Russia’s Internet knockout punch Hackers leak internal documents showing the FSB’s quest for a cyber-weapon that can take whole nations offline
The hacker group “Digital Revolution” has released documents describing a procurement order from a division of Russia’s Federal Security Service (FSB) for the development of “Fronton” software that would enable cyberattacks using infected Internet-of-Things (IoT) devices. The BBC’s Russian-language service was the first media outlet to report this story.
The hacker group's members remain unknown. On its website, the group calls itself “the face of the digital revolution” and says “the struggle for our rights and opportunity to live normally is neither extremism nor vandalism.”
Between 2018 and 2019, Digital Revolution published documents hacked from two alleged FSB contractors, revealing that the company “Saitek” developed programs to deanonymize Tor users and snoop on email traffic and the “Kvant” research institute worked on a system to monitor social networks.
The hackers uploaded an archive of 12 technical documents, diagrams, and code fragments created in 2017 and 2018. Based on the leak, the procurement order for the cyber-weapon was placed by military unit number 64829 (better known as the FSB’s Information Security Center). The companies “0day” Ltd. and “InformInvestGroup” CJSC may also have been involved in this project. Spokespeople for both organizations have declined to comment on the leak.
In total, according to the hackers’ data, there are three versions of the software: Fronton, Fronton-3D, and Fronton-18. The programs can infect any smart device (from digital assistants to “smart” homes), connecting them into a network and then attacking the servers responsible for the stability of online services and the Internet itself in entire countries.
Based on the documents, FSB contractors recommended creating botnets 95-percent comprising IP cameras and digital video recorders (cameras that receive control data and send image data via the Internet). “If they transmit video,” the leaked materials state, “they have a big enough communication channel to perform DDoS attacks effectively.” The project suggests hacking these devices by using a dictionary of typical passwords used for IoT devices.
According to the leaked documents, an attack using a few hundred thousand smart devices would be able to knock out social networks and file-hosting services for several hours. “An attack on national DNS servers could render the Internet inaccessible for several hours in a small country,” the materials state.
Russia’s interest in these cyber-weapons followed an incident in the United States in October 2016, when infected IoT devices targeted roughly 70 major Internet services. The attack limited access to Twitter, Netflix, Spotify, PayPal, and Amazon for several hours. The DDoS attack used a Mirai botnet (which primarily targets online consumer devices such as IP cameras and home routers), which is mentioned repeatedly in the FSB contractors’ leaked documents.
Translation by Kevin Rothrock