'Vigilante Hackers' Strike Routers In Russia and Iran, Reports Motherboard

An anonymous reader quotes Motherboard: On Friday, a group of hackers targeted computer infrastructure in Russia and Iran, impacting internet service providers, data centres, and in turn some websites. "We were tired of attacks from government-backed hackers on the United States and other countries," someone in control of an email address left in the note told Motherboard Saturday... "We simply wanted to send a message...." In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: "Don't mess with our elections," along with an image of an American flag...

In a blog post Friday, cybersecurity firm Kaspersky said the attack was exploiting a vulnerability in a piece of software called Cisco Smart Install Client. Using computer search engine Shodan, Talos (which is part of Cisco) said in its own blog post on Thursday it found 168,000 systems potentially exposed by the software. Talos also wrote it observed hackers exploiting the vulnerability to target critical infrastructure, and that some of the attacks are believed to be from nation-state actors...

Reuters reported that Iran's IT Minister Mohammad Javad Azari-Jahromi said the attack mainly impacted Europe, India, and the U.S.... The hackers said they did scan many countries for the vulnerable systems, including the U.K., U.S., and Canada, but only "attacked" Russia and Iran, perhaps referring to the post of an American flag and their message. They claimed to have fixed the Cisco issue on exposed devices in the US and UK "to prevent further attacks... As a result of our efforts, there are almost no vulnerable devices left in many major countries," they claimed in an email.
Their image of the American flag was a black-and-white drawing done with ASCII art.

Undecided

[Ensign_Expendable]

Part of me wants to cheer and the other part says things like this aren't helping.

Re:Undecided

[ShanghaiBill]

Part of me wants to cheer and the other part says things like this aren't helping.

The second part of you is correct. These actions are counter-productive. Russia and Iran both have closed paranoid cultures that play up their victimhood at the hands of the West. But that belief is not monolithic, and there are factions in both countries that want more openness, tolerance, and trust in the international system. These vigilante actions weaken these people while strengthening the paranoid hardliners.

In fact, these actions play so smoothly into the hands of the hardliners, that we shouldn't dismiss the possibility that it is a false flag operation.

Re:Undecided

[ShanghaiBill]

Government ordered cyber offensives designed to change the leadership of a country are an act of war.

Espionage and covert activities are a normal part of government relations. Saying Russian ads on Facebook are an "act of war" is absurd.

Acts of war cannot be ignored.

Why not?

That alone is a reason Trump should be impeached, since he is not doing his damn job.

Declaring war is a congressional responsibility.

If anyone can point to a real plan to stop this shit from happening again, or even serious progress...?

Here's my plan: Improve education in America so we have fewer people stupid enough to believe nonsense posted on Facebook.

Re:Undecided

[ShanghaiBill]

And how long are we supposed to wait for Russia, NK, Iran, or other similar countries to become more open?

As long as it takes. What is the alternative? War?

As bad as they are, Russia, NK, and Iran are indeed becoming more open. A generation ago, all three were worse, at least for their own people.

The world seems to assume that the US is powerless to stop other countries from conducting cyber attacks on the US.

We are far from powerless, but our responses should be intelligent, proportionate, and carefully targeted. The main focus should be on making our own systems less vulnerable, rather than attacking others.

Re:Vigilante ? More like the NSA.

[Luckyo]

That's also why this is highly unlikely to be NSA. The folks doing intelligence work for government intelligence agencies don't fuck around like this. They go for the throat, and they go hard.

And it's not like it's limited to US. In fact, one of the biggest complaints of FBI doing investigations of Russian for profit hackers was that almost every one they reported on to Russian authorities ended up being recruited for their intelligence apparatus.

Re:Vigilante ? More like the NSA.

[PolygamousRanchKid+]

Don't kid yourselves, the baddest motherfuckers in the world of computers are employed by governments.

. . . when "The Pros" hack into a system . . . they don't tell anyone about it.

. . . when "The Schmoes" hack into a system . . .they brag about it on Facebook.

One of the oldest rules in the book is that you never let your enemy know that you have compromised them. That way, they will continue to expose valuable information that you can exploit.

If you leave behind an email stating, "You've been hacked!" . . . that's game over for that exploit.

There used to be an ancient joke that "spooky folks" would pass around, that went something like:

"Did you hear the story of the greatest spy coup of all time . . . ?"

"No . . . you didn't . . . and you never will."

Re:Dear TLAs and Trump

[slashdot_commentator]

Wouldn't it be nice if you could be pro-active for once and tell the router makers about all the holes you exploit?

Stupid, the router makers already know about the holes. They're just too languid in their response time to issue a patch. And even worse, admins and infrastructure managers are too slow to apply those patches and replace unpatchable (too old) machines.

ASCII art

[DontBeAMoran]

Their image of the American flag was a black-and-white drawing done with ASCII art.

What really troubles me about this is the choice of image format used to save the screenshot of the ASCII art. Why are people still using JPEG for non-photographic images in 2018?