Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/12/2018 | 8:32:36 AM
Re: Recalling Internet Census 2012 and Carna
All good points and add one more - the military complex generally (here we go) OUTSOURCES support to those wonderful firms such as Computer Sciences Corp (now CSRA for public accounts) and they are awful in every single way.  I know!  CSC destroyed Aon group after outsourced in 2004-2005 and to this day it is a horror.  Know nothing of security and their only concern per client is to GET PAID. 
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
7/11/2018 | 8:03:44 PM
Recalling Internet Census 2012 and Carna
I don't know how many folks remember Carna and the paper published based on its Internet scanning findings "Internet Census 2012: Port scanning /0 using insecure embedded devices", but this article calls to mind some my more radical ideas about "getting there first". Breaches like this are painful because they feel so simple to have prevented in the first place.

Consider (putting aside whatever your ideas of privacy currently are) what happened here. As a result of 1) lack of implemented security standards for networked hardware configuration, 2) failure to upgrade networked hardware and/or firmware, 3) failure to properly secure sensitive documents and streaming data and 4) research on a publicly accessible search engine for networked devices, what can be considered a critical military breach occurred.

For those who recall Carna, an Internet "researcher" ran a bot that scanned for all intents and purposes the entire Internet, collecting over 9TB of data on connected devices, including those with open access due to poor configuration. Back in 2011/2012 almost anyone could do this; especially with search engines like Shodan online, literally anyone can do this. In many cases, exploits are a question of who "gets there first". With so much publicly accessible data on hackable systems attached to the Internet, how is it on a daily basis the "good guys" aren't "getting there first" and closing the holes?

As I said, putting aside all opinions on privacy, breaches like this happen for really basic and stupid reasons. But with those opinions set to the side, what's to say the military can't also be sitting in front of Shodan and looking for its own networked devices that are in danger of being compromised? Whats to say hardened versions of Carna can't be running out of financial institutions and monitored 24/7 to help them harden networks, or from military bases globally to keep the random laptops from popping up, maybe on a U.S. military base in Kandahar, that have holes ready to exploit?

I've always been a proponent of combative security, and it seems natural to suggest that as easy as this breach was to commit, it could have been just as easy to prevent with the right people on the other side of it looking for the same thing as the cybercriminals, but "getting there first" thanks to using the same techniques.

But of course, these techniques are not legal in most contexts (not sure if it's a crime to RSS Shodan data, but that alone isn't really sufficient to arm yourself and your network against potential intruders), so until we can iron out that detail we may continuing seeing these breaches happen due to painfully simple failures in security protocol and executed in painfully simple and publicly accessible methods.


Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5524
PUBLISHED: 2020-02-21
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.
CVE-2020-5525
PUBLISHED: 2020-02-21
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.
CVE-2020-5533
PUBLISHED: 2020-02-21
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5534
PUBLISHED: 2020-02-21
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.
CVE-2014-7914
PUBLISHED: 2020-02-21
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.