ISPs and National Media Blame Internet Users for 'Weak Passwords' (Only LAN Users Have Access) While National Spy Agencies Mandate Back Doors and Microsoft Windows Causes Most of the Distributed Denial of Service Attacks, Data Breaches, Ransomware Etc.
THE corporate and national media do a "trick or treat" (or bait-and-switch) on us, offering us so-called 'advice' on 'security' [1, 2] when it fact it's a mindless blame game that distracts from states colluding with the likes of Microsoft to back-door everything. Microsoft and the NSA actively collaborate to ensure the NSA knows how to penetrate not only Windows but also all the "clown computing" junk. This isn't about your security, it is about control, and not control by you but over you.
You are nobody to these people and corporations. Heck, they even keep their communication protocols secret from you, unless you bring many patents to the table and sign and NDA (with plenty of oppressive conditions other than the secrecy).
As per the links above, we spoke to Sompi recently over in IRC (the logs contain the full, raw thing). He's from Finland and he made some inquiries to figure out how bad the situation had become.
Hours ago he said: "Most of those router boxes that the ISPs here give their customers for "free" are boot locked to their factory firmware. And also those routers that cost actual money to the customer but the ISP sells them as a "referred choice" [...] So those devices are unsecure by design and SuPo is quiet about them..."
He made some calls to find out more. SuPo (the Finnish spy agency) won't say much, but companies might drop clues, even accidentally.
"A Finnish company Telewell makes routers that at least claim to be free from any backdoors," he said, "but their firmware is closed source so they cannot prove it. The devices are boot locked to their own firmware, but with a little soldering they can be forced to boot OpenWRT, but currently their 5G implementation does not work with OpenWRT. The routers are manufactured in Taiwan and the firmware is written in Germany and in Finland. I called Telewell and asked. Older Telewell devices could run OpenWRT out-of-the box, they were not boot locked. But Telewell added boot restrictions to those new devices because some people failed with the firmware change and the device stopped working and then they were sent to warranty..."
Then there's the issue with the underlying protocols. Including Wi-Fi (similar problem with patents, consortia, secrecy, and oppressive NDAs, where back doors are to be hush-hush rather than tackled), not just xG and transport layer stuff.
As Sompi put it: "The 5G implementation in those Telewell routers is 100% closed and even Telewell itself does not know what data it sends to the mobile cell tower. Telewell only knows the API that is used for interfacing with the 5G chip."
"So basically the 5G chip can spy everything that is not encrypted. And here the landline network was demolished because "we don't need it anymore, 5G is the future!!!1" and every 5G implementation is closed source, and the 5G specification is so complex that it is impossible to create a new implementation from scratch. So now we are stuck with these closed implementations of closed network protocols. AFAIK, the 5G specification does not even specify the format of the network packets. It mostly only specifies various use cases, which is normally not the meaning of a specification."
Well, for phonecalls we are now forced to use TCP/IP (they changed everything to fibre this past February); it's not really a phone per se but a device that uses the Net. They charge for its use like it's an old phone, but it's not. That costs the ISP mere pennies. The profit margins are outrageous.
"Of course the landlines were not secure in their own right, without an actual encryption protocol used as a payload," Sompi said, "but the protocols were at least 100% open for everyone to implement them themselves. I'm not 100% sure of that, but it seems that no-one actually knows how the 5G works, except the engineers that work for those megacorporations which have made their own 5G implementations. I tried to find information about the packet structures of the 5G specification but couldn't find any information about it. The specification seems to be mostly devoid of any actual low-level information about how the 5G technology itself is made to work. So you cannot make your own 5G implementation and use it to connect to other devices."
It's all about patents and NDAs. And NSA, too (or NATO partners like SuPo and GCHQ).
One person told us about "Windows boxes," as "they are the entirety of the botnet problem" rather than people not using a strong password on their router (SuPO barks up the wrong tree, blaming the victims). Such passwords are a weakness only within the remits of the LAN, e.g. family members who might 'break in' (or just physically grab your laptop and use saved passwords in an open/live browser session).
"Yle whines about DDoS in the reports but never ever mentions the Windows botnets which lie behind the attacks," the person retorted.
Curiously enough many of these firms leverage Linux and/or Free software to spread back doors-infested products (inside almost every household) and they do not even bother obeying the software licences. As one person told us: "Scans of the Technicolor branded routers here suggest very strongly OpenWRT though all the details are obfuscated..."
Technicolor became a massive patent troll, just like the Finnish former-giant Nokia, which was left worthless after Microsoft had destroyed it. So combine software patent litigation (even in courts that are illegal and constitutional like the UPC), GPL violations, and wide-open back doors. You're starting to get a not-so-rosy picture of what companies get away with in the darkness. "Modern" computing and networking seem like a bugfest, often by intention and by design. "keep out, peasants, our back doors are good for you!"
Sompi added this older article about Telia. "Basically," he said, "changing the WiFi password of the routers was made using a web service that was hosted remotely by Telia. That web service ran a PHP script that utilized an ISP backdoor in the customer's router and changed its WiFi password via an SSH connection. The researchers set up a normal SSH server using that backdoor port and the PHP script in Elisa's server tried to log in to it, and the researchers got the universal router credentials of all Telia routers of that model. Then they sent a report of everything to Telia and Telia threatened the researchers for doing something illegal. And it is possible that those security flaws are still unfixed. The Finnish state-owned phone company Sonera was also bought by Telia (or actually it was given for free by certain corrupted politicians). Telia also got the Finnish landline network in that process and immediately started demolishing it."
Telia is a Swedish company and Sweden is quite notoriously a spying 'outpost' of the US, without any loyalty to Russia (not in its vicinity), even before the invasion of Ukraine. █