FBI Warning: China Will Hack US Infra. (via Router Botnet)
FBI head Wray won’t tolerate China’s “real-world threat to our physical safety.”
Harsh rhetoric against the People’s Republic yesterday at the House Select Committee on the CCP. FBI Director Christopher Wray (pictured) didn’t mince his words.
And he confirmed a U.S. operation to hack back against China-sponsored hackers “Volt Typhoon.” In today’s SB Blogwatch, we 避免成为有用的白痴.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Animal beatbox.
a/k/a BRONZE SILHOUETTE
What’s the craic? Michael Martina, Patricia Zengerle and Andrew Goudsward report—“US officials deliver warning that Chinese hackers are targeting infrastructure”:
“Disinformation”
Hackers linked to the Chinese government are targeting critical U.S. infrastructure, preparing to cause “real-world harm” to Americans, FBI Director Christopher Wray told a congressional committee. … Water treatment plants, the electric grid, oil and natural gas pipelines and transportation hubs are among the targets of state-sponsored hacking operations.
…
“They’re not focused just on political and military targets. We can see from where they position themselves across civilian infrastructure, that low blows aren’t just a possibility in the event of conflict, low blows against civilians are part of China’s plan,” Wray said. … China’s President Xi Jinping told President Joe Biden in November that Beijing would not interfere in the 2024 U.S. election, [but] Wray said: “China has promised a lot of things over the years. So, I guess I’ll believe it when I see it.”
…
The Chinese government has previously accused the United States and its allies of spreading “disinformation” through its accusations [about] state-sponsored hacking groups. … The Chinese foreign ministry did not immediately respond to a request for comment.
What else did Wray say? Martin Matishak and Jonathan Greig add—“US confirms takedown of China-run botnet targeting home and office routers”:
“Unfixable vulnerabilities”
The U.S. Justice Department confirmed on Wednesday that it disrupted a botnet run by a prolific Chinese government hacking operation known as Volt Typhoon. … The Justice Department and FBI got legal authorization from a U.S. court to remotely disable the tools implanted by Chinese government hackers … in December.
…
“Working with our partners, the FBI ran a court authorized network operation to shut down Volt Typhoon and the access it enabled,” FBI Director Christopher Wray testified. … “This operation was an important step but there’s a whole lot more to do and we need your help to do it. … Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate. … We are going to continue to work with our partners to hit the PRC hard and early whenever we see them threaten Americans.”
…
The Volt Typhoon hackers specifically targeted routers that had reached “end of life” status: … No longer supported by their manufacturers, making them rife with unfixable vulnerabilities. The … court order allowed DOJ and FBI officials to delete the KV Botnet malware from the routers. … Officials said the operation was intended to disrupt efforts of state-sponsored hackers to gain access to U.S. critical infrastructure that China would be able to leverage during a future crisis.
Is that legal? bsimpson is interested to know:
The legal aspect of this is interesting. It seems like leaving bystanders alone and removing the threat (what the FBI did) is in everyone’s best interests.
…
Still, this isn’t a foreign warzone. These are devices … presumably owned by Americans, working out of American homes. I wonder under what legal authority the FBI can hack into and modify American devices. What if they accidentally brick something? What if they find evidence of personal illegal activity?
Think of the implications. Ball boy broods:
It’ll get a lot worse! … With the huge increase in home-based working: … A made-to-a-budget home router hooked up to an unmonitored network that has a couple of PCs used by the children (virus updates current? Umm…not entirely sure there’ll even be an AV).
…
And now the veep’s laptop is hanging off the same address pool? Good luck, folks!
It’s not the first time we’ve heard Wray’s warnings. Repeat after echo123:
For a real world reference: China has been attributed by the US government of hacking the OPM database in 2015. That database has every HR detail you can image and then some, on every … Federal government employee (with the exception of the CIA and military).
…
Attacking US critical infrastructure via hacks is one of China’s best options against the US, and is aimed to make the US think twice about defending Taiwan. Unlike bombs, many levels of hacks don’t face reciprocity, like the OPM database theft.
But why are these consumers still using EOL gear? sgc suggests a solution:
Sounds more like we need a minimum required period for security updates after a device is sold, and other similar measures. It is much, much easier to enforce this type of thing with one manufacturer than with 100k customers, many of whom are elderly and will never be able to do it themselves no matter how much we preach.
…
There needs to be a basic security policy that is developed and enforced, and resellers / lessors should be responsible. We already have plenty to draw from, such as car/appliance recalls, large organization security policies, etc. There is a ton of low hanging fruit that could be easily dealt with quickly—if there were political will.
Remember: We’re talking about using the botnet to attack critical infrastructure. Here’s Claptrap314:
Explain again to me why critical infrastructure is on the ******* internet at all? Use small words.
Great question. techmage wholeheartedly agrees:
Having worked in water infrastructure for several years, I wholeheartedly agree. Old computers, old software, and weak security are rampant.
Combine that with underfunded municipalities and you get a recipe for easy disruption. And not in a good way.
Meanwhile, molsongolden passes on this gem from a friend of theirs:
Cybersecurity today is like if we’d asked London building owners to install their own anti-aircraft guns during the Blitz.
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: DonkeyHotey (cc:by; leveled and cropped)