The FBI Hacks U.S. Networks (Again)

And, what we can learn from the struggles of Trump’s social media company.

By
104

Happy Thursday everyone! Today we celebrate the 41st anniversary of the first space shuttle, Columbia, returning to Earth

Our first story in today’s newsletter is all about how the FBI is proactively going after Russian malware. The second, while not strictly a national security issue, does tie into these concerns. You see, the idea that conservatives are being abused by “Big Tech” is a fundamental tenet for many saying these companies should be broken up. I’ve said very clearly on multiple occasions (see here, here, and here) that I think this is a bad idea and that it could hurt American national security. So, in light of the recent news about President Trump’s social media platform, I thought I’d lay out what I think we can learn from these developments. I hope you find it helpful.

FBI Hacks U.S. Networks (Again) 

The FBI says it has removed Russian malware from networks around the world to prevent a large-scale botnet attack. The bureau says the Sandworm hacking group, associated with Russia’s Main Intelligence Directorate (GRU), was exploiting previously unknown vulnerabilities in routers and firewalls made by WatchGuard Technologies and ASUS. 

The so-called “Cyclops Blink”’ operation would have allowed Sandworm to use thousands of compromised devices and networks as “zombie” devices (i.e., a “botnet”) to steal data, compromise information, send spam, perpetrate ad fraud, or launch distributed denial of service (DDoS) attacks. The G-men (G-People? G-Persons?) were likely motivated to act after seeing bad guys scan infected networks—using code to look for IP addresses, vulnerabilities, or other information they could use for an attack. 

Start a Free Trial
Get every newsletter and all of The Dispatch. Support quality, fact-based journalism. Get Started ALREADY HAVE AN ACCOUNT? SIGN IN
104
By
Comments (104)
Join The Dispatch to participate in the comments.
 
  1. Avatar photo
    Paul Hoppenjans

    I love this newsletter because I learn something new each time I read it. Klon also writes about the complex and technical aspects such that a layman such as myself can follow along. This is a big challenge because big issues that are fundamental to our participation in a free society, related to personal liberty, good governance, and national security are increasingly wrapped inside a deeply technical tortilla.

    At some point in the future, I'd love to get Klon's take (if he has one) on the Netflix TV series "Black Mirror." Which of the dystopian episodes did he find to be not all that farfetched? Which ones were ridiculous? Which ones did he enjoy as a matter of pure entertainment?

    Collapse
  2. Avatar photo
    Ben Connelly

    I like your tone in this newsletter. Good balance of casual/friendly and authoritative with a dose of helpfulness.

    I’m pleasantly surprised by the FBI’s capability and success, but I share your reservations about the misuse of power.

    Truth Social was a joke. I agree entirely with your assessment of what its lack of success means with one tiny caveat:

    “ The fact that conservatives are not migrating en masse to Truth Social or other so-called “conservative” platforms is proof enough that they feel like they’re getting what they need right where they are.”

    Yes and no. I mean, I agree with the point your making but there are other factors/reasons that could keep conservatives from migrating en masse despite their dissatisfaction with current social media.

    Collapse
  3. Bill

    Blind obedience to authority is the greatest enemy of truth
    Albert Einstein

    Collapse
  4. Natty Bumpo

    Thanks for another innovative piece. I am thankful for the FBI intervention you wrote about but agree with you on the need for oversight by congress. However there is no point in a new committee unless it is set up and managed as a serious and well educated enterprise and one that avoids performance art. It will be a challenging task and will require a seriousness that is rare in our current body politic.

    As to the fairness of social media platforms, I have admittedly very limited insight (do not currently use FB and never used Twitter) but have the impression that fairness is generally OK albeit uneven. I am dubious of efforts that seek governmental constraints.

    Collapse
  5. Avatar photo
    Ray Salemi

    I’m sure it’s been mentioned, but I still find it amusing that Trump would name his social media company правда Social.

    Collapse
  6. Avatar photo
    Citizen60

    Just sterling. Interesting, Informative, and Luddite-understandable. Thanks

    Collapse
  7. Avatar photo
    monocularvision

    Great article! One nitpick: I would make it clear that Mastodon’s code is open source. The way you worded the bit about Truth Social using their code sounded more nefarious than it is.

    Collapse
  8. Avatar photo
    Arrbee

    An actor such as the FBI attempting to "cleanse" a network device of malware without the owner's knowledge seems to me to be problematic from a remediation standpoint, not just a legal one.

    Let's say an enterprise has an infected firewall. Typical remediation usually involves either a configuration change (if possible without disabling a capability) or flashing patched firmware. If the FBI performed either of those actions without the owner's knowledge it could have all kinds of undesirable downstream effects:

    1) If the configuration were changed without the owner's knowledge it might disable a critical function, for example an SSL VPN, which would cause IT to investigate. A poor IT practice would be to simply change it back without investigating. A slightly better practice would be to restore from a backup config. The best option would be to freak out, investigate and hopefully mitigate. But if the original vulnerability were not closed, and only the malware was removed, one would have to imagine that the hackers have a database of infected devices and that they would simply reinfect the device unless the vulnerability was permanently patched.

    2) An unexplained firmware update would be better from a technical standpoint, but if the owner was unaware then the effect on IT would be similar. While the device was being flashed and rebooted it would be down, setting off alerts to IT personnel. If the company had proper network management, then their "desired state" configuration database would see that the firmware didn't match the config DB and might revert it automatically. A manual investigation should freak them out as they wonder how the firmware got updated without their intervention. If they don't detect the change, then there is little hope that they won't be vulnerable again in the future.

    I just don't see how outside intervention without the knowledge of the network operators is anything but a very short term remediation strategy.

    Klon, can you please explain the mechanism that would allow outside remediation without communication to be an effective strategy?

    Collapse
    1. Avatar photo
      Klon Kitchen

      Honestly, I cannot. I'm not privy to those details. You raise good points, though.

      Collapse
  9. Avatar photo
    Bartram's Garden

    "The G-men (G-People? G-Persons?) '

    G-x. The Latinx construction is spreading. Universities are starting to call their alumni, 'alumnx.'

    Collapse
  10. bryce taylor

    Great thesis, except for all the censorship surrounding Covid. You could go to the NIH website and see studies showing positive results using ivermectin, but it was impossible to state so on some media platforms. Ditto with masking studies. This was libertarian censorship.

    Collapse
Load More