Monday, August 11, 2014

China is striking again, this time using a new phone they developed

Xiaomi Phones Secretly Sending Users' Sensitive Data to Chinese Servers

Chinese Espionage is virtually everywhere these days.  My first real data came from a joint FBI DOD case where Cisco routers are being both cloned and altered to provide China's spy hackers back doors into sensitive actually very classified systems.  The Air Force was one of the first to notice the problem.

Not all the case has ever hit the papers, but enough that it can be talked about.  As I understand it two brothers both holding some version of Chinese and US dual citizenship set up separate firms on both coasts of the US.  It was developed to get around some DOD procurement policies.  One brother would bid on a DOD contract for IT equipment, they would buy US, IE from the bother on the other coast, and they sell to the DOD.  Depending on the version of the story you hear ,the brothers would buy valid Cisco equipment and make changes to it, or as another story goes would just use Chinese provided equipment.  In either case now the equipment would end up in DOD and other US Government systems.  There are at least two power points provided by the FBI on this case, one, for Sensitive release and another for Classified release. Most IT security types have seen one or the other.

Now for the bad news, we the public never have been protected from this, in other words we are still buying altered routers and other IT equipment.   One expert says it is so prevalent that it would be next to impossible to catch it all, and if they tried it would drive IT prices over the moon.  Another recounts a story of an IT chip level expert, analysed three chips and picked the altered one as the good valid chip.

Now add to this the IP v4 vs IP v6 transition.  The easy version is that so many IP addresses are in use now,that we have run out of numbers to assign of the IP v4 addresses anymore.  To solve the problem the IT powers that be developed IP v6 addressing model.  To make it work the IP v6 equipment had to understand the old IP v4 and translate it to the new IP v6.  In fact if you look at your computer right now it will show two IP Addresses, on is a v4 the other is a v6.

China, came to the IT game late, and the majority of the IP v4 addresses had been assigned, and the US had well over half of them, so China jumped on the IP v6 model faster than the rest of the world, in fact 60% of the IP v6 addresses assigned at this point are held by China.  It is said that every square foot of the planet could have it's own IP address under the IP v6 model and we would have some left over.  The US over 10 years ago developed a mandate to move the US Government to IP v6, and it should have happen by now.  It has not, some say it is because of the China spying problem.

The part of a router, or virtually every piece of equipment that may use an IP address, needs to stay relevant when the transition happens, or even during the transition.   Which we are fully in at the moment.  Since China is the leader in IP v6 they developed the most used translation IP v4 to IP v6 chips, which are in just about everything.  So as a story I covered a while ago the American Chamber of Commerce was hacked by China and a very respectable IT Security firm, I am told assisted by the FBI teams worked for a month of so to clean the Chamber's system.   A few months after this cleaning took place, the Chamber was found to be hacked again.  The teams took a wider view of the problem, and found on smart thermostat and one HP printer had chips in them that allowed for the system to be hacked again.

So lets think for a minutes, and figure out what we are using that has an IP address.  We already know of the printers, the smart thermostat, the routers, what else.  The Black Hat conference is just winding down, but has put some new hacks out there.   Smart Home and Business Alarm systems have been found almost universally vulnerable, as are IP addressable video cameras, water heaters, light controllers, cars, airplanes, access control systems, baby monitors, the list goes on an one, and grows day by day.

So are we vulnerable, yes, can we stop it, probably not, but that is a qualified not.  If we are aware of the problem(s) we can do checks on the systems at times.  We can make sure the CCTV cameras at our homes never show private areas.  We can keep reading articles like this to keep us up on some of the new stuff.

Let's go to the CCTV first as a espionage agent would look at it.  First they could just monitor the outside that the camera sees to understand your movements, so they can enter the house when you are not around.  Two they could see if you bought any Pan Tilt and Zoom cameras, so they can move the camera around to spy on areas you did not want seen.  Three they can sell the data from the cameras to folks that may find a use for it.

Now the alarm system in your home, first now they will know when you are home or not by monitoring the alarm system.  Two there are a lot of options you could buy for your alarm system, that you may not be using, but are still there.  One of the biggest is the ability to monitor the audio in your home, it is sold as a way for them to understand the problem as they send police.  IE, you are being beaten up or forced to do something, or they can hear the burglar going through the empty house.  All valid reasons to allow for this type of monitoring, but in any case in most systems the ability is there it is just not turned on by your reputable alarm company.  This is not true of the bad guys, they will turn these on almost at once.

Now this is not to say it is happening at your home or business now, but could be.  Now you  say what would China want with my conversations in my home.  I would answer that China want anything they can get, but you maybe right, the vulnerability is there, but not being exploited by them.  The bad news in that many others know of these vulnerabilities, and can develop or buy ways to exploit them.  For instance Hackers now days often do not have to know much about computers, they can buy on line everything they need.

The FBI did a presentation a week or so ago that showed how some exploits are now free on line, you just down load them and then use them on unsuspecting friends, or enemies at will.  They downloaded, installed and then sent an email to a computer they had me sit at, I opened it, and they had everything I was doing, as well as everything that was on the computer, turned on the camera and microphone, and then just to cap it off sent from the computer I was on emails to people on my contact list (theirs actually) I read the whole email header, it came from the computer I was using,  They then had me send an IM to another computer, during the IM they changed what I wrote, and wrote their own, yet I never saw the changes.

This was all at no cost, just using available free hack software.  So the hack to turn on your alarm system, or monitor your CCTV system are out there, you may have to pay for them, but they are passed around so much probably not for long.

So you all be careful out there, but I will have to read this on someone else's computer to make sure it has not been hacked as I wrote it.

No comments:

Post a Comment