One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.
Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.
You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!
If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.
THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net
Hey gang,
Around the time of Dayton, the FBI asked everyone to reboot their routers. Why would they do that? Over the last two years more than 500,000 consumer and small business routers in 54 countries have become infected with a piece of malware called “VPNFilter.” This sophisticated malware is thought to be the work of a government and somewhat targeted with many of the infected routers located in Ukraine.
Src: Cisco’s Talos Intelligence Group Blog
Security researchers are still trying to determine what exactly VPNFilter was built to do. So far, it is known to eavesdrop on Internet traffic grabbing logon credentials and looking for specific types of traffic such as SCADA, a networking protocol controlling power plants, chemical plants, and industrial systems. Actively, it can “brick” the infected device. Bricking is a term to mean ‘render the device completely unusable’ and being as useful as a brick.
In addition to these threats, this malware can survive a reboot. Wait, didn’t the FBI ask all of us to reboot our routers? Won’t that clear the infection? No. In order for this malware to figure out what it needs to do, it reaches out to a command-and-control server. A command-and-control server issues commands to all infected devices, thus being “controlled.” C&C, as they are often abbreviated, allows the bad guys in control a lot of flexibility. It can allow infected devices to remain dormant for months or years. Then, the owner can issue commands to ‘wake-up’ the infected devices (called a botnet) and perform intended tasks. Tasks can range from attack a site, such as DynDNS which I wrote about in November of 2016, to steal logon credentials for users connected to the infected router. Back to the question, the FBI seized control of the C&C server. When an infected router is rebooted, it will try to reach out to the C&C server again but instead will be contacting a server owned by the FBI. This only gives the FBI a sense of how bad this infection is. Rebooting will not neutralize the infection.
Affected devices include various routers from Asus, D-Link, Huawei, Linksys, MikroTik, Netgear, TP-Link, Ubiquiti, Upvel, and ZTE, as well as QNAP network-attached storage (NAS) devices. There is no easy way to know if your router is infected. If yours is on that list, one can assume theirs is infected. As if that wasn’t bad enough, many manufactures don’t have firmware updates to fix the problem. The ones that have fixed the problem did so years ago. Since no one patches their routers, that’s why there’s half a million infected.
First thing to do is gather information about the make, model, and current firmware of your router. Then check for announcements from the manufacturer about affected firmware versions or preventative steps. The only known way to clear this infection is to disconnect it from the Internet, factory-reset the router, upgrade the firmware (if one is available), and reconfigure it for your network – or simply throw it away.
If those last couple words strike fear into your heart, there are a couple options:
See if your ISP has a device they will send or install for you. It can be reasonably assumed that devices provided or leased by the ISP will be updated by the ISP.
Find someone in your club that knows at least the basics of networking to help reconfigure things
Many newly purchased devices come with some sort of support to get you up and running
If you’re a little more advanced and want to learn more about networking:
EdgeRouter-XUse 3rd party firmware. Currently they are not showing signs of being vulnerable to VPNFilter or other infections. 3rd party firmware projects are often maintained by enthusiasts. They are updated LONG past when the manufacturer stops supporting their own products and updates often happen quickly. Some of those projects include: OpenWRT/LEDE, DD-WRT, or Fresh Tomato.
A Linux box could be setup with Linux packages to mimic router functionality or use a distribution such as pfSense or OPNsense.
That $5 hamfest deal isn’t sounding so great anymore. It’s the law of economics for these companies too. $10, $30, or $100 for a device isn’t going to sustain programmer’s time to find, fix, troubleshoot, test, and release firmware updates for a 7-year-old device. It’s a struggle. I think it will come down to spending more on better devices which will be upgraded longer or spend $50-$100 every 3-5 years to replace an OK one.
The Department of Commerce released a report on the threat of botnets and steps manufactures could take to reduce the number of automated attacks. It hits on a number of good points but lacks many details. “Awareness and education are needed.” Whose responsibility is it to educate? I can write articles in the OSJ but I’m not going to be able to visit everyone’s house and determine if your devices are infected. “Products should be secured during all stages of the lifecycle.” Automated updates could take care of this problem but doesn’t address what-ifs. What if the update fails or worse yet, bricks your “Smart” TV as an example? Who is going to fix or replace them? Will they be fixed if it’s out of warranty? Not to mention operating system “updates” are bundled with more privacy violations and ways to monetize users.
There’s a lot of work to be done. I wish I had the answers. Regardless, we all need to be good stewards of the Internet making sure ALL attached devices are updated and current.
Finally this month, thank you to all the clubs and groups that sent messages to this station via WinLink or NTS over Field Day weekend. It was the most I’ve ever received, about 12 – 15 messages altogether.
We’re going to take a look at projects others have done with micro-computers and controllers. Many of these will be Amateur Radio related but I will highlight some getting started projects that show setup or basic programming. Since many Hams are into computers and programming, I will highlight some networking and server related uses. Finally, some of the more some crazy and unique setups I’ve come across.
First thing to note: if you receive this newsletter in printed form, you’ll want to go to the club’s website or get it in electronic form to view these links. Links will be to videos or instructions posted online. Any YouTube videos will start at the beginning of the segment.
I was informed the University of Akron Amateur Radio Club (W8UPD) was planning on using the Raspberry Pi for their second High Altitude Balloon launch on April 8, 2014. Though no reason was given, it was scrapped for the Beaglebone Black board. They configured it to send back Slow-scan TV images overlaid with telemetry information. Unfortunately, the launch was a failure due to high winds and “poorly placed trees.” Upon launch, the payload got snagged and caught in a tree.
I heard from John – N8MDP who setup his Raspberry Pi as a D-STAR hotspot as well. His setup works with the “X-Reflector” system. There are multiple D-STAR reflector systems that co-exist together on the network. His instructions are detailed and the setup is different than mine because different software is needed to access these alternative reflector systems. John installed a webserver on his Pi to control it from the Internet.
Heads-up display in a mobile setup for radios that use CAT commands.
Networking and server
One of the first projects I saw was how to use the Raspberry Pi as a Home theater PC. This allows you to watch videos, listen to audio, or display photos accessible via the network on a TV.
A Pi can be turned into a home or portable access device used in conferences, competitions, demonstrations, or school project. Some examples are a router, network attached storage (NAS) device, web server, or secure virtual private network (VPN) server. The VPN server uses OpenVPN, an excellent encryption package that offers trust no one (TNO) encryption since you generate the encryption keys.
A useful project is the Raspberry Pi IP address IDer which speaks the IP address if you are operating headless and need to connect to it.
Cool and unique
Want to relive the 8-bit gaming days of the Commodore 64? There is a project called Commodore Pi to create a native Commodore 64 emulator and operating system for the Raspberry Pi.
Want to give your dog a treat via email? The Judd Treat Machine will do just that! Send an email to the dog’s email address, it dispenses the treat, snaps a picture, and replies with the picture attached.
The University of Southampton in England created the Raspberry Pi Supercomputer using 64 Raspberry Pi computers. They use a “message passing” system to distribute processing across all 64 devices. His son also helped out by building the rack to hold them out of… Legos!
Hey gang,
