[Beowulf] Hacked MBs It was only a matter of time
dag at sonsorol.org
Thu Oct 4 09:06:05 PDT 2018
I think it's also safe to assume that activating the hardware implants
would be done only for extraordinarily high value targets as widespread
use would almost guarantee that someone would eventually notice, capture
and study the traffic no matter how well it was hidden and thus blow up
an incredibly expensive multi-year scheme.
I wonder given how widely the hardware was seeded if these things are
silent by default and only checkin to the C&C server when activated by
some secondary means like a weird broadcast packet or quickie port knock
or even some other super stealthy recon trigger
John Hearns via Beowulf wrote on 10/4/18 12:53 PM:
> How does the data get "back to base" ?
> I would encrypt it within an NTP or a DNS request - but that assumes
> outgoing NTP/DNS is not firewalled off.
> I guess just encrypted in an HTTP(s) payload makes sense - servers
> make requests to all sorts of software repositories etc.
More information about the Beowulf