FBI Sucker Punches Russian Hackers, Steals Their Lunch Money, And Follows Them Home

Yesterday the DOJ announced that the FBI had taken control of a major server in a Kremlin-linked Russian botnet that has infected 500,000 home and office routers in 54 countries. Computer nerds and authorities believe this to be one of the missing pieces in the 2016 DNC hacking puzzle, and are urging people to reset both their home and office routers.

TLDR: G-Men sucker-punched Putin's computer geeks, stole their lunch money, and followed them home.

Known as "VPNFilter," the malware infected routers from Linksys, MikroTik, NETGEAR, and TP-Link. (Yep, one of those is your router!) Once installed, the malware could quietly download add-ons that allow attackers to spy on incoming and outgoing Internet traffic, steal website credentials, and brick (AKA: kill) any infected hardware.

via Cisco's Talos group

A nerdy blog post by Cisco's Talos Intelligence group details how the exploit works in three stages. First, it quietly downloads metadata hidden in specific pictures on image hosting websites, Photobucket and ToKnowAll. Once installed, the malware phones home for instructions, and can then start downloading various add-ons that allow hackers to issue commands to infected devices.

According to Talos, what makes this so damn dangerous is that it can start executing attacks while disguised as any small home or office network. This makes it extremely difficult to trace attacks back to their source, and allows the hackers to cover their asses if they think someone has caught them. If the hackers get skittish they can simply activate a kill switch and nuke the device.

The Daily Beast reports that on Tuesday the FBI effectively kneecapped VPNFilter by seizing ToKnowAll, so any device calling for instructions is redirected to Uncle Sam instead of Mother Russia.

A flaw in the malware can be triggered by resetting routers to purge the infected software. Since any infected devices then have to call home to re-download the missing add-ons, most people can send a hearty "fuck you" to the Kremlin's army of knuckle dragging cubicle dwellers fairly easily.

Authorities believe this the work of "Fancy Bear" (AKA "Apt28," "Sofacy Group"), one of the hacking groups that carried out breaches of the DNC and Hillary Clinton campaign in 2016. Since then, Russia has apparently been busy screwing with Ukraine, long a testing ground for Russian fuckery in the meatspace and cyberspace. Telos says that they discovered a rapidly growing number of devices in Ukraine becoming infected, and fearing an attack at the Champions League Soccer Tournament this Saturday, went public with their research.

The FBI, DOJ, and nerds are recommending people immediately reset routers to wipe out potential infections, as well as installing firmware and software updates, and changing your passwords.

Unfortunately, there really isn't much anyone can do to prevent these kinds of attacks. The Trump administration continues to treat basic cyber security like a joke, scrapping key positions on cyber security in the NSC and capitulating to known threat actors in China and Russia, while Trump himself ignores common-fucking-sense advice due to sheer laziness. And, with Congress loathe to pass any legislation enforcing data privacy in fear of upsetting Silicon Valley, the most we can do is look at cute otters, and fight like Tron.

[Daily Beast / Talos Group / Symantec Security Response / DOJ / NBC News]

Dominic Gwinn

Dominic is a broke journalist in Chicago. You can find him in a dirty bar talking to weirdos, or in a gutter taking photos.


How often would you like to donate?

Select an amount (USD)


©2018 by Commie Girl Industries, Inc