Forbes: Hack on Putin’s Intelligence Agency Finds Weapon to Exploit IoT Vulnerabilities

“Red faces in Red Square, again,” writes a Forbes cybersecurity correspondent: Last July, I reported on the hacking of SyTech, an FSB contractor working on internet surveillance tech. Now, reports have emerged from Russia of another shocking security breach within the FSB ecosystem. This one has exposed “a new weapon ordered by the security service,” one that can be used to execute cyber attacks on IoT devices. The goal of the so-called “Fronton Program” is to exploit IoT security vulnerabilities en masse — remember, these technologies are fundamentally less secure than other connected devices in homes and offices…

The security contractors highlight retained default “factory” passwords as the obvious weakness, one that is easy to exploit… The intent of the program is not to access the owners of those devices, but rather to herd them together into a botnet that can be used to attack much larger targets — think major U.S. and European internet platforms, or the infrastructure within entire countries, such as those bordering Russia.

But the article also notes that targetted devices for the exploits include cameras, adding that compromising such devices in foreign countries by a nation-state agency “carries other surveillance risks as well.” It also points out that the FSB “is the successor to the KGB and reports directly to Russia’s President Vladimir Putin,” and its responsibilities include electronic intelligence gathering overseas.

“The fact that these kind of tools are being contracted out for development given the current geopolitical climate should give us all serious pause for thought.”