Fronton: A Secret Russian Tool To Shut Down The Internet

Uploaded on 2020-03-24 in GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE-Hot Spots-Russia, TECHNOLOGY--Hackers

A Russian hacker group calling itself 'Digital Revolution' claims to have breached a contractor for the FSB, Russia's national intelligence service, discovering compromising details about a project intended for hacking Internet of Things (IoT) devices. They claim to have revealed that Russia has new tools to shut down internet services by tapping internet-connected cameras and other smart devices.

That doe not only mean mean that FSB spies can penetrate mobile phones, laptop or even Internet-connected doorbells also meand that the Russian government has a new tool for creating a destructive DDoS-capable botnet. 

The new botnet tool was revealed in documents that give instructions for using a suite of hacking apps called Fronton, Fonton-3D, and Fonton-18. These botnets harness the computing power of millions of internet-connected things, direct them to spew random data at specific computers, and overwhelm vital services into uselessness. 

With millions of Americans currently teleworking during the COVID-19 pandemic, the United States has never been more dependent on the internet.

The Internet of Things, or IoT, is a term-of-art for the vast array of electronic products that connect to the internet, from refrigerators to medical equipment to automobiles. IoT vulnerabilities have long worried national security experts who say adversaries could exploit them to shut down entire sectors of digital capabilities and infrastructure. The documents say “An attack on national DNS servers can make the Internet inaccessible for several hours in a small country.”

The group Digital Revolution claimed to have obtained technical documents that detail a suite of hacking tools, Fronton, Fonton-3D, and Fonton-18 which incude the instructions for tapping into smart devices, including security cameras.

 Created in 2017 and 2018 by Russia’s FSB Information Security Center, the documents explain how to use the tools to make large botnet attacks on critical national services. According to screenshots of the Fronton backend, the botnet was capable of targeting Linux-based smart devices, which account for the vast majority of IoT systems today. This would have allowed it to target more than just smart cameras and NVRs.

Any device that has an Internet connection and a processor can be exploited. In an ideal world, all devices should be forced to go through some sort of network configuration before being used, rather than being exploitable from a default position.

Corero:          Defense One:         ZDNet:       Meduza

You Might Also Read: 

Disconnected: Russia Tests Its Own Internet:

A New IoT Botnet Storm Is Coming:

 

 

 

 

« How Effective Is Your Threat Intelligence?
Take Action On Cyber Security Training »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI) is a premier federal law enforcement agency within the Department of Homeland Security (DHS).

Sepior

Sepior

Our vision is to make Sepior the leading provider of cloud-encryption software in the world.

achelos

achelos

achelos is an independent software development company providing innovative technical solutions for micro-processor chips / security chips and embedded systems in security-critical application fields.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

Capy

Capy

Capy's SaaS-based security solutions will protect your website from bots, spam, humans and more.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

CHEQ

CHEQ

CHEQ provides fully autonomous, preemptive technology for brand safety and ad-fraud prevention.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Commission Nationale de l'Informatique et des Libertés (CNIL)

Commission Nationale de l'Informatique et des Libertés (CNIL)

The mission of CNIL is to protect personal data, support innovation, and preserve individual liberties.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.

Dispel

Dispel

Dispel makes the fastest secure remote access for industrial networks. Built by operators for operators: a zero trust engine for your entire OT, IoT, and xIoT stack.

DataTrails

DataTrails

DataTrails enables organizations to prove and verify the provenance and authenticity of any data they use in their business operations.

Nicos AG

Nicos AG

Nicos AG specializes in secure, global data communication.

ITConnexion

ITConnexion

ITConnexion is an Australian-based Managed IT Service with over 20 years of experience. We offer a complete IT management service for non-profits, SMEs, and enterprises.