Leaked emails between Italian spyware vendor Hacking Team and Boeing subsidiary Insitu revealed that drones carrying malware to infect targeted computers via Wi-Fi by flying over their proximity is close to becoming a reality.
Spyware-carrying drones were being discussed by Insitu, a division of Boeing and now-disgraced malware firm Hacking Team, according to leaked emails from the recent breach of the Italian company which have been posted on WikiLeaks, Engadget reported.
It was only the failure to come to terms over a non-disclosure agreement that kept Insitu and Hacking Team ‘teaming up’ together in order to create the malware infesting drone.
Early conversations took place regarding the inception and the possibility of a spy drone created by Boeing’s aircraft expertise, carrying malware that Hacking Team is notorious for. The concept was designing a drone capable of intercepting communications and hacking on-the-fly, via Wi-Fi. Discussions didn’t get far, however, when lawyers representing both companies couldn’t see eye-to-eye on a viable non-disclosure agreement.
The Talks Behind the Flying, Hacking Drone
Initial discussions kicked off when Giuseppe Venneri, a mechanical engineering graduate from UC and internee at Insitu took notice of Hacking Team’s “Galileo”, a piece of hardware otherwise known as the Tactical Network Injector. This is essentially designed to infiltrate networks and insert the malicious code via Wi-Fi networks to launch man-in-the-middle attacks and other exploits.
Venneri wrote to Emad Shehata, Hacking Team’s key account manager, stating:
We see potential in integrating your Wi-Fi hacking capability into an airborne system and would be interested in starting a conversation with one of your engineers to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System.
Shehata replied by sending in the standard Hacking Team NDA, to which Venneri responded with Boeing’s own PIA (Proprietary Information Agreement) which the intern noted “must be signed before we engage with potential partners.”
“Signing our PIA (attached) will dramatically shorten the authorization process at our end,” Venneri added. “Let me know if you are willing to sign our document to engage in conversations with us.”
It was at this point when Hacking Team’s Chief Operating Office Giancarlo Russo stepped into the conversation, taking the authority and stating: “I saw your document and it will require additional legal verification from our side regarding the applicability of ITAR and other U.S. Law,” he said. “In my opinion, for a preliminary discussion our non-disclosure agreement should be sufficient to protect both companies and as you will see it is including mutual provision for both parties and it will make things easier and faster for us.”
Venneri’s response was short and succinct: “If you are unable to review/sign our form, know it will take some time on our side to seek approval from our Boeing parent. Are you willing to consider our form?”
Communications went quiet for about a month after this exchange and Venneri sent in another email on 11 May 2015: “We corresponded with you about a month ago and were unsure about the progress going forward with preliminary discussions regarding any future collaborations. If you could please reconsider our mutual PIA, know that the questionnaire at the beginning of the document is just for gathering information and has no impact on the PIA itself. We have lots of Non-US companies under our PIA. If you or your legal team have any requested changes to our PIA please don’t hesitate to add them in the attached document.”
This was the last known correspondence taken from the leaks which came from the data breach two months later in July 2015. All NDAs are have been rendered obsolete and ineffective due to the Hacking Team hack.
Images from Wikimedia Commons and Shutterstock.
Critical infrastructure at risk from remotely exploitable NTP flaws
Remotely exploitable Network Time Protocol (NTP) vulnerabilities are leaving critical infrastructure firms open to attack, according to the Industrial Control Systems Computer Emergency Response Team (ICS-CERT).
ICS-CERT issued an advisory on the flaws, confirming it is working with over 20 vendors, including Google, to create fixes.
“As NTP is widely used within operational industrial control systems deployments, ICS-CERT is providing this information for US critical infrastructure asset owners and operators for awareness and to identify mitigations for affected devices,” read the advisory.
“These vulnerabilities could be exploited remotely.”
The multitude of flaws exist in all NTP Version 4 releases prior to Version 4.2.8p1 and are the result of “insufficient entropy”, the use of a cryptographically weak pseudorandom number generator (PRNG), a section of code without a return command and weak stack buffer, according to the ICS.
The emergency response team said it is yet to see any evidence any of the flaws are being exploited, but warned:
“An attacker with a low skill and an exploit script would be able to exploit these vulnerabilities. However, a higher-level of skill would be necessary to craft usable exploit scripts.”
It added that assessing the full scale of the flaws’ impact is difficult as it will depend on the individual company’s wider system.
“Impact to individual organisations depends on many factors that are unique to each organisation,” read the advisory.
“ICS-CERT recommends that organisations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.”
ICS-CERT recommends firms update to new unaffected NTP versions and take a variety of other protective measures.
“Minimise network exposure for all control system devices and/or systems, and ensure that they are not accessible from the internet,” read the advisory.
“Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
“[Finally] when remote access is required, use secure methods, such as virtual private networks (VPNs).”
The ICS-CERT advisory follows widespread warnings that firms involved in critical infrastructure are dangerously vulnerable to cyber attacks.
US president Barack Obama pledged to bolster the nation’s cyber security and intelligence-gathering powers in a bid to protect critical infrastructure and industry from terrorists during his State of the Union speech in January.