ARRA News Service
ARRA News Service facebook page  
News for social, fiscal & national security conservatives who believe in God, family & the USA. Upholding the rights granted by God & guaranteed by the U.S. Constitution, traditional family values, "republican" principles / ideals, transparent & limited "smaller" government, free markets, lower taxes, due process of law, liberty & individual freedom. All content approval rests with the ARRA News Service Editor. Opinions are those of the authors. While varied positions are reported, beliefs & principles remain fixed. No revenue is generated for or by this site - no paid ads accepted - no payments for articles. Fair Use doctrine is posted & used.
Editor/Founder: Bill Smith, Ph.D. [aka: OzarkGuru & 2010 AFP National Blogger of the Year]
Contact: editor@arranewsservice.com (Pub. Since July, 2006)
    Home Page

One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors. -- Plato (429-347 BC)

Tuesday, October 25, 2016

Internet Outage Caused By Cheap, Unsecured Chinese Crap That Was Weaponized

by Robert Romano: On Friday, Oct. 21, a massive attack against Dyn, which handles domain name system resolution for large websites like Twitter, SoundCloud, Spotify, Reddit and others, severely disrupted Internet traffic while the company got a handle on the problem.

According to a company statement from Dyn, “At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses… across multiple attack vectors and Internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.” The outage lasted a few hours.

Many of devices in question have been traced back to a single company in China, XiongMai, according to Krebsonsecurity.com, “According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based botnet. Allison Nixon, director of research at Flashpoint, said the botnet used in today’s ongoing attack is built on the backs of hacked IoT [Internet of Things] devices — mainly compromised digital video recorders (DVRs) and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products.”

In other words, China has apparently been selling us cheap, unsecured “Internet of things” components that are installed in other products — devices that communicate with the Internet like closed-circuit TV digital cameras, DVRs, smart kettles and what not — that are now being weaponized into a massive distributed denial of service attacks by utilizing millions of connected devices into a coordinated assault

By legend, Lenin supposedly joked we’d sell the communists the rope they’d hang us with. But maybe it wasn’t a joke.

If these devices can be hacked to turn them into weapons, they can also be hacked into and compromised on their core functions. See, “Hackers remotely kill Jeep on the highway — with me in it,” July 21, 2015 Wired.com piece by Brian Greenberg for a taste of the terror that could be unleashed in our new interconnected world. In that example exploits against components in automobiles can be used to compromise a vehicle’s steering, brakes, acceleration and other critical functions that, nowadays, are entirely digital. Can you say recall?

But it’s not just cars. The range of “smart” devices include infrastructure like train tracks, bridges medical devices and more. How much of our critical infrastructure was made with cheap, unsecured Chinese crap?

Maybe connecting everything to the Internet is not so smart.

But it gets worse. Last month, Internet security expert Bruce Schneier warned the Internet’s infrastructure itself is being probed for weaknesses: “Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure. The attacks are also configured in such a way as to see what the company’s total defenses are.”

Schneier adds, ominously, that “One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.”

Raising the question, if the Internet is being probed for weaknesses, does that imply a state actor is involved in the probing? What are they preparing for?

Perhaps we should be questioning where these devices are manufactured. What if a state military came to be involved in the manufacture of these devices? Ever since the manufacture of IBM personal computers was taken over by Lenovo, a China-based company, a decade ago, it has long been under suspicion of manufacturing hardware Trojans, installing hard-to-find malicious circuits and the like.

In 2014, new Lenovos were coming pre-installed with sophisticated spyware until it was exposed. Begging the question, what else is on these machines?

These concerns are apparently shared by the Pentagon, the Washington Free Beacon’s Bill Gertz reports, and is now warning against plugging any Lenovos into secure networks: “The Pentagon’s Joint Staff recently warned against using equipment made by China’s Lenovo computer manufacturer amid concerns about cyber spying against Pentagon networks, according to defense officials. A recent internal report produced by the J-2 intelligence directorate stated that cyber security officials are concerned that Lenovo computers and handheld devices could introduce compromised hardware into the Defense Department supply chain, posing cyber espionage risks, said officials familiar with the report.”

Disturbingly, the report also details evidence that Lenovo computers are already engaged in cyber warfare: “One official said Lenovo equipment in the past was detected ‘beaconing’ — covertly communicating with remote users in the course of cyber intelligence-gathering.”

“There is no way that that company or any Chinese company should be doing business in the United States after all the recent hacking incidents,” the official said.

