You may recall my column of a few weeks ago titled, “FBI says ‘reboot your router,'” which outlined the FBI’s warning that Russian government hackers had infected over 500,000 home and small business routers, allowing them to steal website logins and passwords, and then cause the router to “self-destruct.”
Researchers at network giant Cisco have learned that, as explained previously, merely rebooting ones router doesn’t completely fix the problem; the router’s operating code, known as “firmware,” also needs to be updated to thwart the attack from the threat now known as “VPNFilter.” But, it gets worse; many more brands are now known to be affected, with the list growing to include (and, they say the list is likely incomplete) routers from Asus, D-Link, Huawei, Linksys, MicroTik, Netgear, Qnap, TP-Link, Ubiquiti, Upvel and ZTE.
If you own routers made by any of these manufacturers, it is strongly recommended you install the latest firmware updates available. If you do not know how to do this, you should find someone who does. This is not a problem to be ignored or trifled with; it means business.
It has been discovered that VPNFilter has nasty capabilities that were previously unknown, in the form of what is called a “man-in-the-middle” attack. Man-in-the-middle attacks have been around for years, but usually not coming from your router.
The way it works in this case is sort of like the old game folks used to play where they would all sit around in a circle, and someone would whisper a secret in someone else’s ear. That person would in turn whisper the secret into the next person’s ear, and so forth. The whispered secret would travel around the circle, from person to person, and, when it got to the last person, they would say out loud what the secret was. Usually, by the time the secret had been handled this way, it would no longer be identical to how it was at the start.
The VPNFilter man-in-the-middle attack is similar. All information that travels back and forth between you and the Internet goes through “the man in the middle,” who, in this case, is some creepy Russian hacker. The bad guy gets to control and change what you see on your screen, and change the information you send out to others on the Internet, such as emails, website logins, etc.
This means that while you are signed in to, for example, Amazon, on your screen, it looks like you are making your normal, desired purchase. On the other end, however, Amazon is receiving big-money purchase orders for electronics that are being shipped to a different address.
Another scenario would be when you are signed on to your bank account to pay bills, or make other transactions. The bad guys now have your online banking user name and password. Your screen shows an account balance you know to be correct, while behind the scenes, the man in the middle is transferring your money to his own account located in a foreign country. In many cases, your bank will not help you or refund your money, because you are required by the agreement you signed with the bank to take all reasonable precautions to protect your online banking identification.
There you have it; you have been warned.