The FBI has issued a threat alert regarding over 500,000 infected home and small business routers, and offers a simple way to begin fixing the problem: reboot your network router.
The U.S. Federal Bureau of Investigation, on May 25, 2018, by way of the Internet Crime Complaint Center (www.ic3.gov), issued Alert Number I-052518-PSA, titled, ” Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide.”
First off, let me say I don’t know why Internet security professionals continue to refer to the Internet bad guys as “actors.” You see it everywhere in security trade articles, press releases and publications; bad guy hacker-types are constantly referred to as “threat actors,” “malicious actors,” “state-sponsored actors,” “hostile actors,” and, in this case, “foreign cyber actors.”
Tech people have long been accused of speaking in a language no one else can understand, and calling Internet crooks “actors” only perpetuates the problem. Actors are people who star in TV shows and movies. Internet criminals are criminals, not “actors.”
In this case, the “foreign cyber actors” (Russians, according to the Feds) are indeed acting very badly, in that they have discovered weaknesses in certain home and small business-type network routers that allow them to infect the routers with malware that can steal website logins and passwords. Next, they can send the router a “self-destruct” order that turns it into a pile of useless junk. According to the FBI, over a half million routers have already been infected.
The “Defense” section of the official alert reads as follows: “The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”
Devices currently known to be infected include those from Netgear, MicroTik, Linksys, TP-Link and QNAP network storage devices. Even so, the FBI recommends all home and small business routers be rebooted, regardless of what brand they may be. This will help identify infected routers and possible remedies.
Rebooting the router only gets part of the job done, though. The router’s internal settings should be checked, too. Remote management capabilities (turned on by default in many routers) should be disabled. The routers should be protected by strong passwords, and not by the factory-provided passwords found on stickers attached to the device. Top-level encryption should also be used.
The router’s special control software, known as “firmware,” should be updated to the latest version, too, as firmware flaws led to the problem, in the first place. If no firmware update is available, the router should be reset back to the factory default configuration and secured for continued use.
With all this in mind, the United States Computer Emergency Readiness Team (US-CERT) has updated its network guide titled, “Security Tip (ST15-002) Home Network Security.” The guide is a thorough look at how to properly setup and secure a home computer network. I strongly recommend you read the guide, and follow its directions, especially if you are one of those “do it yourself” types who thinks you know everything you need to know about installing a network router; I assure you, you do not.
The US-CERT guide addresses some do-it-yourself misconceptions right up front, when it states, “Many home users share two common misconceptions about the security of their networks. They believe that their home network is too small to be at risk of a cyberattack (and) they believe that their devices are “secure enough” right out of the box.”
I was confronted by this mentality recently in the form of a very successful small business owner who, deciding to be his own I.T. department, ended up calling me in to fix things the right way. “Why would anyone want to get into my network,” he whined, “when we’re just a small company?”
“Small businesses are are Target Number One to the Internet bad guys, mainly because many small business owners don’t take Internet security seriously enough, which makes their networks easy to hack,” I replied. “Besides capturing bank account passwords as you type them in, one other thing the bad guys are looking for is accounting programs like QuickBooks or Sage Peachtree, which you have.”
“But, my accounting software is password protected,” he protested. “Dude,” I said, “if someone is smart enough to hack into your network, they are probably smart enough to hack around your crummy Quickbooks password, too.” End of discussion.