[Beowulf] Hacked MBs It was only a matter of time

Chris Dagdigian dag at sonsorol.org
Thu Oct 4 09:06:05 PDT 2018

I think it's also safe to assume that activating the hardware implants 
would be done only for extraordinarily high value targets as widespread 
use would almost guarantee that someone would eventually notice, capture 
and study the traffic no matter how well it was hidden and thus blow up 
an incredibly expensive multi-year scheme.

I wonder given how widely the hardware was seeded if these things are 
silent by default and only checkin to the C&C server when activated by 
some secondary means like a weird broadcast packet or quickie port knock 
or even some other super stealthy recon trigger

John Hearns via Beowulf wrote on 10/4/18 12:53 PM:
> How does the data get "back to base"  ?
> I would encrypt it within an NTP or a DNS request  - but that assumes
> outgoing NTP/DNS is not firewalled off.
> I guess just encrypted in an HTTP(s) payload makes sense - servers
> make requests to all sorts of software repositories etc.

More information about the Beowulf mailing list