July 12, 2020

The USA has a Mothership

Drawing of BotNet
A BotNet c2 server ordering bots to attack a target.

A cyber war is coming, our adversaries are preparing for battle by flooding the United States consumer electronics market with devices that they can control and gather intelligence from (digital spies).  TheUnited States is the most power country in the world when it comes to air superiority, logistics, and technological advantages in most areas of operation.

How many movies can you name in which aliens invade Earth, and the heroes of the movie save Earth by destroying the mothership or the one big alien that is controlling it’s entire army that are slaughtering humans with ease.  Let me help you with few that I’ve noticed:

  • “Star Wars,” good guys win by blowing up the Death Star.  Earth not involved, but I couldn’t help myself.
  • “Edge of Tomorrow,” humans are saved by killing the big blue alien.
  • “Marvel’s the Avengers,” good guys win after destroying the Chitauri mothership.
  • “Independence Day,” humans are saved by destroying the mothership by uploading a computer virus to it.
  • “Battle: LA,” humans win by destroying the mothership.

Now with all that said, an analogy can be made that the USA is playing the part of the aliens in real life.  Adversaries of the United States know that the only way to defeat the United States is to destroy the mothership.  The mothership in this analogy, is the Internet.  The United States is almost entirely reliant on the Internet not just for military command and control but for the financial markets, power grids, commercial supply chain logistics, healthcare, fuel distribution, etc.  Almost everything in the United States requires the Internet these days.  You won’t be able to buy toilet paper at Walmart if the supply chain is broken.  The enemy knows exactly what to do.

How can this actually happen?  Glad you asked!  Recently, a huge part of the Internet went down when a BotNet was used to take down a huge DNS provider on the Internet (more details here and here).  In short, a BotNet is comprised of a single or multiple command and control servers (C2) which is operating as the enemy’s mothership and it talks to millions of compromised (a.k.a. “recruited”) insecure devices that we all buy everyday.

If you buy cheap wifi routers, IP cameras, DVRs, and the like, then there is a good chance that they contain vulnerable firmware and software from XiongMai Technologies out of China.  XiongMai has shipped out over a half-million vulnerable devices as of Oct 2016.  Within days of you taking it out of the box and connecting it to the Internet, it will be recruited by an enemy BotNet.  It got compromised because you can’t change the insecure default configuration.  It fires up a telnet service with hardcoded credentials.  The box just said “Power it up and plug it in.  It’s freakin’ magic!”  The funny thing is, you’ll never know it has been recruited.  The device will function normally as far as you are concerned and you will be happy you bought it.

Once it gets recruited, it can be ordered to infiltrate the rest of your home network to recruit your other devices, steal data, and take part in future enemy attacks on the Internet.  You might notice that your Internet connection gets slow for some inexplicable reason for an extended period of time.  That is a symptom of your recruited devices launching a Distributed Denial of Services (DDoS) attack on the Internet.  Its hogging the bandwidth.

What can you do?  For one thing, stop buying devices that come from hostile manufacturers that do not have your best interest at heart.  A Gingsoft, we just started growing a list of manufacturers that you DO NOT BUY from.  What about the hostile devices that you already bought?  You need to block the device(s) from talking to the Internet in your home firewall (a.k.a. egress filtering).  Find the make and model of your firewall.  Then search google for the manual or better yet, watch youtube videos about egress filtering configurations your firewall.  After that if you still need help with this, become a member and we will show you how.