Subscribe

#AxisOfEasy 141: Here Comes Dark_Nexus: Possibly The Most Potent IoT Botnet Ever

by on April 13, 2020

 


Weekly Axis Of Easy #141


Last Week’s Quote was “The final outcome of credit expansion is general impoverishment”, by Ludwig Von Mises, winner was Fabian Luttman. We’re also awarding a renewal to M. Lea, who was wrong in his guess but gets special recognition for knowing who Vincent R. Locascio was. If you don’t know who that was (few do), you should read his 2001 “Special Privilege: How the Monetary Elite Benefit At Your Expense” and 2005’s “The Monetary Elite vs Gold’s Honest Discipline“. You will look at what is happening today with a fresh pair of eyes (which you will then want to claw out of your own head).

This Week’s Quote:   “It takes something more than intelligence to act intelligently” …by ????

THE RULES:  No searching up the answer, must be posted to the blog.

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.

 

We have launched AxisOfEasy.com ! Today’s edition will be posted there and mirrored on easyDNS. Please help us get the word out and tell your friends and colleagues to check out the new website portal and subscribe to our various tendrils there.

#AxisOfEasy Podcast Feeds

Now that the #AxisOfEasy website is live, you can finally subscribe to the podcast companion to this newsletter via your favourite Podcast service (as long as that service isn’t iTunes, who has rejected it for some reason, we’re working on it)

 

Note to New ArcticNames/LowCostDomains Members

If you’re wondering why you’re getting these and your .CA registrar was: ArcticNames, EgateDomains, LowCostDomains.CA, RegisterYour.CA, Aloak or DotCanuck, it’s because of our recent acquisition of the ArcticNames family of registrars.

We send this briefing out every week to keep you up to speed on important happenings in the technology space.

In this issue:

  • Hacked video conference logins being sold on the Dark Web
  • Apple and Google teaming up for Coronavirus contact tracing
  • Eurozone Coronavirus surveillance efforts use mobile apps to track spread
  • YouTube to quash Coronavirus / 5G content as rioters burn cell towers
  • Zoom’s problems around security and privacy continue
  • We totally messed up last week’s VPN article – here’s the real story
  • Here comes dark_nexus: possibly the most potent IoT botnet ever
  • Google Cloud storage experiences outage
  • Team easyDNS continues to ascent the Fold@Home rankings…

Hacked video conference logins being sold on the Dark Web

With the massive shift to remote work globally, hackers are shifting their targeting.  Two separate incidents have been reported by security firms of troves of video conferencing logins being posted or sold on the Dark Web.  It goes beyond pranksters “Zoom bombing” calls for lols.  Serious fraudsters can use stolen credentials to setup fake meetings and convince co-workers to share sensitive documents.

“If the attacker can identify the person whose account he has taken over — and that doesn’t take too much time, just use Google and LinkedIn — then the attacker can potentially impersonate that person and set up meetings with other company employees.  This can be used for business email compromise (BEC) types of attacks, where the attacker can impersonate a person in the company and ask to move money. It can also lead to asking people to share files and credentials over the Zoom chat.”

Security tools used for penetration testing, such as OpenBullet, are now being used by hackers to locate vulnerable web conferencing servers and clients.

Apple and Google teaming up for Coronavirus contact tracing

As per the WSJ:

“Apple Inc. and Google will build software together that would alert people if they were in contact with someone infected with the coronavirus, an unprecedented collaboration between two Silicon Valley giants and rivals.”

The way this would work is by embedding “contact tracing tools” into their respective personal surveillance and compliance beacons smartphones which would use bluetooth to log all the other beacons they come into proximity with.  If anybody subsequently tests positive for Coronavirus then the other phones can search through their travel history to see if they came into contact with the infected.  This will be all voluntary.  And will only apply to coronavirus tracking.  Of Course.

The article goes on to caution that this will no doubt “raise some privacy concerns”.

Eurozone Coronavirus surveillance efforts use mobile apps to track spread 

Over in Europe both France and Germany have undertaken initiatives to pursue COVID-19 tracking via specially designed apps for your personal beacons.

In Germany, the federal agency in charge of disease control has teamed up with a health-tech startup called Thryve to create an app Corona-Datenspende (which translates roughly to Corona data donation).  The app works across most wearable platforms and gathers data based on wearers heart rate, blood pressure, temperature and certain socio-demographic data like age, weight and gender.

In France,  the government has released a smartphone app called StopCovid which will be voluntarily downloaded and similar to the aforementioned Google / Apple piece, it will use the device’s bluetooth to track when people come into contact with somebody who is infected. One possible wrinkle here is that French law currently bars smartphone tracking, with several French lawmakers stating that they remain opposed to geo-tracking citizens.

Read: https://www.zerohedge.com/technology/france-developing-surveillance-app-called-stopcovid-mitigate-virus-spread

YouTube to quash Coronavirus / 5G content as rioters burn cell towers

One of the many tin-foil narratives circulating about the Coronavirus is that newly deployed 5G networks cause it to spread more virulently. Enough people believe this that it has resulted in people setting fires to multiple 5G towers in the UK.

