[Cryptography] Threatwatch: CIN - Corruptor-Injector Network
ianG
iang at iang.org
Sun Aug 9 11:26:09 EDT 2015
There's a long post by "cryptostorm_team" that describes a capture of
the activity of a CIN or Corruptor-Injector Network.
https://cryptostorm.org/viewtopic.php?f=67&t=8713
The short story appears to be malware injected into the router which
then proceeds to present a false view of many things, including google
sites and chrome downloads.
That last part again - the CIN appears to be capable of injecting a
special download of Chrome which then participates in the false
presentation to user. Given the complexity of modern software I'd say
this to be an impossible task except for a very well funded, long term
adversary.
The implied conclusion is nothing good - if this attack is scalable and
scaled, the secure web system (HTTPS+CAs, etc) is no longer capable of
defending. The implied limitations: the attack works through a pwned
router (no hope there), and it may rely on downloading a new pwned
brower (slight hope!?).
It's pretty clear I don't follow the ins & outs, and could be well off
base. But worse than that, the team that wrote the blog post don't have
the confidence to say what's really happening. The story is full of "we
don't know what's happening here, but..."
If true -- if this isn't some monumental failure to follow some new
google gyratory security system -- then we have the spectre of a very
bad situation: A team that claims to spend their full endeavours on
this security stuff is also not able to be certain of what's going on.
Even if they're a mediocre bunch of undergrad dropouts with the hubris
of gamers, even if you know better, or Kaspersky's got it in the bag,
they're still likely more informed than 99% of the corps and 99.99% of
the users.
What hope the rest?
iang
More information about the cryptography
mailing list