July 7, 2020
Cyber-tales from the dark side: unexpected vulnerabilities, hacking-as-a-service, and space-OS.
Our first month of summer in lockdown – done. And though the world seems to be opening up steadily, we at K decided to take no chances – remaining practically fully working-from-home. But that doesn’t mean we’re working any less effectively: just as well, since the cybercriminals sure haven’t been furloughed. Still, there’ve been no major changes to the global picture of threats of late. All the same, those cyberbaddies, as always, have been pulling cybertricks out of their hats that fairly astonish. So here are a few of them from last month.
A zero-day in ‘super-secure’ Linux Tails
Facebook sure knows how to spend it. Turns out it spent a very six-figure sum when it sponsored the creation of a zero-day exploit of a vulnerability in the Tails OS (= Linux, specially tuned for heightened privacy) for an FBI investigation, which led to the catching of a pedophile. It was known for some time beforehand that this deranged paranoiac used this particular – particularly secure – operating system. FB’s first step was to use its strength in mapping accounts to connect all the ones the criminal used. However, getting from that cyber-victory to a physical postal address didn’t work out. Apparently, they ordered development of an exploit for a video-player application. This choice of software made sense as the sex-pest nutcase would ask of his victims’ videos and would probably watch them on the same computer.
It’s been reported that developers at Tails weren’t informed about the vulnerability exploited, but then it turned out that it was already patched. Employees of the company are keeping shtum about all this, but what’s clear is that a vulnerability-to-order isn’t the best publicity. There does remain some hope that the exploit was a one-off for a single, particularly nasty low-life, and that this wouldn’t be repeated for a regular user.
The takeaway: no matter how super-mega-secure a Linux-based project claims to be, there’s no guarantee there are no vulnerabilities in it. To be able to guarantee such a thing, the whole basic working principles and architecture of the whole OS need overhauling. Erm, yes, actually, this is a cheeky good opportunity to say hi to this ).
Here’s another tale-from-the-tailor-made-cyber-nastiness side. The (thought-to-be Indian) Dark Basin cybercriminal group has been caught with its hand in the cyber-till. This group is responsible for more than a thousand hacks-to-order. Targets have included bureaucrats, journalists, political candidates, activists, investors, and businessmen from various countries. Curiously, the hackers from Delhi used really simple, primitive tools: first they simply created phishing emails made to look like they’re from a colleague or friend, cobbled together false Google News updates on topics interesting to the user, and sent similar direct messages on Twitter. Then they sent emails and messages containing shortened links to credential-phishing websites that look like genuine sites, and that was that – credentials stolen, then other things stolen. And that’s it! No complex malware or exploits! And btw: it looks like the initial information about what a victim is interested in always came from the party ordering the cyber-hit.
Now, cybercrime-to-order is popular and has been around for ages. In this case though the hackers took it to a whole other – conveyor – level, outsourcing thousands of hits.
SpaceX, Starlink, Linux…
Have you ever wondered what OS and software is used at SpaceX? Well, recently we found out: Intel-based Linux. And the logic of the onboard software was written in C/C++.
Then there’s the large satellite program Starlink. And there they use a patched kernel with PREEMPT_RT (preemption real-time) so that the OS works better in real time.
On this, the founder of Linux, Linus Torvalds, had something interesting to say: ~“To control a laser using Linux is crazy, but everyone in this room is a little crazy. Still, if you want to control a welding laser with Linux, then I recommend using PREEMPT_RT”. Turns out the SpaceX engineers write drivers for their space-travel hardware with it. And in terms of the security of Starlink, end-to-end encryption has been promised – to lower the risk for user data or hacking of a satellite or gateway. Also, only signed SpaceX software is used. But the main thing is that in Linux there are ways to launch an untrusted file with the help of a trusted one…
On the whole, nothing astonishing in this story. Earlier, operating systems were specially made for a project, whereas now there’s no such necessity. Linux is simpler and cheaper. Btw: the ISS has long been running on a Linux clone. I wonder what other space programs use?…