LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (https://www.linuxquestions.org/questions/general-10/)
-   -   Router Attacks (https://www.linuxquestions.org/questions/general-10/router-attacks-4175630669/)

frankbell 05-28-2018 09:17 PM
Router Attacks
 
The New York Times (and many other sources) report that the FBI wants persons to reboot and create new passwords for their routers because of intrusions reported linked to Russia.

Link: https://www.nytimes.com/2018/05/27/t...t-malware.html

Here's an excerpt:

Quote:
Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on.

The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday.

A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russia’s military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies.
As an aside, I suspect that part of the responsibility for this is borne by users who never change their routers' passwords from the default. For all practical purposes, the default password is a public password.

Belkin routers are not mentioned in the story. I have a Belkin, which I don't particularly like for reasons, but I must say that the Windows set-up routine for the router required me to create a unique passwork when I set it up.

Trihexagonal 05-29-2018 12:11 AM
Quote:
We recommend that:

Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
I just updated my router firmware and changed my password last week and don't allow remote management. A reboot can't hurt, I don't particularly want to reset it to factory default status.

Isn't this the same smelly fish funk wafting the airwaves the antecedent two years? I got the link through the article.

https://www.nytimes.com/2016/12/13/u...ction-dnc.html

ondoho 05-29-2018 01:45 AM
Quote:
a sophisticated malware system linked to Russia
can you possibly get any vaguer, and accusing at the same time?
honestly, americans and russians... :rolleyes:

Trihexagonal 05-30-2018 10:44 PM
Quote:
Finally, on May 8, we observed a sharp spike in VPNFilter infection activity. Almost all of the newly acquired victims were located in Ukraine. Also of note, a majority of Ukrainian infections shared a separate stage 2 C2 infrastructure from the rest of the world, on IP 46.151.209[.]33. By this point, we were aware of the code overlap between BlackEnergy and VPNFilter and that the timing of previous attacks in Ukraine suggested that an attack could be imminent. Given each of these factors, and in consultation with our partners, we immediately began the process to go public before completing our research.

As we continued to move forward with the public disclosure, we observed another substantial increase in newly acquired VPNFilter victims focused in Ukraine on May 17. This continued to drive our decision to publish our research as soon as possible.

https://blog.talosintelligence.com/2...VPNFilter.html
I talked with my friend who lives in the Ukraine last night by PM. He had sent me one, so he obviously had internet. I asked if he had heard about this exploit, been targeted or knew anyone who had. He usually doesn't come on for a few more hours and I may not talk to him for a couple days, but I'll see what he says about it.

I think he would have said something by now if he had been hit with it since they're dating back to May 8th.

If it really is nation state sponsored activities, and we all know that type of things happens, who's to say who is the nation really behind it? Some alphabetic agency with its own agenda?

Habitual 06-06-2018 02:39 PM
https://blog.talosintelligence.com/2...er-update.html

Trihexagonal 06-07-2018 03:58 AM
I talked to my friend in the Ukraine 2 nights ago.

He hasn't been infected, none of his friends there have been and he had heard nothing about it till I mentioned it. He Admins a busy forum, I'm sure something would have been said there if a member had been exploited or if it was as big new item in the Ukraine as claimed.


In USA TV Watch You!

////// 06-09-2018 12:16 AM
some years ago i was practicing my google-fu and spent some time google hacking and i were able to find 50k routers with open http port (and no password needed) to management pages, i posted it to google hacking database (GHDB) where johnny long (Johnny Long of Hackers for Charity) confirmed that those were new routers that were not posted to GHDB before.

those routers were from usa.

ChuangTzu 06-10-2018 05:08 PM
FYI, netgear released updates for their routers...

mazinoz 06-27-2018 02:48 AM
Here in Australia we had an "interesting" month in May.
On my birthday May 1 I woke to find both my Telstra router which I had secured by basically bridging it and turning it into a dumb modem and my tablet were toast. Would not work. Motherboard on Samsung had a capacitor blown.

Official explanation here was that the emergency service numbers here 000 for police, fire and ambulance were down nationwide ie: all or nearly all states affected, because a lightning strike had hit a cable in a remote NSW region. We had several national outages for Telstra who provide the backbone for the internet for other ISPs, were affected. Banks were affected, EFTPOS terminals affected.

Then came the warnings about the VPNFilter malware. Now seems to affect mostly linux devices. I only use linux or Android on defunct tablet. For several months before this though I had known I was being hacked, several reimages done which fixed the problem every time. Main issue was it was intent on disabling the VPN setup I had on my dd-wrt router. I could only use the internet if I disabled VPN. It was working normally before hacking. As I don't have wireless or bluetooth on my PC I suspected it came via the modem. A lot of outages in my suburb, though usually ascribed to the NBN being installed. Honestly though my suspicion is that it was linuxVPNFilter running rampant on the Telstra network. There is now a ho-hum government enquiry being undertaken to find out why the emergency services backup solution also failed.

I doubt very much if either Telstra or the government will offer an explanation.


All times are GMT -5. The time now is 02:43 PM.