ISP Network Injection

[victorab 12]

Hi,

You may know that Hacking Team used a very powerful malware to bypass encryption, they say "encryption also prevents law enforcement and intelligence agencies from being able to monitor and prevent crimes and threats to the country security.

Remote Control System (RCS) is a solution designed to evade encryption by means of an agent directly installed on the device to monitor. Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable.".

 

Thanks to the leak, we know that a function of this malware is the "ISP Netwok Injection", it mean that the malicious code is directly added in the traffic of the target.

 

To prevent injection, we can look at what we download, check USB keys and use anti-exploit solutions but what can we do for this kind of Injection?

 

Thanx

[zhang888 1066]

You can use a trusted VPN provider like Air

Shortly, ISP level injection is practiced in countries with poor human rights, where the governments have total control over telecoms and ISPs.

So they actually buy this HT junk and inject it to HTTP traffic in order to infect their own citizens.

 

This entire "encryption bypass" is a marketing trick that you should not fall into. All it means is when you attack your target with a 0day exploit

delivered when the target was using HTTP, and you have successfully infected it, you don't have to break any encryption anymore.

By not giving them the privilege to deliver the exploit in the first place (again, by using a trusted VPN), this will be much harder to accomplish

and will require them to have a TAO team to target you individually, for example using a phishing attack.

 

So the good guys from Perugia protect you from the bad guys in Milano.