Select your language

© Borgmann Aquaponik & Hydroponik
Alle Rechte Vorbehalten
https://borgmann-aquaponik-hydroponik.ch

Viel Erfolg wünschen wir Ihnen!

The Illusion of Security
– Why There Is No Absolutely Secure Internet Communication

This article highlights the fundamental security problems of digital communication. The background is the regularly expressed desire to handle the entire control of a facility, regardless of its size, via the Internet. A brief look at relevant sites (https://www.bleepingcomputer.com/) shows you practically everything is compromised - or colloquially speaking: hacked, minute by minute. From wind turbines to the outdated two-factor authentication (2FA) via SMS, which was already considered useless over 10 years ago (SS7).  And yet, to this day, due to lack of customer knowledge, this technique continues to be used. It is only reported on in specialist circles and relevant magazines. The technical effort that a bank, for example, must undertake to protect its customer data and account information from third-party access is enormous. It requires entire departments that daily battle the latest problems in this area. 

We rely daily on encryption and security software, but reality shows: Every layer of our digital communication is potentially compromisable and has practically already been compromised. When it comes to protecting your commercial facility from the curiosity or ill will of highly specialized "kids" who might just have wanted to "play", we recommend appropriate measures.

 

The OSI Model: A Journey Through the Insecure Layers

Application Layer (Layer 7)

Even supposedly secure messaging services can contain backdoors, vulnerabilities, or compromised endpoints. Encryption is of little use if the end devices are infected. Part of the malware already operates at the technical level that is no longer reachable by any virus scanner, for example in the BIOS of your keyboard, the manipulated firmware (CISCO)  More on this and examples later in this article.

Operating System Layer

Modern malware often operates below the operating system (rootkits, bootkits) or uses zero-day exploits to bypass security measures. Entry points for "malware" can range from manipulated drivers for graphics cards to manipulated USB sticks that were already compromised from the manufacturer - unintentionally, of course.

Hardware Layer

From compromised processors (Meltdown/Spectre) to prepped chips in network devices – the hardware itself cannot be considered trustworthy.

Physical Infrastructure

Submarine cables, routers, and internet nodes are physically vulnerable and are monitored by intelligence agencies, as revealed by the disclosures of Julian Assange and Edward Snowden.

The Uncomfortable Truth: Everything is Compromisable

The technical reality shows that it is practically impossible to exchange data absolutely securely over the Internet. Even the strongest encryption does not protect against:

  • Hardware backdoors in processors and network devices
  • Compromised operating systems and firmware
  • Surveillance of the physical infrastructure
  • Human error and social engineering
  • Government surveillance programs

What Can We Do?

Although absolute security is an illusion, we can minimize risk through defense-in-depth strategies:

  • Use of multiple security layers (encryption, VPN, antivirus)
  • Regular updates and security audits
  • Awareness of the limits of technology
  • Balancing convenience and security

 

Here are the most prominent and best-documented cases of recent years:

 

1. Equation Group and the "EquationLaser"/ "GrayFish" Toolset (Discovered 2015)

  • Who was affected? High-value targets worldwide, including governments, telecommunications providers, and financial institutions.
  • What was manipulated? Hard disk firmware (HDD/SSD).
  • Who was the originator? The Equation Group, considered one of the most technically proficient units of the NSA (National Security Agency).
  • How did it work? Kaspersky Lab discovered this malware family. The malware could embed itself deep within the firmware of hard drive manufacturers like Seagate, Western Digital, Samsung, and others.
  • Special characteristic: This is one of the few public cases where manipulation of hardware firmware was proven on a broad basis. The malware remained active after a reboot or even after formatting the hard drive, as it resided outside the accessible file system. It served as a persistent "implant" to then load additional spyware.
 

2. CIA Tools: "Brutal Kangaroo" and "CherryBlossom" (revealed by the "Vault 7" leaks in 2017)

  • Who was affected? Targets in governments and companies, especially in air-gapped networks.
  • What was manipulated? Cisco routers, but also other devices.
  • Who was the originator? The CIA (Central Intelligence Agency), as revealed by WikiLeaks' "Vault 7" publication.
  • How did it work?
    • CherryBlossom: This toolset was specialized in manipulating the firmware of WLAN routers (especially Cisco). An infected router could then monitor, manipulate the target's data traffic, and serve as a springboard for further attacks within the network.
    • Brutal Kangaroo: Focused on air-gapped networks. It used USB sticks to bring malware onto computers not connected to the internet. Here, too, manipulation of firmware played a role in hiding the malware.
  • Special characteristic: These revelations showed that intelligence agencies possess sophisticated tools to specifically compromise the firmware of network devices and thus achieve a deep and persistent presence in a network.
 

3. The "ShadowHammer" Case (ASUS Live Update, 2019)

  • Who was affected? Specifically selected ASUS users (approx. 600 out of over one million infected).
  • What was manipulated? The official ASUS software "Live Update", integrated into the motherboard of the computers and providing driver/BIOS updates.
  • Who was the originator? A highly advanced APT group (Advanced Persistent Threat), presumably state-sponsored.
  • How did it work? Hackers breached ASUS's build servers and placed a malicious version of the Live Update tool. This was then distributed via the legitimate update function to hundreds of thousands of computers. The malware checked the computer's MAC address and only activated itself on specific target machines to infect them.
  • Special characteristic: This is a prime example of a supply chain attack. The attack did not target the hardware directly but abused the trusted mechanism of the manufacturer's software, which is deeply rooted in the system (and thus operates close to the hardware).
 

Why is CISCO so often in focus?

 There are several reasons for this:

  1. Ubiquitous: Cisco devices are the backbone of many corporate and government networks worldwide.
  2. Strategic Position: Routers and switches control all data traffic in a network. Whoever controls these can monitor, block, or manipulate everything.
  3. High Privileges: These devices run with high system privileges and are often considered "trusted" components.
  4. Persistence: An infected router firmware persists even after a reboot and is invisible to conventional virus scanners.
 

Conclusion

The real threats in this area are less "viruses" in the classic sense that spread wildly, but highly specialized implants and tools from state actors (NSA, CIA, etc.) or very well-equipped APT groups.

Their core characteristics are:

  • Persistence: They embed themselves in firmware or boot processes to survive operating system reinstallations.
  • Camouflage: They are extremely difficult to detect because they do not reside in the file system.
  • Targeted Nature: They are used for targeted espionage and not for widespread destruction.

The cases that have become public are probably just the tip of the iceberg. They underscore how critical supply chain security and the verification of firmware updates have become.

The realization that absolute security on the internet does not exist should not lead us to resignation, but to a more conscious handling of our data. In an increasingly connected world, informed caution is the best protection.