• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

A Trickbot Assault Shows US Military Hackers’ Growing Reach

by technewshero
December 14, 2020
in Security
0
A Trickbot Assault Shows US Military Hackers’ Growing Reach
Share on FacebookShare on Twitter

For more than two years, General Paul Nakasone has promised that, under his leadership, United States Cyber Command would “defend forward,” finding adversaries and preemptively disrupting their operations. Now that offensive strategy has taken an unexpected form: an operation designed to disable or take down Trickbot, the world’s largest botnet, believed to be controlled by Russian cybercriminals. In doing so, Cyber Command set a new, very public, and potentially messy precedent for how US hackers will strike out against foreign actors—even those working as non-state criminals.

Over the past weeks, Cyber Command has carried out a campaign to disrupt the Trickbot gang’s million-plus collection of computers hijacked with malware. It hacked the botnet’s command-and-control servers to cut off infected machines from Trickbot’s owners, and even injected junk data into the collection of passwords and financial details that the hackers had stolen from victim machines, in an attempt to render the information useless. The operations were first reported by The Washington Post and Krebs on Security. By most measures, those tactics—as well as a subsequent effort to disrupt Trickbot by private companies including Microsoft, ESET, Symantec, and Lumen Technologies—have had little effect on Trickbot’s long-term operations. Security researchers say the botnet, which hackers have used to plant ransomware in countless victim networks, including hospitals and medical research facilities, has already recovered.

But even despite its limited results, Cyber Command’s Trickbot targeting shows the growing reach of US military hackers, say cyberpolicy observers and former officials. And it represents more than one “first,” says Jason Healey, a former Bush White House staffer and current cyberconflict researcher at Columbia University. Not only is this the first publicly confirmed case of Cyber Command attacking non-state cybercriminals—albeit ones whose resources have grown to the level that they represent a national security risk—it’s actually the first confirmed case in which Cyber Command has attacked another country’s hackers to disable them, period.

“It’s certainly precedent-setting,” says Healey. “It’s the first public, obvious operation to stop someone’s cyber capability before it could be used against us to cause even greater harm.”

“There’s lots of ways in which it makes great sense to put the Trickbot operators through their paces repeatedly.”

Bobby Chesney, University of Texas

Security researchers have observed strange happenings in Trickbot’s massive collection of hacked computers for weeks, actions that would only be recently revealed as the work of US Cyber Command. The botnet went largely offline on September 22 when, rather than connect back to command-and-control servers to receive new instructions, computers with Trickbot infections received new configuration files that told them to receive commands instead from an incorrect IP address that cut them off from the botmasters, according to security firm Intel 471. When the hackers recovered from that initial disruption, the same trick was used again just over a week later. Not long after, a group of private tech and security firms led by Microsoft attempted to cut off all connections to Trickbot’s US-based command-and-control servers, using court orders to ask Internet service providers to cease routing traffic to them.

But none of those actions have prevented Trickbot from adding new command-and-control servers, rebuilding its infrastructure within days or even hours of the takedown attempts. Researchers at Intel 471 used their own emulations of the Trickbot malware to track commands sent between the command-and-control servers and infected computers, and found that, after each attempt, traffic quickly returned.

“The short answer is, they’re completely back up and running,” says one researcher working in a group focused on the tech-industry takedown efforts, who asked not to be identified. “We knew this wasn’t going to solve the long-term problem. This was more about seeing what could be done via paths x-y-z and seeing the response.”

Even so, Cyber Command’s involvement in those operations represents a new kind of targeting for Fort Meade’s military hackers. In past operations, Cyber Command has knocked out ISIS communications platforms, wiped servers used by the Kremlin-linked disinformation-focused Internet Research Agency, and disrupted systems used by Iran’s Revolutionary Guard to track and target ships. (WIRED reported this week that under Nakasone, Cyber Command has carried out at least two other hacking campaigns since the fall of 2019 that have yet to be publicly revealed.) But in contrast to those asymmetric efforts to disable enemy communication and surveillance systems, Cyber Command’s Trickbot attack represents its first known “force-on-force” operation, notes Jason Healey—a cyberattack meant to disable the means for an enemy cyberattack.

Previous Post

Amazon Great Indian Festival 2020 Sale to Kick Off October 17, Prime Members to Get Early Access

Next Post

Twitter Security Fell Short Before Celebrity Hack, New York Regulator Says

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
Security

How Your Digital Trails Wind Up in the Police’s Hands

by technewshero
December 31, 2020
How to Understand the Russia Hack Fallout
Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
Next Post
Twitter to Finish Delayed Fleets Rollout by November 20, Product Lead Kayvon Beykpour Says

Twitter Security Fell Short Before Celebrity Hack, New York Regulator Says

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

TV’s biggest competitor? TCL’s CEO says smartphones

June 14, 2019

How to watch Arc de Triomphe 2019: live stream horse racing online from anywhere

October 6, 2019

Now streaming on Hotstar in India: Disney+ – TechNewHero

March 11, 2020

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?