The alleged documents leaked by hackers detail the Fronton project citing Mirai malware and the FSB’s plan to hack IoT devices.
Globally, intelligence organizations are notorious for overstepping their constitutional boundaries breaching the privacy of citizens in the process. While the NSA seems to be the pallbearer of such activities, Russia’s FSB is no different.
This has been recently proven so by a Russian group named Digital Revolution that alleges to have hacked an FSB contractor – the Kvant Research Institute – learning about a program called Fronton in which the prime target is hacking the Internet of Things (IoT) devices on a global level.
A tweet from the group posted on March 18th:
Tweet translated: Why is our own government spying on us through the IoT? In fact, spies on the whole world. How do they do it?
A look at the official website of hackers, the text translated from the Russian language claims that.
We can prove that Kremlin henchmen crack our computers and spy on us Why is our own government spying on us through the IoT? In fact, spies on the whole world. How do they do it?
The group has also shared a MEGA download link apparently containing all leaked documents. Here’s a preview of the site’s homepage:
Detailing its findings on 18 March 2020 through documents, images, and pieces of code that are from 2017/2018, HackRead.com has learned that the project is aimed at building a botnet to infiltrate the IoT devices.
Known to have been ordered by a unit numbered 64829 translating to the FSB Information Security Center; it frequently cites the Mirai malware as a source that was used for similar purposes back in 2016.
If the FSB succeeded in its goals, this would also allow them to conduct a range of attacks including those on individual devices through brute-forcing, especially those with weak, commonly used and default credentials.
Furthermore, according to the specifications obtained, Fronton is supposed to attack security cameras on the internet along with network video recorders which make it ideally positioned to launch highly effective DDoS attacks.
These DDoS attacks then could be used to attack rival countries such as those in Europe and even result in the entire internet being inaccessible for many hours in smaller countries, not just social networking sites and some servers.
As for how the botnet once established will be managed, they plan to do so through the normal use of a command & control (C2) center whose location would be well guarded with the help of a VPN and proxy servers as shown in the image above.
A look at the frontend below shows us 10/221 records of devices “found” with all of them being Linux based machines. This represents an even greater threat considering that the vast majority of IoT devices run on Linux hinting at the capabilities of the program.
To conclude, this is not the first time that the Digital Revolution has come up with such a breach. It has also done so earlier on two occasions as covered by HackRead.com where they targeted two companies named Quantum and SyTech through which the details of over 7 FSB projects were leaked.
Microsoft also reported seeing one Russian state-sponsored group hacking IoT devices back in August 2019 which indicates a growing trend and for good reason. IoT devices are much more vulnerable than other devices and hence, it is imperative that we take suitable precautions such as strong encryption and authentication measures along with using devices from reputable manufacturers that take consumer security seriously.