Dan Goodwin writing for ars technica provides us with some chilling information about our personal communication/information handling devices (phones, laptops, tablets, etc.):
Hackers, possibly working for an advanced nation, have infected more than 500,000 home and small-office routers around the world with malware that can be used to collect communications, launch attacks on others, and permanently destroy the devices with a single command, researchers at Cisco warned Wednesday.
VPNFilter—as the modular, multi-stage malware has been dubbed—works on consumer-grade routers made by Linksys, MikroTik, Netgear, TP-Link, and on network-attached storage devices from QNAP, Cisco researchers said in an advisory. It’s one of the few pieces of Internet-of-things malware that can survive a reboot. Infections in at least 54 countries have been slowly building since at least 2016...
Now, your home router might not yet be infected by VPNFilter, but it doesn’t need to be for this vulnerability to affect you. As Goodwin notes, once it resides in any router it “can be used to collect communications, launch attacks on others”, and it is designed to do so in a particularly well-camouflaged manner:
The malware also makes it possible for the attackers to obfuscate themselves by using the devices as nondescript points for connecting to final targets
Who might the ‘advanced nation’ behind VPNFilter be?
Cisco’s report comes five weeks after the US Department of Homeland Security, FBI, and the UK’s National Cyber Security Center jointly warned that hackers working on behalf of the Russian government are compromising large numbers of routers, switches, and other network devices belonging to governments, businesses, and critical-infrastructure providers. Cisco’s report doesn’t explicitly name Russia, but it does say that VPNFilter contains a broken function involving the RC4 encryption cipher that’s identical to one found in malware known as BlackEnergy. BlackEnergy has been used in a variety of attacks tied to the Russian government, including one in December 2016 that caused a power outage in Ukraine.
Now, is this a theoretical threat?
Nope:
The attacks drastically ramped up during the past three weeks, including two major assaults on devices located in Ukraine.
Ukraine has been the preferred proving ground for Russia’s hackers to test methods for disabling infrastructure and altering election results. So, it could be some other advanced nation, pretending to operate exactly like Russia, but…
Fortunately, Putin’s tool in the oval office and his cabal of flailing morons crack team of cybersecurity experts is on the case:
Even as Homeland Security released a new strategy for identifying and managing cybersecurity risks, the White House axed the cybersecurity coordinator position on the National Security Council because they said the role is no longer considered necessary…
…with the Trump administration eliminating the cyber czar’s role, it could send the wrong message to nation-state attackers; adversaries may believe the White House doesn’t take cybersecurity very seriously.
And we should all rest assured that Homeland Security Secretary Nielson is every bit as informed and concerned about Russian hacking as her boss Vlad P. DJT:
In case there was any doubt that the Trump administration isn't taking the issue of Russian interference in U.S. elections terribly seriously, just look at the comments of the people who should know better.
Homeland Security Secretary Kirstjen Nielsen was the latest to appear unfamiliar with the intelligence community's 16-month-old report on Russian meddling, saying Tuesday of its finding that Russia aimed to help Donald Trump in the 2016 election: “I don’t believe I’ve seen that conclusion.”
Ok, at least we can rest assured that our voting systems aren’t vulnerable to hacks utilizing VPNFilter, because only an idiot would transmit raw vote totals via a router, right?
In 2011, the election board in Pennsylvania’s Venango County — a largely rural county in the northwest part of the state — asked David A. Eckhardt, a computer science professor at Carnegie Mellon University, to examine its voting systems. In municipal and state primaries that year, a few voters had reported problems with machines ‘‘flipping’’ votes; that is, when these voters touched the screen to choose a candidate, the screen showed a different candidate selected. Errors like this are especially troubling in counties like Venango, which uses touch-screen voting machines that have no backup paper trail; once a voter casts a digital ballot, if the machine misrecords the vote because of error or maliciousness, there’s little chance the mistake will be detected.
Eckhardt and his colleagues concluded that the problem with the machines, made by Election Systems & Software (ES&S), was likely a simple calibration error. But the experts were alarmed by something else they discovered. Examining the election-management computer at the county’s office — the machine used to tally official election results and, in many counties, to program voting machines — they found that remote-access software had been installed on it.
