Monday, August 18, 2014

So just who is it that's trying to infect your computer?

It looks like it's the Western Intelligence Agencies:
There's a new story on the c't magazin website about a 5-Eyes program to infect computers around the world for use as launching pads for attacks. These are not target computers; these are innocent third parties.

The article actually talks about several government programs. HACIENDA is a GCHQ program to port-scan entire countries, looking for vulnerable computers to attack. According to the undated GCHQ slide, they've completed port scans of 27 different countries and are prepared to do more.

The point of this is to create ORBs, or Operational Relay Boxes. Basically, these are computers that sit between the attacker and the target, and are designed to obscure the true origins of an attack.
Given the history of data sharing between the 5-Eyes agencies (Intelligence agencies from the USA, UK, Canada, Australia, and New Zealand), I'm not at all confident that, say, GCHQ (the UK's equivalent of the NSA) is not infecting US computers, and NSA isn't infecting UK ones.

This is out of control.


Dave H said...

So, they're building botnets. I don't like where this is going. It's going to give civvie spammers and net vandals a feeling of legitimacy. (Personally, I'd much rather give them a feeling of mortal terror and broken bones.)

R.K. Brumbelow said...

And people call me paranoid for booting servers off of RO media (BluRay Disks these days.) Can they still be exploited? Sure, but a cycling of the power fixes it.