Date: April 28th, 2018 12:37 PM
Author: Hairraiser garnet chapel feces
http://www.wired.co.uk/article/russia-hacking-russian-hackers-routers-ncsc-uk-us-2018-syria
Nobody is safe from Russia's colossal hacking operation
Russia hackers have targetted "millions" of connected devices in the UK and US. It's all part of Putin's grand plan to disrupt the west
By NICOLE KOBIE
21 Apr 2018
No-one is too unimportant to be targeted by Russia-backed, state-sponsored hackers. While that may be good for the self-esteem, it's bad news for online security — enough so that this week US and UK authorities teamed up to issue a joint warning about communications infrastructure, including home-office routers.
The rare joint alert noted that routers, switches, firewalls and network intrusion detection systems at government and businesses were the main targets of Russian hackers, but it added that even "small-office/home-office customers" should take more protective action, as should Internet Service Providers (ISPs) and and those developing infrastructure.
The attacks target routers and the protective hardware around them, with Russia-sponsored hackers accused of running "man-in-the-middle" attacks for to spy, steal intellectual property, and "potentially lay a foundation for future offensive operations", the alert reads. The FBI, Department of Homeland Security and the UK's National Cyber Security Centre (NCSC) noted that multiple cyber security research groups have reported such activity since 2015.
"This is not something new, and is not something that has developed in response to Salisbury and Syria," said Keir Giles, a senior consulting fellow of the Russia and Eurasia Programme at thinktank Chatham House. "But it's something that is entirely consistent with how Russia thinks about information warfare." That includes standard cyber attacks as well as "targeting of mass consciousness and public opinion".
Routers are a weak point in security because they're frequently left unpatched, have legacy unencrypted protocols, or weak default settings for easy installation — indeed, the technical alert notes that "Russian cyber actors do not need to leverage zero-day vulnerabilities or install malware to exploit these devices." In short, they don't need to be sophisticated. Pair that with the fact most traffic goes through routers and other networking equipment, and that makes them "ideal targets", the alert notes.
Another infamous security weak point noted by the technical alert is the Internet of Things (IoT), such as the smart devices scattered about our homes. Ciaran Martin, CEO of the NCSC, told the New York Times that Russia had targeted "millions" of connected devices in the UK and US, including IoT gadgets. "One of the things with the Internet of Things is it needs to be cheap and easy to use, and one of the ways to do that is take out security," says professor Alastair Irons, academic dean for the faculty of computer science at the University of Sunderland. "In theory, these IoT devices could be weaponised… to disrupt and disable networks and infrastructure."
Why your router, of all routers?
It's clear why spies would target ISPs or their rival governments, but why would Russia want to attack your router? "Two of the main principles that have come through in recent Russian thinking about information warfare — which includes cyber activities as well as exploiting the information that they're collecting through cyber activities — is that nobody is too unimportant to be a target," says Giles. "This is something that's been seen in the front line states quite routinely, with for example Nato soldiers."
Such people may not have seen themselves as targets before, but Giles cites Russian chief of general staff Valeriy Gerasimov as believing that in information warfare there "is no rear area". In other words, we're all on the front line now. "Everybody is because they're looking for vulnerabilities everywhere," Giles says.
While finding embarrassing information to use for leverage is one goal, routers are soft targets that can be used in multiple ways: you can steal data, but you can also redirect traffic, abuse it for a distributed denial-of-service attack, replace pages or elements of a page (as seen with ad fraud), or use the access point to move up the chain to their computer. Indeed, if you hack a home router, you may "get lucky," says Irons, and find someone working from home "who is easier to access than they'd normally be at a more secure location". Even the NSA falls foul of that with home workers and contractors.
Plus, victims are unlikely to notice they've been hacked, allowing the hackers in question to hold onto the compromised router for future use. "When a router has been compromised, it is much more difficult to detect and remediate than say, a laptop infected with malware," says Jérôme Segura, lead malware intelligence analyst at Malwarebytes.
(http://www.autoadmit.com/thread.php?thread_id=3962458&forum_id=2#35937894)