[Cryptography] Threatwatch: CIN - Corruptor-Injector Network

[ianG]

There's a long post by "cryptostorm_team" that describes a capture of 
the activity of a CIN or Corruptor-Injector Network.

https://cryptostorm.org/viewtopic.php?f=67&t=8713

The short story appears to be malware injected into the router which 
then proceeds to present a false view of many things, including google 
sites and chrome downloads.

That last part again - the CIN appears to be capable of injecting a 
special download of Chrome which then participates in the false 
presentation to user.  Given the complexity of modern software I'd say 
this to be an impossible task except for a very well funded, long term 
adversary.

The implied conclusion is nothing good - if this attack is scalable and 
scaled, the secure web system (HTTPS+CAs, etc) is no longer capable of 
defending. The implied limitations:  the attack works through a pwned 
router (no hope there), and it may rely on downloading a new pwned 
brower (slight hope!?).

It's pretty clear I don't follow the ins & outs, and could be well off 
base.  But worse than that, the team that wrote the blog post don't have 
the confidence to say what's really happening.  The story is full of "we 
don't know what's happening here, but..."

If true -- if this isn't some monumental failure to follow some new 
google gyratory security system -- then we have the spectre of a very 
bad situation:  A team that claims to spend their full endeavours on 
this security stuff is also not able to be certain of what's going on. 
Even if they're a mediocre bunch of undergrad dropouts with the hubris 
of gamers, even if you know better, or Kaspersky's got it in the bag, 
they're still likely more informed than 99% of the corps and 99.99% of 
the users.

What hope the rest?



iang