But the problem could be bigger than simply devices in Defense networks or even in the U.S. As seen with the Dyn attack, if devices can be remotely commandeered, it might matter less where they are necessarily located. More than 137 million Lenovo computers have been sold commercially the past decade, accounting for about 7 percent of all computers in the world (the total number appears to be about 2 billion at the moment).

If millions of low-grade cameras can be leveraged in an attack, why not tens of millions of the best-selling laptop computers in the world connected to the Internet?

Perhaps this is what happens when a great nation outsources critical production infrastructure overseas. Maybe we should be more discerning about what it is we’re importing.

Whether it is insecure components in our DVRs or one-fifth of the current market for personal computers, the military applications are obvious, besides spying. If a state actor were going to take down the Internet, it might be at the same time, or shortly before, say, an attack in order to create confusion on the ground and to cut off communications. Then when the attack happens, access to information could be limited.

It may seem over the top, but if the Internet’s vital infrastructure is currently being probed for weaknesses, then we have to be prepared for the possibility of an attack, too — and the fact that we may have already paid for and installed some of the components that might facilitate it.

If there is a virtual Trojan horse in our midst, as Paris warned, perhaps it would be best to burn it before it’s too late.
----------------
Robert Romano is the Senior Editor of Americans for Limited Government. His article was first shared on the ALG's NetRight Daily blog.

Tags: Robert Romano, Americans For Limited Government, Internet Outage, Caused By Cheap, Unsecured, Chinese Crap, That Was Weaponized To share or post to your site, click on "Post Link". Please mention / link to the ARRA News Service. and "Like" Facebook Page - Thanks!
Posted by Bill Smith at 9:44 AM - Post Link

0 Comments:

Post a Comment

<< Home


national debt
Don't miss anything!
Subscribe to the
ARRA News Service
It's FREE & No Ads!

You will receive a verification email
& must validate you subscribed!

You Then Receive One Email Each AM
With Prior Days Articles / Toons / More


Also, Join us at:
Facebook.com/ARRANewsService


Recent Posts:
Personal Tweets by the editor:
Dr. Bill - OzarkGuru - @arra
#Christian Conservative; Retired USAF & Grad Professor. Constitution NRA ProLife schoolchoice fairtax - Editor ARRA NEWS SERVICE. THANKS FOR FOLLOWING!

Action Links!
Arkansas State Senators
AR State Representatives
Arkansas Governor Office
Arkansas Attorney General
Bankrupting America
US House of Representatives
US Senators
Family Research Council
GrassFire
NumbersUSA
Ballotpedia
Judgepedia
Sunshine Review

Facebook Accts - Dr. Bill Smith
Pages:
ARRA News Service
Arkansans Against Big Government
Alley-White Am. Legion #52
Catholics & Protestants United Against Discrimination
End Taxpayer Funding of NPR
Overturn Roe V. Wade
Prolife Soldiers
Project Wildfire 4 Life
Republican Liberty Caucus of Arkansas
The Gold Standard
US Atty Gen Loretta Lynch, aka Eric Holder, Must Go
Veterans for Sarah Palin
Why Vote for Hillary (Satire)
FB Groups:
Arkansas For Sarah Palin
Arkansas Conservative Caucus
Arkansas County Tea Party
Arkansans' Discussion Group on National Issues
Blogs for Borders
Conservative Solutions
Conservative Voices
Defend Marriage -- Arkansas
FairTax
FairTax Nation
Arkansas for FairTax
Friends of the TEA Party in Arkansas
Freedom Roundtable
Let's Mine AR Lignite NOW!
Pro-Life Rocks - Arkansas
Republican Network
Republican Liberty Caucus of AR
Reject the U.N.

