simply put, who has the power to force both Hetzner and Linode to setup a proxy redirection attack on their networks? This kind of attack requires high level privileges on those two networks and I'm guessing only a government can enforce this.
Unless both Hetzner and Linode are run by hackers? probably not. Or maybe both Hetzner and Linode have been infiltrated by Russian spies? again probably not. I think the only entity that has to benefit from listening on a Russian jabber/xmpp chat room, is probably Germany, who also has the ability to enforce this kind of attack. When it talks like a duck and it walks like a duck... quack quack... What is important I think, is that this is not a vulnerability in TLS encryption and its libraries, and not who initiated the attack. On Mon, 23 Oct 2023 00:26:22 +0000 Matt Palmer via mailop <[email protected]> wrote: > On Sun, Oct 22, 2023 at 12:48:26PM +0300, Mary via mailop wrote: > > from what I understand, this is a government issued wiretapping against > > that specific services/servers (hosted by Hetzner and Linode in Germany?) > > and not a general TLS exploit. > > On what evidence do you base that understanding? The cited article says "we > believe this is lawful interception" and "we tend to assume this is lawful > interception", but I can't see anything supporting evidence of this in the > article, either. > > Government-mandated wiretapping is certainly plausible, but it's only one > amongst several possible explanations. Given the association of the > operating domains with a country currently at war with its neighbour, it's > not implausible to imagine some "hacktivists" getting down-and-dirty for the > lulz. > > The relative "noisiness" of the attack, in fact, is a fairly strong signal > that it *isn't* lawful intercept; western law enforcement agencies are > typically very hesitant to do anything that could "tip off" the target of > their investigation. Dropping a bunch of faked certs into CT logs is > *hella* noisy, and letting the certs expire without removing the traffic > interception is basically guaranteed to expose the operation. It'd be a lot > quieter to clone the systems (the Linode VMs would be trivial, at least) and > extract the private key material from them, and reuse the existing certs, > for example. > > - Matt > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
