Security Alert

Today's post is short, but important if you own an older Linksys router. The unusual element in this story is the warning comes from the FBI. (PDF)

A fair amount of tech literature drops in my box, keeping me fairly up to date about cyberattacks and vulnerabilities. Maybe I’m wrong, but I don’t recall a previous FBI interventions. Without reverting to field literature, I hazard affected models have a known weakness that, because the manufacturer has discontinued said models, are especially susceptible to exploitation.

Affected models can be used for Man in the Middle attacks, Evil Twins, data theft, and weaponizing your machine as a zombie bot to attack others.

What do we do?

If you have an older Linksys device, compare it to the following list, which also contains one Cisco unit. If the model doesn’t show on the front or back, it will be identified with a label on the bottom.

Don’t confuse routers with modems. The modem will be fed by a cable coming in from the outside. Next in line, the router will be attached to the modem. Wi-fi modems will have one, two, or three antennae. Linksys gadgets will be either near-black or more traditionally, a vivid ‘IBM blue and grey’.

Is my obsolete model useless?

• In theory if you can disable your machine's remote admin, you could continue using it.
• You could probably convert it into a wired ‘switch’, but if your internal network is that extensive, you’ll likely want newer, faster, safer equipment.
• Otherwise, donate it to your local recycler.

The Dirty Dozen

Here’re the dangerously obsolete models. Stay safe.

Compromised Routers

Linksys E1000	Linksys E2500	Cisco M10
Linksys E1200	Linksys E3000	Linksys WRT310N
Linksys E1500	Linksys E3200	Linksys WRT320N
Linksys E1550	Linksys E4200	Linksys WRT610N

5Socks

Scattered Castles

There's been a lot of smoke and mirrors lately about the Chinese hacking into computer networks all over the place, and of course it isn't just the Chinese. Cyberattacks have become a lot more common. Anybody remember STUXNET, the virus that targeted the Iranian nuke R&D? Nobody's copped to it, but we can imagine it was probably a joint effort by the U.S. and the Israelis.
My own website was hacked by some Russian trolls. I don't know what the object was. Bank fraud, or Meet Hot Slavs?  It wouldn't be to use any of the actual information from my site, but to compromise the server pathways. FatCow, the server, hosts a buttload of websites, and once in the back door, you could cherry-pick all the caramels, and leave the liquid centers behind.

The point of the Chinese hacks is that they're not amateur or random, by and large, but directed by the Ministry of Defense, against specific hard targets. The big one, most recently (or at least most recently discovered), is the security breach of the Office of Personnel Management. I know this doesn't sound all that glamorous or hot-ticket - OPM is basically the U.S. government's Human Resources department, the central clearinghouse - but in fact it's a big deal. Best guess to date is that 18 million files have been penetrated, and that's a lowball figure. 

Here's what makes it important. OPM is responsible for security clearances, access to classified material. Back in the day, this was the FBI's job, but it's presently estimated that 5 million people, including both government employees and contractors, hold clearances, and the FBI's current staffing is 35,000. You do the math. The numbers are overwhelming. OPM, in turn, farms this out to FIS, the Federal Investigative Services, and the private sector.

But wait, there's more. The intelligence agencies, CIA, NSA, the National Reconnaissance Office (the spy satellite guys), have their own firewalled system, know as Scattered Castles. For whatever reason, budgetary constraints, too much backlog, or pressure from the Director of National Intelligence, the spook shops were instructed to merge their data with OPM's. So was the Defense Department. A certain amount of foot-dragging ensued, not just territory, either, but concerns about OPM's safeguards. In the end, they caved. Not to oversimplify, because the databases are in theory separate, but it created an information chain.

Suppose, and it's a big suppose, that Scattered Castles is accessible through the OPM gatekeeper. Nobody in the intelligence community, or OPM, or the FBI (which is the lead investigator of the OPM break), will go on the record one way or the other. Understandably, because they'd be giving whoever hacked OPM a further opportunity to exploit, if they haven't already. This is a case of locking the barn door after the horse is gone. The worst-case scenario is that active-duty covert agents could be exposed. And bear in mind, that when you're investigated for a security clearance, you give up a lot of sensitive personal data - divorce, bankruptcy, past drug use, your sexual preference - the list goes on. Which opens you up to blackmail, or pressure on your family. This is an enormous can of worms, the consequences yet to be addressed.

OPM uses a Web-based platform called eQip to submit background information. You might in all seriousness ask whether it's any more secure than Facebook. The issue here, long-run, isn't simply the hack, but the collective reactive posture. These guys are playing defense, not offense. The way to address this is to uncover your weaknesses before the other guy does, and identify the threat, not wait for it to happen. Take the fight to them. Otherwise we're sitting ducks.  

It's amazing to me that these people left us open to this, quite honestly. They don't go to the movies, their kids don't play video games, they're totally out to lunch? It ain't science fiction. It's the real world. Cyber warfare is in the here and now.

Heads are gonna roll, no question. OPM's director is for the high jump, and her senior management is probably going to walk the plank, too. This doesn't fix it. What needs fixing is the mindset. We're looking at inertia, plain and simple, a body at rest. We need to own some momentum. 

http://www.DavidEdgerleyGates.com/