The Good
A 40-year old man, by the name of Andrew Rakhshan, has been given the maximum sentence possible as a result of his involvement in DDoS attacks against Leagle.com. The legal news aggregation site has posted publicly available data regarding Rakhshan’s past criminal convictions in Canada. The actual events in question occurred in January 2015, at which point Rakhshan coordinated multiple DDoS attacks against the site, which was hosted by a provider in the Dallas/Ft. Worth area.
Rakhshan (born Kamyar Jahanrakhshan) received a sentence of 5 years in prison and was ordered to pay over $520,000 in fees and restitution costs. This was not the first run through of the case, however. The original trial took place in March 2018. A new trial was granted based on the defense attorneys’ claim that their defense (at the time) was ineffective. A conspiracy charge was added in the subsequent trial, adding to the previous findings of the original case.
Any time the law can be used as an effective tool against cyber crime is a celebratory occasion. This is not always easy and cases often lag for years, or are tried ineffectively due to a lack of technical prowess across all involved parties. That being said, cheers to all involved in this case, and let it serve as a lesson. Even “simple” DDoS attacks can result in steep penalties.
The Bad
This week, Israeli security consulting company, JSOF disclosed 19 unique vulnerabilities within a commonly-shared TCP/IP software library developed by Treck. The library, developed in the late 1990s, is a lightweight TCP/IP stack estimated to be used in “hundreds of millions” of network devices. Affected vendors range from individual developers to well-established Fortune 100 enterprises (e.g., Intel, Schneider Electric, and HP) and vulnerable devices include almost everything from home ‘smart’ devices to power grid infrastructure, transportation systems, healthcare systems and even devices used in commercial aircraft.
Four of the vulnerabilities are considered critical. JSOF said they plan to release updated information along with exploitation details at Black Hat USA 2020. Here’s a quick summary on each CVE:
- CVE-2020-11896 (Critical RCE): IPv4 tunneling flaw in Treck TCP/IP Stack
- CVE-2020-11897 (Critical OOB Write): OOB Write via malformed IPv6 packets in Treck TCP/IP stack
- CVE-2020-11901 (Critical RCE): Remote code execution via invalid DNS response in Treck TCP/IP stack
- CVE-2020-11898 (Critical ID): Information Disclosure through improper handling of IPv4 or ICMPv4 Length Parameter Inconsistency
- CVE-2020-11900 (UAF): Double Free / Use-After-Free via IPv4 tunneling in Treck TCP/IP stack
- CVE-2020-11902 (OOB Read): Out-of-Bounds read via IPv6OverIPv4 tunneling in Treck TCP/IP stack
- CVE-2020-11904 (OB Write): Integer Overflow due to improper memory allocation in Treck TCP/IP stack
- CVE-2020-11899 (OOB Read): Out-of-Bounds read via IPv6 malformed transmission in Treck TCP/IP stack
- CVE-2020-11903 (ID): Out-of-Bounds read via DHCP control request in Treck TCP/IP stack
- CVE-2020-11905 (ID): Out-of-Bounds read via DHCP over IPv6 in Treck TCP/IP stack
- CVE-2020-11906 (IU): Integer Underflow via Ethernet Link Layer in Treck TCP/IP stack
- CVE-2020-11907 (IU): Integer Underflow via Length Parameter Inconsistency in Treck TCP/IP stack
- CVE-2020-11909 (IU): Integer Underflow via malformed IPv4 data in Treck TCP/IP stack
- CVE-2020-11910 (OOB Read): Out-of-Bounds read via malformed IPv4 transmission data in Treck TCP/IP stack
- CVE-2020-11911 (MC): Improper ICMPv4 Access Control behavior in Treck TCP/IP stack
- CVE-2020-11912 (OOB Read): Out-of-Bounds Read in Treck TCP/IP stack
- CVE-2020-11913 (OOB Read): Out-of-Bounds read via IPv6 in Treck TCP/IP stack
- CVE-2020-11914 (OOB Read): Out-of-Bounds read via malformed ARP data in Treck TCP/IP stack
- CVE-2020-11908 (ID): Information disclosure via improper handling of ‘