Patriots
Exchange
Links

Request Via
Article Comment

Links to ARRA News
A Patriotic Nurse
Agora Associates
a12iggymom's Blog
America, You Asked For It!
Americans for a Free Republic
America's Best Choice
America's Whatchtower
An Ol’ Broad’s Ramblings
ARRA Twitter
As A Matter of Fact
As The Crackerhead Crumbles
Baaad Media!
Black & Right
Blogs For Borders
Blogs for Palin
Blow the Trumpet Ministry
Boot Berryism
Cap'n Bob & the Damsel
Chicago Ray Report
Chuck Baldwin - links
Citizen Pamphleteer
Common Cents
Conservative Hideout
Conservative Observer AZ
Conservative Voices
Conway Real Deal
Defeat Obama's Agenda
Diana's Corner
eGOP News
Florida Pundit
Franklin Online Outreach
Freedom For US Now
Free Zone Media Center
For God and Liberty
Garland County Republicans
Greater Fitchburg For Life
Guns and Religion
Lasting Liberty Blog
Liberal Isn't Amy
Liberty's Lifeline
Maggie's Notebook
Marathon Pundit
Monkey in the Middle
NASA Satellites
No Runny Eggs
Okie Campaigns
Our Voices Arkansas
Patriot's Corner
ProLifeBlogs
Publius Forum
Randy's Roundtable
Real Debate Wisconsin
Religion and Morality
Right on Issues that Matter
Right Reason
Rocking on the Right Side
Saber Point
Saline Watchdog
Secure Arkansas
Sentry Journal
Sultan Knish
Teresamerica
Stop Obama Satire & Cartoons
The Arkansas Patriot
The Audacity of Logic
The Blue Eye View
The Bobo Files
The Born Again Americans
TEA Party Cartoons
The Conservative Citizen
The Foxhole | Unapologetic Patriot
The Liberty Republican
The Lid
The Looking Spoon
The Maritime Sentry
The O Word
The Path to Tyranny Blog
The Real Polichick
TOTUS
Truth About Obamacare
Twitter @ARRA
Warning Signs
Women's Prayer & Action
WyBlog

Editor's Managed Twitter Accounts
Twitter Dr. Bill Smith @arra
Twitter Arkansas @GOPNetwork
Twitter @BootBerryism
Twitter @SovereignAllies
Twitter @FairTaxNation

Editor's Recommended Orgs
Accuracy in Media (AIM)
American Committment
American Culture & Faith Institute
American Enterprise Institute
American Family Business Institute
Americans for Limited Government
Americans for Prosperity
Americans for Tax Reform
American Security Council Fdn
AR Faith & Ethics Council
Arkansas Policy Foundation
Ayn Rand Institute
Bill of Rights Institute
Campaign for Working Families
Center for Individual Freedom
Center for Immigration Studies
Center for Just Society
Center for Freedom & Prosperity
Citizens Against Gov't Waste
Citizens in Charge Foundstion
Coalition for the Future American Worker
Competitive Enterprise Institute
Concerned Veterans for America
Concerned Women for America
Declaration of Am. Renewal
Eagle Forum
FairTax
Family Research Council
Family Security Matters
Franklin Center for Gov't & Public Integrity
Freedom Works
Gingrich Productions
Global Incident Map
Great Americans
Gold Standard 2012 Project
Gun Owners of America (GOA)
Heritage Action for America
David Horowitz Freedom Center
Institute For Justice
Institute for Truth in Accounting
Intercollegiate Studies Institute
Judicial Watch
Less Government
Media Reseach Center
National Center for Policy Analysis
National Right To Work Foundation
National Rifle Association (NRA)
National Rifle Association (NRA-ILA)
News Busters
O'Bluejacket's Patriotic Flicks
Open Secrets
Presidential Prayer Team
Religious Freedom Coalition
Renew America
Ron Paul Institute
State Policy Network
Tax Foundation
Tax Policy Center
The Club for Growth
The Federalist
The Gold Standard Now
The Heritage Foundation
The Leadership Institute
Union Facts



Blogs For Borders

Reject the United Nations

Adopt Our Troops in Prayer


Thousands of Deadly Islamic Terror Attacks Since 9/11

FairTax Nation on FaceBook
Friends of Israel - Stand with Israel
Blog Feeds
Syndicated - Get the ARRA News Service feed Syndicated!
ARRA Blog Feed

Add to Google Reader or Homepage

Add to The Free Dictionary

Powered by Blogger


  • How To Exchange Links!
  • Comments by contributing authors or other sources do not necessarily reflect the position the editor, other contributing authors, sources, readers, or commenters. No contributors, or editors are paid for articles, images, cartoons, etc. While having reported on and promoting the beliefs associated with the ARRA, this blog/site is not controlled by nor funded by the ARRA. This site/blog does not advertise for money or services nor does it solicit funding for its support.
  • Fair Use: This site/blog may contain copyrighted material the use of which has not been specifically authorized by the copyright owner. Such material is made available to advance understanding of political, human rights, economic, democracy, and social justice issues, etc. This constitutes a 'fair use' of such copyrighted material as provided for in section Title 17 U.S.C. Section 107 of the US Copyright Law. Per said section, the material on this site/blog is distributed without profit to readers to view for the expressed purpose of viewing the included information for research, educational, or satirical purposes. Any person/entity seeking to use copyrighted material shared on this site/blog for purposes that go beyond "fair use," must obtain permission from the copyright owner.
  • © 2006 - 2017 ARRA News Service
Creative Commons License
Creative Commons Attribution Noncommercial Share Alike 3.0 Unported License.