US/UK agencies warn Russian hackers are compromising routers worldwide

By Cal Jeffrey · 15 replies
Apr 16, 2018
Post New Reply
  1. British and American intelligence agencies are warning of a potential cyber threat out of Russia.

    On Monday, a joint UK/US taskforce issued an announcement that hackers backed by the Kremlin have been attempting to hijack routers worldwide and may have had some degree of success. Targets include internet service providers as well as government, small business, and home offices.

    According to the alert issued by the United States Computer Emergency Readiness Team (CERT), the hackers appear to be attempting a take over of network infrastructure. A joint team of security experts from the DHS and FBI, and the UK’s National Cyber Security Centre (NCSC) have found compromised Generic Routing Encapsulation (GRA), Cisco Smart Install (SMI), and Simple Network Management Protocol enabled devices in several countries.

    Forbes reports that Rob Joyce, special assistant to the president and cybersecurity coordinator at the National Security Council briefed the media ahead of the announcement stating with “high confidence” that Russia was behind the attacks. The UK’s NCSC Director Ciaran Martin added that the hacks had been tracked as far back as a year.

    "We can't rule out Russia may attempt to use this [hacked] infrastructure for further attacks."

    The hackers have been attempting to breach routers, switches, firewalls and network intrusion detection systems as a means to execute man-in-the-middle attacks says the CERT report.

    “This report contains indicators of compromise (IOCs) and contextual information regarding observed behaviors on the networks of compromised victims. FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.”

    The attack vectors the hackers use are comprised of “legacy or weak protocols” on ports that are associated with network administration. According to the researchers, the attackers take advantage of the following vulnerabilities:

    • devices with legacy unencrypted protocols or unauthenticated services,
    • devices insufficiently hardened before installation, and
    • devices no longer supported with security patches by manufacturers or vendors (end-of-life devices).

    The report did not name victims or the number of successful attacks. However, they did list preventative measures and signs to look for that would indicate that the network has been compromised by one of these attacks.

    You can read the full report at CERT’s website.

    Permalink to story.

     
  2. Uncle Al

    Uncle Al TS Evangelist Posts: 3,872   +2,378

    Hmmmmm ...... perhaps you should spend your next vacation in Hiroshima and go through the museum; see the shadows in the concrete and understand that was a very little bomb, just a fraction of our 10+ megaton babies we have now. With two egocentric leaders in office, there will be nothing fake about it if one decides to call the others bluff. Having worked in and around DOE and DOD most of my career I can guarantee you there is nothing fake about any of it.
     
    dms96960, senketsu and holdum323 like this.
  3. Evernessince

    Evernessince TS Evangelist Posts: 2,511   +1,579

    The Russians seem to be the only ones waging a Cyberwar and are winning by default. All the while the NSA is wasting time collecting average American's data and poking holes in our security that let them in.
     
  4. holdum323

    holdum323 Banned Posts: 1,726   +453

    What can you expect when our leader won't even acknowledge that these things are happening, and is doing nothing to prevent it.
    Has not spent one dollar that was appropriated for this. Doesn't want the world think that the Russians might have affected our election. I'm not saying they helped him win, but they damn sure didn't do any thing to help him lose. The people deserve what they get when they let these things happen. Hopefully they will wise up soon and go to the voting booths in November.
    PS This post should liven up this thread.;)
     
    Charles Olson and alabama man like this.
  5. fktech

    fktech TS Addict Posts: 249   +70

    So............
     
  6. Cycloid Torus

    Cycloid Torus Stone age computing. Posts: 3,355   +837

    So, I read the CERT paper - long list of mitigations referring to stuff I do not know. Therefore, O Wise Gurus of Routers and Networking, how does an ordinary user protect his router and SOHO network?
     
    Tanstar likes this.
  7. MaikuTech

    MaikuTech TS Addict Posts: 606   +114

    Although I really don't like trump right now he has done somethings to get the balls rolling.
    He is doing something about it, right after he took office he told the national security advisors to start upgrading the networks.
    He also told anyone in IT fields to go for networking+ and security+ etc higher degrees.
    Despite all of this we can sit here, go cry in a hole and let everything russian, koreans, chinese have to hit us with cyber-wise.
    Or be ready to effectively block them and hit them back with something they really are not expecting to happen.

    Pain is the greatest teacher and it will make us stronger through failing and hard times.
     
  8. roberthi

    roberthi TS Addict Posts: 278   +68

    You don't. You simply just let it go by like other "sky is falling" news. You cannot be expected to know what to do with this.
     
