- Twitter lifts ‘permanent’ suspension of activist Barrett Brown Monday 5:52 PM
- Billie Eilish fans fend off objectifying comments on tank top photo Monday 5:32 PM
- Groom’s mother sabotages wedding by tricking guests into wearing jorts and hoodies Monday 4:39 PM
- No one believes Bill de Blasio’s son sent him these debate prep texts Monday 3:26 PM
- Meek Mill, Jay-Z to release ‘Free Meek’ documentary on Amazon Prime Monday 3:20 PM
- 3 ways to secure your Nest cameras Monday 3:15 PM
- This Pokémon generator site is creating hilarious monsters Monday 2:48 PM
- MrBeast impersonator tricks kid into destroying his XBox Monday 12:50 PM
- This mom has the perfect nickname for her nonbinary kid Monday 12:25 PM
- Netflix tests pop-out player that will allow viewers to multitask Monday 11:44 AM
- Man allowed to sue media publishers over readers’ Facebook comments Monday 11:42 AM
- Republicans slammed for joke about ‘heavily armed militia’ at Oregon statehouse Monday 11:30 AM
- New bill wants tech companies to tell you how much your data is worth Monday 10:53 AM
- AOC has the best response to Steve King’s ‘concentration camp’ criticism Monday 10:19 AM
- Did Jake Paul and Tana Mongeau just get engaged? Monday 9:26 AM
Anonymous accused of running a botnet using thousands of hacked home routers
Go change your home router password now.
Lazy security has allowed various groups of hackers, likely including Anonymous, to hijack hundreds of thousands of home and office Internet routers, according to a new report from cybersecurity firm Incapsula.
The hackers target routers that have factory-default usernames and passwords, an “inexplicably negligent” mistake by ISPs and users alike, says Incapsula.
The hijacked routers, located mostly in the U.S., Thailand, and Brazil, were infected by various potent malware and used to build a botnet that began attacks against dozens of targets in late December 2014.
Using the Internet bandwidth from the homes and offices of these routers, the owners of these botnets wield a weapon that packs a heavy punch against online targets.
Botnets (“robot networks”) are armies of hijacked computers used, in this case, to launch denial-of-service attacks against whatever targets—websites, servers, individual devices—that the aggressor aims to overwhelm and take offline.
Many of the hijacked machines reported back to AnonOps.com, a gathering point for the Anonymous activist group, “indicating that Anonymous is one of the groups responsible for exploiting these under-protected devices,” the report claims.
The hacking was first discovered by Incapsula last year when dozens of its customers were victims of what researchers describe as a “homogenous botnet” made up of swaths of nearly the same home and office routers.
An investigation revealed that all the hijacked routers suffer from profoundly lax security.
All the “units are remotely accessible via HTTP and SSH on their default ports,” the report reads, meaning they can be accessed easily over the Web. “On top of that, nearly all are configured with vendor-provided default login credentials.”
The botnet is also self-sustaining. Newly hijacked routers will scan for other vulnerable machines; when a good target is found, an automated script easily conscripts it into the botnet’s ranks.
“For perpetrators, this is like shooting fish in a barrel, which makes each of the scans that much more effective,” the report explains. “Using this botnet also enables perpetrators to execute distributed scans, improving their chances against commonplace blacklisting, rate-limiting and reputation-based defense mechanisms.”
The malware infecting the machines includes the popular MrBlack trojan to new and as-yet unidentified pieces of malware.
The new botnet closely resembles the cyberweapon wielded by Lizard Squad, a group of hackers responsible for attacks against Microsoft and Sony in late 2014. It’s not clear if the same individuals are involved or if this new botnet is merely an evolution or copycat of previous work.
You can read the full report below:
Photo via See-ming Lee/Flickr (CC BY 2.0)
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.