I think it's also safe to assume that activating the hardware implants
would be done only for extraordinarily high value targets as widespread
use would almost guarantee that someone would eventually notice, capture
and study the traffic no matter how well it was hidden and thus blow up
an incredibly expensive multi-year scheme.
I wonder given how widely the hardware was seeded if these things are
silent by default and only checkin to the C&C server when activated by
some secondary means like a weird broadcast packet or quickie port knock
or even some other super stealthy recon trigger
John Hearns via Beowulf wrote on 10/4/18 12:53 PM:
How does the data get "back to base" ?
I would encrypt it within an NTP or a DNS request - but that assumes
outgoing NTP/DNS is not firewalled off.
I guess just encrypted in an HTTP(s) payload makes sense - servers
make requests to all sorts of software repositories etc.
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
