Solve : More Hacked Routers brand revealed?

1.	Solve : More Hacked Routers brand revealed?
Answer» Hackers hijack 300,000-plus wireless routers, make malicious changes. Devices made by D-Link, Micronet, Tenda, and TP-Link hijacked in ongoing attack.Thanks for the head up. Quote ...comes weeks after researchers from several UNRELATED organizations uncovered separate ongoing mass hacks of other routers, including a worm that hit thousands of Linksys routers and the exploit of a critical flaw in Asus routers... This is a real story. It has been picked up by major feeds. Here is a variation of the same theme. http://www.pcworld.com/article/2095860/cybercriminals-compromise-home-routers-to-attack-online-banking-users.html Quote Attacks recently observed in Poland involved cybercriminals hacking into home routers and changing their DNS settings so they can intercept user connections to online banking sites. Researchers from the Polish Computer Emergency Response Team (CERT Polska) believe attackers will likely target users from other countries as well in the future using similar techniques. "The attack is possible due to several vulnerabilities in home routers that make DNS configuration susceptible to unauthorized remote modifications,” the Polish CERT researchers said Thursday in a BLOG post. “In the resulting man-in-the-middle attack content of several e-banking websites was altered to include JavaScript injects that tricked users into giving up their usernames, passwords and TANs [transaction authentication numbers]. Effectively, money is stolen from users’ bank accounts.” Really, it is a different story, but the same problem. It is just too easy to hack a router. Glad I flashed to DD-WRT about a year ago. I was running a prior older Linksys that was about 9 years old a Linksys BEFSR41 that started to act up on me where when running persistent pings I would see occasional communication issues. Tests showed it was the router and not internet connection to ISP. Swapped this out with a $25 D-Link DIR-501 Wireless N 150 Router which supported DD-WRT and flashed it. It turned a lower end D-Link Router into a feature/security rich device and has ran trouble free for about a year now. Wireless and Wired works secure and flawlessly communicating. *NOTE: The only issue with DD-WRT and my D-Link Router is that the LED activity changed as a result of this flash. Instead of a blinking green LED for port activity the port starts as solid green showing a device is connected and then the LED goes completely out when there is activity. Other routers experience other oddities and fortunately the only oddity is the LED status of out when there is a download or update etc vs blinking.The articles did not indicate what steps to taken to prevent rooter highjacking. This wikipedia article has some general information, but not easy fix. It would imply the big companies have know about this sort of THING for a long time and have not done mush about it. IMHO. http://en.wikipedia.org/wiki/IP_hijacking IP hijacking From Wikipedia, the free encyclopedia Quote Public incidents April 1997: The "AS 7007 INCIDENT" Earliest notable example?[2] December 24, 2004: TTNet in Turkey hijacks the Internet [3] May 07, 2005: Google's May 2005 Outage [4] January 22, 2006: Con-Edison hijacks big chunk of the Internet[5] February 24, 2008: Pakistan's attempt to block YouTube access within their country takes down YouTube entirely.[6] November 11, 2008: The Brazilian ISP CTBC - Companhia de Telecomunicações do Brasil Central leaked their internal table into the global BGP table.[7][8] It lasts over 5 minutes. Although, it was detected by a RIPE route server and then it was not propagated, affecting practically only their own ISP customers and few others. April 8, 2010: Chinese ISP hijacks the Internet[9] - China Telecom originated 37,000 prefixes not belonging to them in 15 minutes, causing massive outage of services globally. Quote Correct: Only routers running stock firmware are vulnerable. OpenWRT is not vulnerable to this issue. From: https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633

Answer» Hackers hijack 300,000-plus wireless routers, make malicious changes. Devices made by D-Link, Micronet, Tenda, and TP-Link hijacked in ongoing attack.Thanks for the head up.
Quote

...comes weeks after researchers from several UNRELATED organizations uncovered separate ongoing mass hacks of other routers, including a worm that hit thousands of Linksys routers and the exploit of a critical flaw in Asus routers...

This is a real story. It has been picked up by major feeds.
Here is a variation of the same theme.
http://www.pcworld.com/article/2095860/cybercriminals-compromise-home-routers-to-attack-online-banking-users.html
Quote

Attacks recently observed in Poland involved cybercriminals hacking into home routers and changing their DNS settings so they can intercept user connections to online banking sites.
Researchers from the Polish Computer Emergency Response Team (CERT Polska) believe attackers will likely target users from other countries as well in the future using similar techniques.
"The attack is possible due to several vulnerabilities in home routers that make DNS configuration susceptible to unauthorized remote modifications,” the Polish CERT researchers said Thursday in a BLOG post. “In the resulting man-in-the-middle attack content of several e-banking websites was altered to include JavaScript injects that tricked users into giving up their usernames, passwords and TANs [transaction authentication numbers]. Effectively, money is stolen from users’ bank accounts.”

Really, it is a different story, but the same problem. It is just too easy to hack a router.
Glad I flashed to DD-WRT about a year ago.

I was running a prior older Linksys that was about 9 years old a Linksys BEFSR41 that started to act up on me where when running persistent pings I would see occasional communication issues. Tests showed it was the router and not internet connection to ISP. Swapped this out with a $25 D-Link DIR-501 Wireless N 150 Router which supported DD-WRT and flashed it. It turned a lower end D-Link Router into a feature/security rich device and has ran trouble free for about a year now. Wireless and Wired works secure and flawlessly communicating.

*NOTE: The only issue with DD-WRT and my D-Link Router is that the LED activity changed as a result of this flash. Instead of a blinking green LED for port activity the port starts as solid green showing a device is connected and then the LED goes completely out when there is activity. Other routers experience other oddities and fortunately the only oddity is the LED status of out when there is a download or update etc vs blinking.The articles did not indicate what steps to taken to prevent rooter highjacking.
This wikipedia article has some general information, but not easy fix. It would imply the big companies have know about this sort of THING for a long time and have not done mush about it. IMHO.
http://en.wikipedia.org/wiki/IP_hijacking
IP hijacking
From Wikipedia, the free encyclopedia
Quote

Public incidents
April 1997: The "AS 7007 INCIDENT" Earliest notable example?[2]
December 24, 2004: TTNet in Turkey hijacks the Internet [3]
May 07, 2005: Google's May 2005 Outage [4]
January 22, 2006: Con-Edison hijacks big chunk of the Internet[5]
February 24, 2008: Pakistan's attempt to block YouTube access within their country takes down YouTube entirely.[6]
November 11, 2008: The Brazilian ISP CTBC - Companhia de Telecomunicações do Brasil Central leaked their internal table into the global BGP table.[7][8] It lasts over 5 minutes. Although, it was detected by a RIPE route server and then it was not propagated, affecting practically only their own ISP customers and few others.
April 8, 2010: Chinese ISP hijacks the Internet[9] - China Telecom originated 37,000 prefixes not belonging to them in 15 minutes, causing massive outage of services globally.

Quote

Correct: Only routers running stock firmware are vulnerable. OpenWRT is not vulnerable to this issue.

From: https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633

Solve : More Hacked Routers brand revealed?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment