creepy: a buttload of out-of-date routers were infected with chinese malware and unknowingly used as a botnet in a cyberattack
creepier: the fbi was able to take control of all of the routers and wipe the malware
creepiest: the router owners were unaware anything had happened
I’m curious as to whether the router manufacturer included a back door or if the FBI used the same exploit that was used to infect the routers in the first place.
probably the latter, since all of these routers were unpatched, out-of-date routers, and that’s how they were exploited in the first place.
however, the article specifically states that the court documents are all redacted when it comes to the details
Secrets for me but not for thee.
It’s not entirely uncommon for the latter to happen. Some greyhats have done similar things to clear out botnets in the past. It still counts as unauthorized access to a system though so most avoid doing so even if the intended result is beneficial
That’s very creepy
“Computer Sabotage” crime in Germany, no?
I would assume they used the same exploit as the botnet because only the NSA gets to use the fancy secret backdoors and secret list of vulnerabilities.
Unless the routers were also managed by ISPs in which case they might have just had builtin remote access/remote commands
if the routers were managed by ISPs, the ISPs would have kept them up-to-date. these were not home users, but small business users, and a standard service contract would have covered that sort of thing. considering the issue was so widespread and over several different ISPs and different devices, the most likely explanation is that they were owned and managed by the user.
I used to fall for that logic that an ISP would keep my router up to date. It doesn’t happen.
In my case I had the same ISP router for over four years and there was a known bug streaming video. I didn’t have privileges to update and they refused to. Nor would they replace my router with a current one because “it’s not broken and hasn’t yet reached the age we switch them out”.
My solution was to stop renting the router. Also stop renting set top boxes and drop phone and cable service. I’m much happier with only internet for however many years that’s been and I have more control over keeping my network up to date and configured properly
How would you like the router owners to have been alerted?
Perhaps via the contact information they provided to their ISP?
My ISP has never had info on my router, for 20+ years. Was there something in the story I missed about these being ISP issued routers?
The ISPs don’t need info on the routers…
The FBI has identified the routers; if they’re able to connect to them and issue commands, they clearly know the IPs of those routers and thus the ISP servicing that IP. The ISP knows which of their customers is/was assigned a particular IP.
Your ISP knows the Mac address of your router since it requests a public IP from them using DHCP. That’s why if you contact support they usually can confirm the brand of your router by doing an oui lookup.
In theory the FBI could have collected a list of MACs and optionally used an ASN lookup on the public IP and then handed each ISP their list of MACs, which the ISP could associate back to customers to contact. It would only not work for customers who spoof their router WANs ethernet mac.
But I think just patching it is a normal and fine solution imo.
Or I mean, Shodan exists. I’m sure the gov has better.
A theoretical botnet I was looking at on github used shodan to identify possible targets to infect.
In other news, “fbi installed mallard on your router”
I would also like a mallard
Chinese malware is probably preferable to whatever the FBI did with their access, and you’ll never find out exactly what it was.
Hot take. They’re both bad and you should use open source router firmware.
Even better: build your own router with OPNsense.
Even better: keep your shit up to date regardless of what you use
Even better: let the FBI patch yo shit for you.
make your tax dollars work for you
X state malware is good, Y state malware is bad.
Shit take.
The FBI has the power to arrest you tomorrow for all sorts of reasons. The Chinese government has the power to do what to you, again? Sneak in some propaganda in the ad feed? I’ll take the propaganda lol
The FBI has no power to arrest me, because I don’t live in America.
And China has the power to fuck over your infrastructure in case of a war breaking out. Or would you like to see what a Stuxnet could do to your nuclear power plants?
In my country the Vodafone ceo said the government forced them to put black box on every node
move to China if you really feel that way… live a real Chinese malware life…
At least he couldn’t post this bullshit from the concentration camp.
