A screenshot of the website, showing various parts from Western manufacturers

How Many Western ICs Are There In Russia’s Weapons?

Recently, the Ukrainian government has published a database of Western components being used in recently produced Russian armaments, and it’s a fascinating scroll. Just how much does Russia rely on Western manufacturers’ parts? It turns out, a surprising amount. For instance, if you are wondering which ICs are used to build Iran-produced Shahed drones, it seems that it’s a whole bunch of Texas Instruments parts, as well as some Maxim, Intel, and Xilinx ones. Many of the parts in the lists are MCUs and FPGAs, but it’s also surprising how many of the components are jelly bean parts with multiple suppliers.

There appear to be thousands of parts listings, compiled from a good few dozen pieces of equipment that volunteers appear to have taken apart and scrupulously documented – just take a look at the dropdowns at the top of the page. The Ukrainian government is advocating for parts restrictions to be implemented based upon this data – as we all remember, it’s way harder to produce hardware when you can’t buy crucial ICs.

Even for a regular hacker, this database is worth a scroll, if only to marvel at all the regular parts we wouldn’t quite associate with military use. Now, all that’s left is to see whether any of the specific chips pictured have been sold to washing machine manufacturers.

Military Surplus Repurposed For High Energy Physics

Performing high-energy physics experiments can get very expensive, a fact that attracts debate on public funding for scientific research. But the reality is that scientists often work very hard to stretch their funding as far as they can. This is why we need informative and entertaining stories like Gizmodo’s How Physicists Recycled WWII Ships and Artillery to Unlock the Mysteries of the Universe.

The military have specific demands on components for their equipment. Hackers are well aware MIL-SPEC parts typically command higher prices. That quality is useful beyond their military service, which lead to how CERN obtained large quantities of a specific type of brass from obsolete Russian naval ordnance.

The remainder of the article shared many anecdotes around Fermilab’s use of armor plate from decommissioned US Navy warships. They obtained a mind-boggling amount – thousands of tons – just for the cost of transport. Dropping the cost of high quality steel to “only” $53 per ton (1975 dollars, ~$250 today) and far more economical than buying new. Not all of the steel acquired by Fermilab went to science experiments, though. They also put a little bit towards sculptures on the Fermilab campus. (One of the few contexts where 21 tons of steel can be considered “a little bit”.)

Continue reading “Military Surplus Repurposed For High Energy Physics”

FANCY BEAR Targets Ukrainian Howitzers

Just in case you’re one of the people out there who still doesn’t believe in “the cyber” — it appears that the Russian military served malicious cell-phone apps to the Ukrainian army that allowed them to track a particular artillery cannon.

The legitimate version of the Android app helped its operator use the 1960’s-era former Soviet howitzer. The trojanized version of this application did just the same, except it also phoned home to Russian military intelligence with its location. In addition to giving the Russian army valuable information about troop movements in general, it also led to the destruction of 80% of the cannons in question over two years.

The cited article goes into depth about how certain it is that a hacking group, referred to as FANCY BEAR, are nearly certainly responsible for the attack. The exploit has fingerprints that are not widely known outside of the security research community, and the use of the exploit against the Ukrainian army pretty much ties FANCY BEAR to the Russian military.

This is also the same exploit that was used against the Democratic National Committee in the United States. Attribution is one of the hardest parts of white-hat hacking — attackers don’t want to be found and will leave misleading clues when they can — but the use of the same proprietary malware in these two attacks is pretty convincing evidence that Russian military intelligence has also hacked into US political parties and NGOs.

(Banner image by Vitaly Kuzmin, CC-BY-SA 3.0.)