Bloomberg alleges Huawei routers and network gear are backdoored

5G Logo in the shape of a butterfly.

Enlarge / PORTUGAL - 2019/03/04: 5G logo is seen on an android mobile phone with Huawei logo on the background. (credit: Omar Marques/SOPA Images/LightRocket via Getty Images)

Vodafone, the largest mobile network operator in Europe, found backdoors in Huawei equipment between 2009 and 2011, reports Bloomberg. With these backdoors, Huawei could have gained unauthorized access to Vodafone's "fixed-line network in Italy." But Vodafone disagrees, saying that while it did discover some security vulnerabilities in Huawei equipment, these were fixed by Huawei and in any case were not remotely accessible, and hence they could not be used by Huawei.

Bloomberg's claims are based on Vodafone's internal security documentation and "people involved in the situation." Several different "backdoors" are described: unsecured telnet access to home routers, along with "backdoors" in optical service nodes (which connect last-mile distribution networks to optical backbone networks) and "broadband network gateways" (BNG) (which sit between broadband users and the backbone network, providing access control, authentication, and similar services).

In response to Bloomberg, Vodafone said that the router vulnerabilities were found and fixed in 2011 and the BNG flaws were found and fixed in 2012. While it has documentation about some optical service node vulnerabilities, Vodafone continued, it has no information about when they were fixed. Further, the network operator said that it has no evidence of issues outside Italy.

Read 9 remaining paragraphs | Comments

Fancy Bear ramping up infowar against Germany—and rest of West

Enlarge / The bear is back. It never went away.

US intelligence agencies have been forthright in their insistence that the Russian government was behind not only the hacking of the Democratic National Committee (DNC) and other political organizations in the US, but a concerted effort to undermine confidence in the results of the US presidential election, including attacks on state election officials' systems. But the US is not the only country that the Russian government has apparently targeted for these sorts of operations—and the methods used in the DNC hack are being applied increasingly in attempts to influence German politics, Germany's chief of domestic intelligence warned yesterday.

In a press release issued on December 8, Germany's Bundesamt für Verfassungsshutz (BfV)—the country's domestic intelligence agency—warned of an ever-mounting wave of disinformation and hacking campaigns by Russia focused on increasing the strength of "extremist groups and parties" in Germany and destabilizing the German government. In addition to propaganda and disinformation campaigns launched through social media, the BfV noted an increased number of "spear phishing attacks against German political parties and parliamentary groups" using the same sort of malware used against the Democratic National Committee in the US.

The statement from the BfV came on the same day that Alex Younger, the chief of the United Kingdom's Secret Intelligence Service (MI6) made more veiled references to disinformation and hacking campaigns. In remarks Younger delivered at Vauxhall Cross, MI6 headquarters, he warned of the mounting risks posed by "hybrid warfare."

Read 6 remaining paragraphs | Comments

In a first, US military plans to drop “cyberbombs” on ISIS, NYT says

(credit: US DefenseImagery)

Opening a new front in its campaign to defeat Islamic State terrorists, the US military has for the first time directed its Cyber Command to mount hacking attacks against ISIS computers and networks, The New York Times reported Sunday.

While US National Security Agency hackers have targeted ISIS members for years, its military counterpart, the Cyber Command, conducted no virtual attacks against the terrorist organization. The new campaign reflects President Obama's desire to bring the types of clandestine military hacking operations that have targeted Iran and other nations to the battle against ISIS. According to the NYT:

The goal of the new campaign is to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters. A benefit of the administration’s exceedingly rare public discussion of the campaign, officials said, is to rattle the Islamic State’s commanders, who have begun to realize that sophisticated hacking efforts are manipulating their data. Potential recruits may also be deterred if they come to worry about the security of their communications with the militant group.

Defense Secretary Ashton B. Carter is among those who have publicly discussed the new mission, but only in broad terms, and this month the deputy secretary of defense, Robert O. Work, was more colorful in describing the effort.

“We are dropping cyberbombs,” Mr. Work said. “We have never done that before.”

The campaign began by installing several implants in the militants’ networks to learn the online habits of commanders. Now, Cyber Command members plan to imitate the commanders or alter their messages. The goal is to redirect militants to areas more vulnerable to attack by American drones or local ground forces. In other cases, officials said, US military hackers may use attacks to interrupt electronic transfers and misdirect payments.

Read 1 remaining paragraphs | Comments

Massive US-planned cyberattack against Iran went well beyond Stuxnet

(credit: Aurich Lawson)

The Stuxnet computer worm that destroyed centrifuges inside Iran's Natanz uranium enrichment site was only one element of a much larger US-prepared cyberattack plan that targeted Iran's air defenses, communications systems, and key parts of its power grid, according to articles published Tuesday.

The contingency plan, known internally as Nitro Zeus, was intended to be carried out in the event that diplomatic efforts to curb Iran's nuclear development program failed and the US was pulled into a war between Iran and Israel, according to an article published by The New York Times. At its height, planning for the program involved thousands of US military and intelligence personnel, tens of millions of dollars in expenditures, and the placing of electronic implants in Iranian computer networks to ensure the operation targeting critical infrastructure would work at a moment's notice.

Another piece of the plan involved using a computer worm to destroy computer systems at the Fordo nuclear enrichment site, which was built deep inside a mountain near the Iranian city of Qom. It had long been considered one of the hardest Iranian targets to disable and was intended to be a follow-up to "Olympic Games," the code name of the plan Stuxnet fell under.

Read 5 remaining paragraphs | Comments