• ‘Fronton’ is the FSB’s IoT botnet project
The hacker group Digital Revolution says it has obtained details about an an internet-of-things botnet “Fronton” that is or was allegedly being developed by a contractor for the FSB, Russia’s intelligence agency.
The botnet appears to target internet security cameras and digital recorders (NVRs), which the developers say are ideal for carrying out DDoS attacks.
BBC Russia first broke the news earlier this week.
“The group published this week 12 technical documents, diagrams, and code fragments for a project called ‘Fronton,’” reports Catalin Cimpanu for ZDnet’s Zero Day:
The technical Fronton documents were put together following a procurement order placed by one of the FSB’s internal departments, unit No. 64829, which is also known as the FSB Information Security Center.
The documents charge InformInvestGroup CJSC, a Russian company with a long history of fulfilling orders for the Russian Ministry of Internal Affairs, with building an IoT hacking tool.
According to the BBC, InformInvestGroup appears to have sub-contracted the project to Moscow-based software company ODT (Oday) LLC, which Digital Revolution claims to have hacked in April 2019.
Based on file timestamps, the project appears to have been put together in 2017 and 2018. The documents heavily reference and take inspiration from Mirai, an IoT malware strain that was used to build a massive IoT botnet in late 2016, which was then used to launch devastating DDoS attacks against a wide range of targets, from ISPs to core internet service providers.
The documents propose building a similar IoT botnet to be made available to the FSB. Per the specs, the Fronton botnet would be able to carry out password dictionary attacks against IoT devices that are still using factory default logins and common username-password combinations. Once a password attack was successful, the device would be enslaved in the botnet.
Fronton specs say the botnet should specifically target internet security cameras and digital recorders (NVRs), which they deem ideal for carrying out DDoS attacks.
“If they transmit video, they have a sufficiently large communication channel to effectively perform DDoS,” the documents read, as cited by BBC Russia.
Around 95% of the entire botnet should be made up of these two types of devices, the documents say, and each infected device should then carry out password attacks against other devices in order to keep the botnet alive.
Hackers breach FSB contractor and leak details about IoT hacking project
[Zero Day | March 20, 2020]
“Wait a minute… Wait a minute… you ain’t heard nothin’ yet.” In 1927, Al Jolson spoke those words in The Jazz Singer, marking the end of the silent film age. (Of course, that film also featured Jolson in blackface which unfortunately was common at the time.) From The Guardian: Just a year before (The Jazz […]
Tesla has agreed to cut down on the number of active workers inside Elon Musk’s electric vehicle factory in Fremont, CA, but authorities say they have yet to comply with other coronavirus lockdown measures, like not making more cars right now. “Tesla needs to comply with the health order,” said a county spokesman Wednesday.
Telepathy. ESP. The ability to communicate thoughts, feelings, or experiences without using our known sensory channels is a timeless superpower. Soon, advances in neuroscience, molecular biology, and computer science will make some kinds of synthetic telepathy possible. Meanwhile though, methods to treat brain disorders through magnetic stimulation of brain circuits could enable crude (or eventually […]
For many, the results of a basic DNA test done by one of the major genealogy companies will satisfy their curiosity. Those findings give users the chance to see where they’re from, maybe discover basic health markers they should know and possibly learn about a 4th or 5th cousin or two. And that’s usually as […]
If you’ve recently faced a major shift in where you work — as in, from an actual office to your home — you’re probably in need of a little assistance to help you navigate that transition more smoothly. Or, maybe you’ve always worked from home, and now the rest of the world is catching up […]
You won’t find many Python programming fans who aren’t vocal Python programming fans. And after years of steadily rising up the list of the web’s most popular programming disciplines, the user-friendly language notched a major milestone earlier this year, tying with Java as the second-most-used language among coders. So why the steady rise toward the […]