People are going to believe stupid things, and the rational response is simply let people believe stupid things and to just deal with them when that translates into doing stupid things.

But now the tech platforms are stepping in and quashing content that discusses 5G and Coronavirus, and that to me is deeply troubling, for many reasons.

Here’s the shortlist:

  • Material that discusses meta issues of the 5G and Coronavirus will likely be suppressed (like the ramifications of the narrative itself)
  • Anybody who would otherwise actually undertake a serious analysis or peer reviewed study of it will be discouraged, or suppressed
  • The pejorative timbre of the branding and suppression of non-conforming views taints all other non-conforming views, even those that might have some merit.

Ideally the way to counter this is by producing material that refutes it in a non-ideological way, a couple of articles I came across here and here are good examples of that.

Read: https://www.cnbc.com/2020/04/06/coronavirus-uk-cell-towers-set-on-fire-amid-5g-conspiracy-theories.html

Zoom’s problems around security and privacy continue

The hits keep on coming for Zoom.  After the litany of privacy and PR disasters we reported in last week’s edition of #AxisOfEasy, more bad news kept rolling in:

We totally messed up last week’s VPN article – here’s the real story

In last week’s article on VPN provider tracking I fundamentally misunderstood the source material for that piece. The entire article regarding trackers, screen recordings, et al do not refer to the actual VPN tunnels you buy from these providers, they refer to the VPN provider’s websites themselves.

Apologies for this significant error in reporting.  Thanks to Sean and others who pointed this out via the blog and email.  We’ve posted a similar correction to last week’s blog post.

Here comes dark_nexus: possibly the most potent IoT botnet ever

Here comes another virus spreading fast out of China, only this time it’s an IoT botnet called dark_nexus.

IoT botnets have been responsible for some of the most devastating internet attacks in the past.  When DNS provider Dynect got knocked off the Internet completely, for an entire day, it was because of the Mirai botnet, which was comprised of IoT devices.

Researchers are tracking the spread of dark_nexus, which is at the moment, most densely concentrated in China.  The botnet re-uses some code from the Mirai and Qbot infections but is mostly original code that is authored in a way to make it “particularly potent and robust”.

Original report: https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf

Google Cloud storage experiences outage

Last week Google Cloud services crashed for awhile, I’d be exaggerating if I said it brought down the entire internet but it did take out a decent sized chunk of it, including Gmail, Snapchat and Nest.  It’s the third such outage in as many weeks.  This just goes to show that even the biggest most cutting edge companies can struggle to keep up with the surge in demand that global remote work is placing upon networks.

Google later attributed the outage to a router failure in Atlanta.

Update on Team easyDNS Fold@Home team

Team easyDNS continues to chug along and do its bit in collective efforts going on globally to undertake molecular folding calculations on behalf of the Fold@Home project, which is contributing the networked computing power toward Coronavirus efforts.

We now have five contributors who have generated over 1 million credits:

30,916
9,284,604
694
24,306
4,039,691
64
62,568
4,019,630
131
92,485
2,207,496
253
121,126
1,376,621
166

..and our team ranking is now 2,833 out of 250,246. Thanks to all who are joining the call, and if you want to get involved, head to the Fold@Home page and then join team #248458

#AxisOfEasy Podcast Feeds

Now that the #AxisOfEasy website is live, you can finally subscribe to the podcast companion to this newsletter via your favourite Podcast service (as long as that service isn’t iTunes, who has rejected it for some reason, we’re working on it)

One response to “#AxisOfEasy 141: Here Comes Dark_Nexus: Possibly The Most Potent IoT Botnet Ever”

  1. Avatar G DAVID FRYE says:

    “I regret that I have but one GPU to give for my country”

    Setting up the Folding@Home project team was a great idea. For me it was not so much about the science – though hopefully all the computing resources being thrown at it will make a dent – as it was a chance to jump in to a mature distributed computing project. It has a lot of important elements that were missing in some of the community crypto-mining endeavors, like: a support staff, a community, a slick graphical interface, and support for a large spectrum of hardware and operating systems. I have enough spare computing power sitting around the house that I was able to make a dent in the results after just a couple of days (see user “gdf”), not that I’m going to catch up with any GPU-based mining rigs out there. It’s running on Mac and Windows and Linux, server and desktop and laptop, some with GPU and some without. It has a nice control app where you can see all of the clients from one window.

    Still, it might not be something that the average casual computer user is going to be able to set up successfully. I had to detune my dev workstation CPU and GPU settings by hand to keep the temperature down and the blue screens at arms’ length. It has gotten a little warmer in the office!

    Thanks for creating the team. Let’s get some more big iron involved.

Leave a Reply

Your email address will not be published. Required fields are marked *

#AxisOfEasy is brought to you by....

easyDNS

Power & Freedom™ since 1998


Ledger Nano X - The secure hardware wallet