Hackers Abuse Satellite Internet Links To Remain Anonymous 26
msm1267 writes: Poorly secured satellite-based Internet links are being abused by nation-state hackers, most notably by the Turla APT group, to hide command-and-control operations, researchers at Kaspersky Lab said today. Active for close to a decade, Turla's activities were exposed last year; the Russian-speaking gang has carried out espionage campaigns against more than 500 victims in 45 countries, most of those victims in critical areas such as government agencies, diplomatic and military targets, and others. Its use of hijacked downstream-only links is a cheap ($1,000 a year to maintain) and simple means of moving malware and communicating with compromised machines, Kaspersky researchers wrote in a report. Those connections, albeit slow, are a beacon for hackers because links are not encrypted and ripe for abuse.
Simple Summary (Score:3)
Generally speaking, spoofing requires some pretty specific constraints to work at all, and tends to not be a real issue. Well, here is the issue. When a legitimate host fails to respond to its end on an invalid connection.... you have half of the required conditions for spoofing to work well.
Add to that the ability to see incoming traffic to that host....and you have the other half. Make sure they are unencrupted, and there is no way to figure out where the reciever is located....and you have really done it good.
The rest of it pretty logically follows from there. They built exactly what you would expect them to build, either intentionally or due to dumb luck of connections, did it in Africa. Good luck finding them.
Re: (Score:1)
simple, haven't you heard of the spoof command? they use it all the time in the movies. you use it like this:
$ spoof 69.41.160.2
Re: (Score:2)
I thought being able to spoof out was generally fairly common last I checked (admittedly, its been a while since I checked) and its generally the other required additions that are more problematic to set up and use.... you know, when someone doesn't setup a service that is a spoofers wet dream.
Re: (Score:3)
But using a combination of spoofed source address on networks where filtering is difficult or not implemented properly, along with service amplification, it's still a problem.
Re: (Score:2)
Yup, that is why I said spoof out, since the ability to recieve replies and not have the original host muck with your stream since the ability to recieve the return traffic and not have the real host muck with it by sending the appropriate response to close your connection that the satelite companies have so graciously implemented.
Also a threat by aliens (Score:2)
Re: (Score:1)
Thank God that Jeff Golblum and his trusty Mac can hack the alien hackers. And yes...they are making an Independence Day sequel.
Apparently the administration at the time was appalled when the heard that, when the scene of the saucer giant-laser-blasting the Whitehouse into oblivion screened, theatre audiences cheered. B-)
Re: (Score:2)
Yes, hitting that bullseye should make the dominoes fall like a house of cards.
Re: (Score:2, Informative)
P.P.S=> I am an idiot... apk
I realize now that I made a big mistake with my HOSTS FILE ENGINE & most of my posts to slashdot - i apologise & promise to try to be a bit nicer to fellow slashdot members + don't annoy them w/ my HOSTS FILE stories.
APK
P.S.=> I'm the real APK... apk
It must suck (Score:4, Funny)
It must suck trying to cause mayhem with 1000ms ping times.
Re: (Score:1)
-No.
-Now?
Hackers abuse satellite Internet links? (Score:2)
How exactly are Turla hacking the Satellite system to gain unauthorized access, without paying for the service?
Re: (Score:2)