Russian nesting dolls
Image: Alina Grubnyak on Unsplash

Dutch intelligence apprehended four Russian hackers, associated with the Russian secret service unit GRU, in the process of trying to hack into the OPCW, the international organisation keeping an eye on the use of chemical weapons. Apart from being a job well done, the Dutch operation also gives us some insight into the way the Russian cyber operatives go about their business.

Pictures provided by the Dutch Ministry of Defence show that the GRU operatives rented a car and hid all kinds of computer and network equipment in the trunk. Then they quietly parked the car next to the OPCW building, putting them in a good spot to intercept the organisation’s WiFi communications and allowing them to try to hack into the network.

Their equipment included a computer with an extra battery to power everything, connected to a cellphone, an extra powerful WiFi antenna hidden under a coat as well as a WiFi pineapple. This device, that you can buy online for about $100 dollars (though I’m unsure whether GRU would allow for the budget to get the optional morale patch)  is essentially a WiFi access point that is specifically equipped to listen in on WiFi traffic in the area.

If there’s a lesson to be learned: if you see four guys in a Citroën C3 parked around the corner, double-check to make sure you’re still connected to the right access point!

 

Some days ago, the Department of Homeland Security officially confirmed that it has found unauthorised IMSI catchers active in the nation’s capital, Washington DC. I imagine that is causing them some concern…

An IMSI catcher is, in essence, a fake mobile network cell tower. Cellphones and other mobile devices, by design, try to connect to the base station with the strongest signal in their vicinity. Normally, this would be one of the nearby cell towers run by a mobile provider, but it might as well be an illegal device in the area, that’s sending out a stronger signal. Once a device is connected to the fake base station, the base station can use the cellphone’s  International Mobile Subscriber Identity code (hence the name IMSI catcher) to track the device, or even perform a man-in-the-middle attack to listen in on conversations or text messages.

So, who’s been setting up these IMSI catchers? First of all, police and intelligence services have definitely been happy to use them tracking suspects. However, these organisations would follow a procedure. Who else have been running IMSI catchers and have they been listening in on the nation’s politicians and law makers? That’s a big question.

By the way: WiFi is susceptible to a similar attack. A small, portable device like the Pineapple can be set up as a WiFi access point, using the same SSID as the name of the network you would normally connect to. Again, your device will seek out the strongest signal and if that happens to be the rogue access point, your traffic can be intercepted.