Russian hacking group Digital Revolution has discovered the existence of a secret FSB program dubbed the “Fronton Program” that reportedly points to the creation of an IoT botnet. Reported by SC Media, the hackers breached subcontractor ODT (Oday) LLC. ODT was working with frequent Russian Ministry of Internal Affairs contractor InformInvestGroup CJSC.
The project behind the reported botnet was reportedly contracted by FSB’s unit 64829, or FSB Information Security Center.
Now, the breach itself occurred back in April of 2019. The botnet techniques applied specifically to FSB marshaling devices, at least in this instance. Reports indicate that means it was linked up with internet security cameras and digital recorders linked to the FSB. But the program more directly centered around bypassing default login credentials or easy-to-crack user names and passwords for the creation of a botnet.
This is the first confirmed case of a state-sponsored IoT botnet
According to vice president of research at Armis Ben Seri, the discovery of the FSB IoT botnet represents a first in the world of cybersecurity. Namely, Mr. Seri says that this is the first instance that such an attack “by nation-state actors” has been effectively confirmed.
But attacks on IoT devices, in particular, are not uncommon at all. In fact, the wide range of potential IoT problems has been known since at least 2018. Mr. Seri goes on to point out that this confirmation is just the beginning. To begin with, it showcases how other actors can and do carry out these attacks. Especially in terms of government-sponsored entities. It also highlights how those entities can create “distance” between their “core operation,” effectively hiding in plain sight.
The IoT, by the very nature of its need to interconnect with a wide array of other gadgets and the rapid clip of expansion, is extremely vulnerable. Mr. Seri is cited as indicating that it represents the easiest route into a business. But, with the rise of smart speakers and other smart home innovations, it also represents an easy in for use against individuals.
What threat do botnets present?
Botnets represent an interesting intersection of risk types as well. In the case of the Front Program, reports indicate the primary goal was to instantiate DDoS attacks. That hinged on the fact that the IoT devices utilized offered up large communication channels for video and other recording devices.
The purpose of a distributed denial-of-service attack is to fundamentally disrupt access and connectivity for targets. Modern militaries and other government agencies rely heavily on technology. So a state-sponsored IoT-driven DDoS tool would be a highly-effective tool for cyber warfare.
More importantly, botnets are not limited in scope to DDoS attacks at all. They can also be utilized to steal data, send spam or false information, and more.
As noted above, the botnet being tested in the FSB’s project accessed cameras and recording devices. A fully-fleshed botnet would also enable direct access for an attacker to connected devices and connections. That potentially means the botnet could present a risk of more real-time spying and remote feed viewing as well.