Remote-access software is a type of program that system administrators use to access and control computers remotely over the internet or over an organization’s internal network…
… it’s likely that the software is still installed on other election systems around the country. ES&S has in the past sometimes sold its election-management system with remote-access software preinstalled, according to one official; and where it wasn’t preloaded, the company advised officials to install it so ES&S technicians could remotely access the systems via modem, as Venango County’s contractor did, to troubleshoot and provide maintenance. An ES&S contract with Michigan from 2006 describes how the company’s tech support workers used remote-access software called pcAnywhere to access customer election systems. And a report from Allegheny County, Pennsylvania, that same year describes pcAnywhere on that county’s election-management system on June 2 when ES&S representatives spent hours trying to reconcile vote discrepancies in a local district race that took place during a May 16th primary. An Allegheny County election official told me that remote-access software came pre-installed on their ES&S election-management system. (emphasis added)
‘Vote discrepanices’?
But that hasn’t actually had an effect on actual votes and vote totals, and won’t happen here going forward. Right?
Former Assoc. Dir. of National Intelligence: “it was entirely possible votes were tampered with”. (March 9, 2018)
For all the efforts Russia engaged in over the course of years to attempt to determine the outcome of the 2016 election, and install their preferred candidate, and all that is publicly known of their multifaceted operations to penetrate our voting systems, there are still many here and elsewhere who hold onto the contention there is no direct evidence that any votes, or vote totals, were changed.
That contention relies on the notion that Russia did everything in its capability to capture the election, from hijacking social media platforms to recruiting Americansto assist them, and they breached various voting systems in dozens of states, but the one the one thing they held back from doing, was change votes themselves (even though, as the work of Dr. Simons and other experts show, they could do so ‘invisibly’). Why would Putin hold back in this one instance, when he has shown no such restraint in any other way?
The answer is, in all likelihood: he didn’t hold back. Claims that votes were not changedto ensure the election of Putin’s tool, are looking less plausible by the day.
An article by Dr. Eric Haseltine (in, of all places, Psychology Today) from last month, explicates why this is the case.
First, who is Dr. Haseltine? From his website:
Eric joined the National Security Agency to run its Research Directorate. Three years later, he was promoted to associate of director of National Intelligence, where he oversaw all science and technology efforts within the United States Intelligence Community as well as fostering development innovative new technologies for countering cyber threats and terrorism. For his work on counter-terrorism technologies, he received the National Intelligence Distinguished Service Medal in 2007...
So, do the Russians intend to elect American candidates they prefer over those that we, the voters, prefer?
In a word, yes. In a rare display of unanimity, last year the U.S. Intelligence Community assessed that Putin, acting through his intelligence services, had indeed tried to tip the presidential election. One of the Russian Intelligence’s scariest accomplishments was to break into voter databases in 21 states (up to 50 states if you believe some sources). This success alone could have influenced the election by dictating who could and could not vote. In one target of Russian hacking, North Carolina for instance, some legitimate voters (in a “blue” precinct, as it turns out,) could not vote because the e-poll registration system used to allow voters to vote erroneously asserted that some legitimate voters weren’t registered…
One more thing. You might be wondering whether, despite their motivation to subvert our national elections, Russian leadership might still hesitate to alter vote tallies out of fear of getting caught. Whereas the U.S. Congress responded to voter registration hacks and email leaks from the Clinton campaign with sanctions—a mere slap on the wrist—the U.S. just might view outright alteration of vote counts an act of war and respond accordingly.
Sadly, I think the Kremlin views getting caught as more of a good thing, than a bad thing, because the net result would be favorable to Russia. Based on the way we responded to Russian behavior in 2016, Putin knows that a sizable portion of America—members of whichever major party the Kremlin favored—would, by and large, accept the inevitable Russian denials about vote tampering because we all believe what we want to believe, particularly when believing Russia committed an act of war could lead to armed conflict with a superpower…
In other words, if Russia were caught changing vote counts, America would be even more divided than today: exactly what the Kremlin wants. And the national will to respond to Russia’s provocation as an act of war simply wouldn’t be there.
Russia wins if they don’t get caught and Russia wins if they do get caught; what’s not to like? (emphasis added)
Note that Dr. Haseltine makes reference to information that, rather than the 39 states we know were in some way compromised, it may be the voting systems in all 50 states the Russians accessed.
Charles Pierce, in an article published almost exactly a year ago at Esquire, gives the most trenchant appraisal of all this :
The last outpost of moderate opinion on the subject of the Russian ratfcking during the 2016 presidential election seems to be that, yes, there was mischief done and steps should be taken both to reveal its extent and to prevent it from happening again in the future, but that the ratfcking, thank baby Jesus, did not materially affect the vote totals anywhere in the country. This is a calm, measured, evidence-based judgment. It is also a kind of prayer. If the Russian cyber-assault managed to change the vote totals anywhere, then the 2016 presidential election is wholly illegitimate. That rocks too many comfort zones in too many places.
Putin isn’t playing.