FBI Sucker Punches Russian Hackers, Steals Their Lunch Money, And Follows Them Home
Yesterday the DOJ announced that the FBI had taken control of a major server in a Kremlin-linked Russian botnet that has infected 500,000 home and office routers in 54 countries. Computer nerds and authorities believe this to be one of the missing pieces in the 2016 DNC hacking puzzle, and are urging people to reset both their home and office routers.
TLDR: G-Men sucker-punched Putin's computer geeks, stole their lunch money, and followed them home.
Known as "VPNFilter," the malware infected routers from Linksys, MikroTik, NETGEAR, and TP-Link. (Yep, one of those is your router!) Once installed, the malware could quietly download add-ons that allow attackers to spy on incoming and outgoing Internet traffic, steal website credentials, and brick (AKA: kill) any infected hardware.
A nerdy blog post by Cisco's Talos Intelligence group details how the exploit works in three stages. First, it quietly downloads metadata hidden in specific pictures on image hosting websites, Photobucket and ToKnowAll. Once installed, the malware phones home for instructions, and can then start downloading various add-ons that allow hackers to issue commands to infected devices.
According to Talos, what makes this so damn dangerous is that it can start executing attacks while disguised as any small home or office network. This makes it extremely difficult to trace attacks back to their source, and allows the hackers to cover their asses if they think someone has caught them. If the hackers get skittish they can simply activate a kill switch and nuke the device.
The Daily Beast reports that on Tuesday the FBI effectively kneecapped VPNFilter by seizing ToKnowAll, so any device calling for instructions is redirected to Uncle Sam instead of Mother Russia.
A flaw in the malware can be triggered by resetting routers to purge the infected software. Since any infected devices then have to call home to re-download the missing add-ons, most people can send a hearty "fuck you" to the Kremlin's army of knuckle dragging cubicle dwellers fairly easily.
Maybe if the Russians kill Twitter, Trump will give a shit about cyber security?
Empty your wallets or you'll never see your precious elections ever again.
The FBI, DOJ, and nerds are recommending people immediately reset routers to wipe out potential infections, as well as installing firmware and software updates, and changing your passwords.
Unfortunately, there really isn't much anyone can do to prevent these kinds of attacks. The Trump administration continues to treat basic cyber security like a joke, scrapping key positions on cyber security in the NSC and capitulating to known threat actors in China and Russia, while Trump himself ignores common-fucking-sense advice due to sheer laziness. And, with Congress loathe to pass any legislation enforcing data privacy in fear of upsetting Silicon Valley, the most we can do is look at cute otters, and fight like Tron.