Security firm finds 300,000 home routers hacked

Mar 04, 2014 by Bob Yirka report
Affected'router'distribution'heatmap'visualization

(Phys.org) —Nonprofit American security firm Team Cymru (Celtic world for Wales) has announced that they have uncovered a hacking scheme that has impacted at least 300,000 routers used by people in their homes. Reps for the firm say that while the hack appears ominous, there is no evidence as yet to suggest that the hack was used for whatever purpose it was designed.

Hacker attacks on home generally take two approaches, though both rely on the same strategy—namely, accessing the router and changing a table to redirect domain name server (DNS) queries. DNS servers are the machines that convert native language web names, to IP addresses. What this means, for example, is that a user accessing a compromised router might use the link on their browser's "favorites" bar, to access their . But instead of being routed to their bank, they are instead routed to a web page on a fake server that looks just like the real one. When the user types in their login information, it is stolen by the hackers, who use it to drain the account. That's the first approach (and the one used in the infamous attack carried out in Poland recently). Since it takes a great deal of effort to pull off, most hackers seem to instead prefer to redirect users to their expected site, but replace ads with their own, or add code that runs on user computers when they visit certain sites.

Reps for Team Cymru report that the hacked routers were mostly in Vietnam and other countries where many people are still using older, less well protected routers. They also note that it doesn't appear that the hackers actually misrouted users, thus, the hack is a mystery still. Interestingly, they note that the hacked routers all used just two IP addresses, both UK based. The companies that hold those two addresses have been notified regarding the hacking activity as have all the companies that make the routers that were hacked. Team Cymru suggests users take added precautions to safeguard their routers, such as being sure to password protect it (with a good password) and to occasionally check to see if unknown entities show up on their network.

Explore further: Fixes in the works for Moon-struck Linksys routers

More information: Report PDF: www.team-cymru.com/ReadingRoom… ymruSOHOPharming.pdf

add to favorites email to friend print save as pdf

Related Stories

Router compromise, rogue remote control? Easy, says ISE

Apr 21, 2013

(Phys.org) —Router hacking is joining the ranks of computer security headaches, where the wireless router becomes the key target for those seeking to trespass into someone else's network. The remote attacker ...

Fixes in the works for Moon-struck Linksys routers

Feb 18, 2014

(Phys.org) —Self-replicating malware has struck some older Linksys routers and Linksys has acknowledged awareness of the malware, called "TheMoon." They plan to make firmware fixes for all affected products ...

Kosovo group claims hack of US weather service

Oct 19, 2012

The US National Weather Service computer network was hacked this week, with a group from Kosovo claiming credit and posting sensitive data, security experts said Friday.

'Smart' homes open doors to hackers

Jul 30, 2013

Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists.

Recommended for you

How to keep the world's eyes out of your webcam

17 hours ago

There are concerns that thousands of private webcams around the world could be streaming live images to anybody who wishes to view them – without their owner knowing – thanks to a Russian website provi ...

Britain urges Russia to shut down webcam spying site

Nov 20, 2014

A Russian website offering thousands of live feeds peering into bedrooms and offices around the world by accessing poorly secured webcams should be taken down immediately, British officials said on Thursday.

NSA Director: China can damage US power grid

Nov 20, 2014

China and "one or two" other countries are capable of mounting cyberattacks to shut down the electric grid in parts of the United States. That's according to Admiral Michael Rogers, the director of the National Security Agency ...

Some in NSA warned of a backlash

Nov 20, 2014

Current and former intelligence officials say dissenters within the National Security Agency warned in 2009 that secretly collecting American phone records wasn't providing enough intelligence to justify ...

Russia hacking site spying webcams worldwide: Britain

Nov 20, 2014

Britain's privacy watchdog on Thursday called on Russia to take down a site showing hacked live feeds from thousands of homes and businesses around the world and warned it was planning "regulatory action".

Let's Encrypt certificate authority to launch 2015

Nov 19, 2014

Web encryption for free—tough deal to turn down? After all the instances of cyberattacks, snoopers and sophisticated surveillance, encryption technology has become especially appreciated and familiar to ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

Pattern_chaser
5 / 5 (2) Mar 04, 2014
Point of information: "Cymru" is the WELSH word for Wales. Thanks.
DarkHorse66
5 / 5 (1) Mar 05, 2014
Perhaps the hackers were testing their skill and checking for pitfalls, to see what they could get away with. Dry run for a much bigger and nastier plan?
Cheers, DH66

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.