Illinois-based security firm Team Cymru has released research findings that point to a wide-spread compromise of consumer-grade routers that are commonly installed in homes and small offices all over the world. As many as 300K of these devices from a variety of manufacturers have been hacked to redirect network traffic to counterfeit banking sites and possibly other malware-laden destinations. Though the hacked devices have been found all over the world, the highest concentration seems to be in Southeast Asia and Europe, with Vietnam, Italy, India and Thailand being hit the hardest.
What this means for you:
Hacked routers are not as easy to detect as a malware infection on a computer, primarily because most people never touch their home or small office routers except to install them or to reset them when their internet doesn’t work. In most cases, they might not even know how to access the router, and have long-forgotten the password used to configure and secure the device originally, if that install wasn’t completely handled by their internet service provider. In the hack mentioned above, all the affected devices shared a common trait of having their DNS altered to point to 2 specific IP addresses(18.104.22.168 and 22.214.171.124), allowing the hackers to effectively control where the compromised router sends any and all network traffic routing through that device.
Team Cymru recommends several ways to harden SOHO-class routers against the hacks used in the attacks mentioned above, but the methods require a familiarity with configuring network devices that is not usually found where these devices are installed. In order to make sure your router is secure, you’ll need to know the following:
- Who owns the router (you or the ISP)?
- If it’s owned by the ISP, are they managing it for you?
- If you own it, do you know the login and password for the device?
- Is your connection DHCP or static IP? (Most are the former as statics are an addtional charge)
- If it’s static, make sure you have the IP information documented.
- If you have access to the configuration of the router, is remote management enabled? If so, does it need to be?
- Has your router been updated to the latest firmware? If managed by someone else, will they handle the update?
Not sure how to go about filling in these blanks? Reach out to someone you trust (maybe C2?) with some basic networking and router configuration expertise and have them look at your SOHO router. Your router is a critical device in your home and office network and if it were hacked, every device (and person) connected to it could be severely compromised.
Numerous sources are reporting that web services provider GoDaddy.com is currently suffering from a severe, widespread outage of its DNS and webhosting services, crippling thousands of its customers’ websites. GoDaddy’s website and phone support are also unavailable. Though GoDaddy is not commenting on the reason for the outage, responsibility for the outage is being claimed by hacker “Own3r” who is allegedly the Security Leader of the infamous hacktivist group “Anonymous“.
— Anonymous Own3r (@AnonymousOwn3r) September 10, 2012
What this means to you:
GoDaddy is one of the world’s largest domain registrars, and by default, also one of the largest DNS providers as well. The easiest way to explain DNS is to liken it to a directory that matches the domain name (e.g. “c2techs.net”) with that website’s actual IP address (eg. “126.96.36.199”). Whenever you type a domain name into your browser, you are actually reaching out to that domain’s “name server” (hence “DNS”) so that your browser knows where to find the webserver that serves pages for that particular domain name.
Even if your site isn’t hosted by GoDaddy, if the above attack has taken GoDaddy’s DNS servers offline, your site is still unreachable unless the browser (or the human behind it) knows the IP address of your domain name and uses that instead.
What can you do about it:
While their service is down, not a whole lot. Once they come back online, you can transfer any GoDaddy services to any number of other providers. I use Hover.com and have been very happy with their simple and low-key approach. If you’ve registered domains with GoDaddy, then you are more than capable of handling the transfer process, especially if you start the transfer from Hover.com, but there are a few gotchas here and there that may complicate the process. Website transfers are a bit more complex, and unless you are an accomplished website administrator, I’d suggest you contact us for help. C2 Technology provides a full complement of web services including domain registration, website design and hosting.