Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Friday June 09 2017, @01:44AM   Printer-friendly
from the toxic-communications dept.

Turla is an "advanced persistent threat" hacking group based in Russia with a long history of attacking states in ways that advance Russian state interests -- suggesting that they are either a part of the Russian espionage system, or contracting to it.

A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears' Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears's image posts. The compromised systems check in with Spears's Instagram whenever they need to know where the C&C server is currently residing.

Source: BoingBoing

Turla faces another devastating disclosure, a report that Turla exploited gaps in the security model of satellite TV and internet systems to make it possible for compromised computers to contact the C&C servers without revealing their locations.

Satellite internet services that are delivered over DVB-S satellite TV links use unencrypted links: users send data to the satellites through normal internet links, without encryption, that terminate in satellite ground-stations that uplink to the space-based units. The satellites then beam down their communications (again, without encryption) to a region whose footprint has a radius of 600 miles.

Turla intercepted communications destined for the satellite base stations (called "teleport points") and injected their own data into the streams. The satellites retransmitted this data to a 600 square-mile radius zone. The addressee of the data ignored it, because it had a nonsense port-number associated with it. But Turla was able to receive this data and act on it.

Source: BoingBoing


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by jmorris on Friday June 09 2017, @01:57AM (1 child)

    by jmorris (4844) on Friday June 09 2017, @01:57AM (#522896)

    This stuff ain't new. It is all variations on the broadcast your secret instructions and only the intended recipient knows the meaning. BBC would put nonsense messages that meant things to the French Resistance. One or more entities have run the shortwave "numbers" stations for decades. Back when UseNet was still a thing one would see odd things in the plain text areas where porn was UUEncoded and most readers only showed/saved that part... but somebody was looking for that gibberish. Yea, I was a dweeb who was reading alt.binaries.pictures.erotica for the articles. All part of the idea of hiding who is listening while not making it easy to even spot the transmitter. Crypto is only part of a total secure comm solution. Usually it is best if nobody knows you are communicating at all, or failing that can't correctly connect transmitter and receiver.

    Starting Score:    1  point
    Moderation   +3  
       Interesting=3, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 0) by Anonymous Coward on Friday June 09 2017, @04:43PM

    by Anonymous Coward on Friday June 09 2017, @04:43PM (#523145)

    Except this time it is a win for the malware authors or a win for the rest of the world. I mean, either their message infrastructure is bullet-proof or we no longer have to put up with Britney Spears' instagram account.