14 DAY TRIAL // Last week hackers flocked to Las Vegas to attend the biggest annual hacking conference in the world, DEFCON, and at least one of them claims that he detected a large scale CMDA and 4G surveillance operation that targeted attendees indiscriminately.
The claim was made in a post to the Full Disclosure mailing list yesterday by a user who calls himself coderman. "I have waited over six DEFCONs to meet an adversary of this skill. I was not disappointed," the hacker writes.
According to coderman, this was a man-in-the-middle attack in which the attackers tried to exploit Android devices and computers through zero-day vulnerabilities.
The hacker claims that when these exploits failed, the adversary employed social engineering techniques like inserting rogue dialogs and requests into the traffic.
Coderman lists some of the attack's characteristics, but these are rather generic and range from fake upgrades for Android and Java, to 3G/4G signal anomalies (full signal, but no bandwidth), sudden and significant drops in Android battery charge, unusually fast 4G uploads coupled with slow download speeds, rogue SSHD services , Android crashes and others.
"If you met the beast, it seemed to have a nearly perfect success rate; your odds not good. In fact you probably didn't even notice as it pilfered bytes off your devices and monitored your conversations," the hacker wrote.
He also encouraged people to share their experiences and submit the rogue binary files they find on their systems. Coderman claims to have captured the zero-days used by the attackers.
In follow-ups to people asking for more information, coderman said that he tested 802.16/ClearWire/Sprint4G technologies, but did not have an LTE. He also posted a log of an allegedly hijacked WiMax/4G session.
He claims that the system doing the interception and exploitation operated from Saturday to Monday at 8AM. At this moment coderman's story is the only evidence of this operation, although ExtremeTech does claim to have received confirmation from a second unnamed source.