, “A new command I give you: Love one another. As I have loved you, so you must love one another. By this everyone will know that you are my disciples, if you love one another.” Love always requires an “other” as an object; love cannot remain within itself, and that is part of what makes love the greatest gift.
Sign in to follow this  
News Feeder

Russian military spy software is on hundreds of thousands of home routers

Recommended Posts

coding-1841550_960_720-768x512.jpg

The Russian military is inside hundreds of thousands of routers owned by Americans and others around the world, a top U.S. cybersecurity official said on Friday. The presence of Russian malware on the routers, first revealed in May, could enable the Kremlin to steal individuals’ data or enlist their devices in a massive attack intended to disrupt global economic activity or target institutions.

On May 27, Justice Department officials asked Americans to reboot their routers to stop the attack. Afterwards, the world largely forgot about it. That’s a mistake, said Rob Joyce, senior advisor to the director of the National Security Agency and the former White House cybersecurity coordinator.

“The Russian malware is still there,” said Joyce.

On May 8, cybersecurity company Talos observed a spike in mostly Ukrainian victims of a new malware attack. Dubbed VPN Filter, the malware used code similar to the BlackEnergy tool that Russian forces have used (in modified form) to attack Ukrainian infrastructure. The U.S. intelligence community believes the culprits are the hackers known as APT 28 or Fancy Bear, Russian military operatives who were behind information attacks against the Democratic National Committee, State Department, and others. The new malware, if activated, could allow the Russian military to peer into the online activities of hundreds of thousands of people.

“The Cisco-Talos reports on the incident estimated hundreds of thousands of devices affected worldwide,” Joyce said.

Specifically, the May 23 report said, at least 500,000 victims in up to 54 countries.

The malware executes in three stages, according to the Talos report. The first stage is akin to a tick burrowing into a victim’s skin, to “dig in” with its teeth by changing the infected devices’ non-volatile persistent memory, the portion of the memory that persists even after the machine is turned off. During this phase, the malware also establishes links to any servers it finds.

Stages two and three are about receiving and executing the orders. These could include: stealing traffic data from the victim (via port 80), launching “man in the middle” attacks, using the router as a platform to attack other computers as part of a botnet, or overwriting the memory on the router to render it unusable.

The U.S. government effort to stop the attack “was effective at knocking down their command and control. But — and this is a ‘but’ we haven’t seen talked about that much — there was a persistent ‘stage one’ on all of those routers,” said Joyce. “If it was at a stage-two or stage-three implant, it knocked it back to one, which was power- and reboot-persistent. At that point, we couldn’t call back out via those two methods to re-establish command and control,” he told the crowd.

Bottom line: “It’s still on those routers and if you know the wake-up knock you can go in, control those routers, and put a stage two or three back on them… What do you think the odds are that the actors in Russia who put those down have the addresses of the places where the put the malware? I think it’s pretty high,” he said.

What’s needed now, Joyce said, is for government, industry, and cybersecurity professionals to find a way to straightforwardly tell individuals how to detect the presence of the malware on their routers and then to restore the device to its trustworthy state. The government won’t be able to do that for them “because, again, these are consumer devices…That’s the sort of thing we’re up against.”

Joyce served as the head of the NSA’s elite tailored access operations division. In effect, he was the official who presided over the NSA’s most sophisticated hacking research before joining the White House as cybersecurity coordinator. In April, the White House announced that Joyce would leave that job to return to the NSA, where he currently serves as an advisor to the director, Army Gen. Paul Nakasone, who also heads the military’s U.S. Cyber Command.

He used the majority of his Friday talk at DEFCON to focus on China, Russia, Iran, and North Korea and their malicious behavior online.

Like other cybersecurity professionals, he said that North Korea’s malicious targeting of financial institutions, particularly South Korean e-currency exchanges, was likely to continue. He also said that he expected to see probing of newly deployed missile defense radars and batteries in the region, such as Terminal High Altitude Area Defense, or THAAD, in South Korea.

Iranian hackers also pose a threat, Joyce said, saying that the demise of the Iran nuclear deal hinted at more attacks to come.

“When bilateral relations between Iran and Saudi Arabia decreased, we think that was a major factor in that January 2017 data deletion attacks in Saudi,” he said, referring to an incident where Iran state-backed hackers attacked 15 Saudi government and media targets with malware that was strikingly similar to the 2012 ‘Shamoon’ malware that Iran deployed against Saudi oil interests. “As we move to a point where the U.S. has just re-imposed sanctions on Iran, there’s a lot of focus on, ‘How are they going to respond?’”

___

© 2018 By National Journal Group, Inc. All rights reserved.

Distributed by Tribune Content Agency, LLC.

View the full article

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Topics

    • 20 People Indicted in Online Auction Crime Ring That Victimized Thousands of Americans

      By R. Mitchell - According to court documents unsealed today, 20 people, including 16 foreign nationals, have been charged for their roles in an international organized crime group that defrauded American victims through online auction fraud causing millions of dollars in losses. “The defendants allegedly orchestrated a highly organized and sophisticated scheme to steal money from unsuspecting victims in America and then launder their funds using cryptocurrency,” said Assistant Attorney Gene

      in Political Conservative News

    • U.S. Pulls Out of Nuke Treaty, Cites Russian ‘Unlawful Conduct’

      By R. Mitchell - President Donald Trump announced Friday that the United States will pull out of the Intermediate-Range Nuclear Forces (INF) Treaty beginning Saturday, Feb 2 due to unlawful conduct by Russia. “Tomorrow, the United States will suspend its obligations under the INF Treaty and begin the process of withdrawing from the INF Treaty, which will be completed in 6 months unless Russia comes back into compliance by destroying all of its violating missiles, launchers, and associated equ

      in Political Conservative News

    • Pentagon Is Sending Thousands More Troops To The Southern Border

      By Jason Hopkins - The Pentagon is sending several thousand more troops to the southwestern border, fulfilling a request made by the Department of Homeland Security (DHS). Currently, there are about 2,3000 troops stationed at the southwestern border. Pentagon officials revealed Tuesday that they will be deploying an additional 2,000 troops as part of the DHS’ request for the military to extend its mission there. Originally intended to last until Dec. 15, the military’s mission will now b

      in Political Conservative News

    • 58 Dead, Hundreds Missing After A Dam Busted In Brazil

      By Tim Pearce - Dozens are dead and hundreds are missing after a dam collapsed in Brazil, flooding an iron mine and burying parts of a nearby town, CNN reports. A dam owned by the Brazilian mining giant Vale in the state of Minas Gerais broke Friday. A flood of water and debris rushed into the Córrego do Feijão mine, where 427 people were working at the time. The disaster spread to Brumadinho and wiped out parts of the mining town with little warning. The death toll rose to 58 over the we

      in Political Conservative News

    • Nathan Phillips’ Military Record Reveals He Was Not A Vietnam Combat Veteran

      By Joshua Gill - The U.S. Marine Corps revealed Wednesday that Native American tribal elder Nathan Phillips who accused Catholic school boys of bigotry is not a war veteran. The USMC released details of Phillips’ service record in a statement, showing that he previously went by the name of Nathaniel R. Stanard and served in the Marine Corps Reserve from 1972 to 1976 as a refrigerator technician and anti-tank missileman, according to Military Times. Phillips was awarded the National Defense

      in Political Conservative News

×
×
  • Create New...