    JaredTheDragon likes this.
  9. Trillionsin

    Trillionsin TS Evangelist Posts: 1,651   +290

    Check under "Solution."

    Then, use Google or a search engine of your choosing.

    I obviously have no clue either. ;)
     
    Charles Olson likes this.
  10. roberthi

    roberthi TS Addict Posts: 278   +68

    Everyone likely upgraded, knowing how much he'll blatantly disregard protocol, which he has demonstrated time and time again.

    Where does it state he told anyone in IT fields anything of the sort? I'm in IT and haven't seen him do jack squat to help our field make anything secure happen. Those degrees mean VERY little in the real world.

    You're either prepared or your not and it's not like you're going to be able to do much about whatever is happening otherwise... The people you're reacting to here are the general consumer who goes out and buys anywhere between budget to really expensive hardware that most of them have little to no expertise in setting up securely. Most do not care.
     
    Charles Olson likes this.
  11. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 871   +430

    When it comes to cyber warfare (and other covert forms of warfare), if you did you're job right, people aren't sure you did anything at all.

    If we're waging a cyber war against Russia (which seems likely, if they are truly waging one against us), then the fact we haven't heard anything likely means we're winning. In a society like Russia's, admitting that the US is hacking your systems is admitting weakness - and their government is built upon the appearance of strength. Admit you got hacked by the US, and you admit you have no place in governing.

    The only way Russia will ever put out a press release about the US hacking them is if the Russians managed to not only stop it, but 'reversed' it and hacked the US back, AND has irrefutable proof that it was the US - so the US has the advantage in that regard.
     
    Tanstar and Cycloid Torus like this.
  12. Evernessince

    Evernessince TS Evangelist Posts: 2,511   +1,579

    Quiet Cyber warfare isn't the only kind. Your quote is cute and all but I've seen it applied to a million different things as a catch all statement far overused. It's not actual substance, just fluff.

    Russia doesn't have to put out a press release just as much as the US government doesn't have to put out a press release when it hacked the Olympics. Some Cyber attacks are so big it's impossible to not see them. Do you honestly think the Russian government would be able to hide the power grid going down in Russia? Ditto goes for the US by the way, whose utilities are already infiltrated.

    Covert Cyber warfare will remain but undoubtedly non-convert Cyber "Assaults" are becoming more and more common. IMO, congress needs to classify these as acts of war if they reach a certain scale.
     
    Last edited: Apr 18, 2018
  13. Knot Schure

    Knot Schure TS Rookie Posts: 29   +8

    It is all there in the article, but as an end user, there are only a few things you can do;

    They said:

    devices with legacy unencrypted protocols or unauthenticated services,
    (disable web access to your router, use https, and not http when possible, and disable any unnecessary 'services' your router might be 'listening' for, or offering via open ports? Do you *need* that usb file sharing enabled on your network?

    devices insufficiently hardened before installation, and
    (do not use default passwords on routers / computers [for no-password-computers, set one], do not use simple passwords, if using SSH, do not use V1, disable telnet access to anything)

    devices no longer supported with security patches by manufacturers or vendors (end-of-life devices).
    (some devices can't be protected due to known exploits, and some devices never got patched. treat yourself to a nice new router, update your PC regularly, or if its SO old, junk it and update)

    Really though, I feel they are going after infrastructure, and not so much end users. But that is all I can offer you.
     
    Tanstar and Cycloid Torus like this.
  14. jobeard

    jobeard TS Ambassador Posts: 11,688   +1,223

    Simple Network Management Protocol aka SNMP is a service on every Windows system which is not necessary for home users. Any system joined to a Domain Server will have SNMP controlled by the admin, but you and I do not need this service.

    1. login as the Administrator
    2. launch SERVICES.MSC
    3. set the startup type to MANUAL
    4. then STOP the service if it is already running.
     
    Tanstar likes this.
  15. Killerbadb0y

    Killerbadb0y TS Rookie

    Cant we stop it by having all the devices working on a internal network without any external networks coming in or out with everything hard wired on the important stuff, If a external command is needed just use a phone and speak to someone to input?
    All updates could be uploaded by disk or usb from a reliable source
    I am no expert but wouldn't it be safer?
     
  16. jobeard

    jobeard TS Ambassador Posts: 11,688   +1,223

    Sure you can do that ... just disconnect the router from the ISP - - that's the WAN uplink slot. There's a surprise awaiting so when you find it, post back and tell us your experience :grin:
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...