Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

More Hacked Routers brand


  • Please log in to reply
16 replies to this topic

#1 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 04 March 2014 - 01:04 AM

Hackers hijack 300,000-plus wireless routers, make malicious changes. Devices made by D-Link, Micronet, Tenda, and TP-Link hijacked in ongoing attack.


Tekken
 


BC AdBot (Login to Remove)

 


#2 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:06:04 PM

Posted 04 March 2014 - 01:46 PM

Interesting article.

Sadly, many users of such devices are not aware that the default log in name is admin and the password is simply just that password.

I have seen most subscriber wireless devices with a personal wireless log on password, however, the credentials for logging into the router's setup parameters are always factory default.

One such example is my neighbor's cable modem, which has wireless enabled, now for starters the security WPA key, realistically is not all that hard to crack, because it only contains two letters and all numbers, none of which are capitalized nor was any characters used such as #$%^&*( the key only contained a total of 7 characters. Not very hard to crack.

Next, the security level was set to low, also not very good.

Last, the router's log in credentials was admin and the password was still factory default as password.

The cable TV company never changed those settings and the subscriber never was told about the consequences of leaving those setting as they were.

I found the same results with other subscriber hardware that is currently in use. The subscribers were never told anything about security and the vulnerabilities involved in such weak setup parameters. This is a major reason this hacking is possible. It is not rocket science in hacking such devices. It has a lot to do with lack of knowledge in wireless security measures and the lack of readily available easy to understand pamphlets that explains the seriousness of changing the default parameters of such devices.

9 out of 10 Internet subscribers who have wireless, will tell you, that they were never told anything by the installer, that their device may not be secure. Most take it for granted, that the company and its employees have already made sure that their devices are safe and secure. That is far from the truth.

Subscribers who read this article, need to think twice and question their subscription service company's installers about the security settings of their wireless equipment. Never assume they are set up to be 100% secure, because in most cases they are not.

Bruce.
Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#3 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:04 PM

Posted 06 March 2014 - 01:59 AM

Just made some adjustments on my mother-in-law's Linksys E1200 wireless router today. For some reason, it was set to allow remote management, plus another option, Filter Anonymous Internet Requests was unchecked. I fixed both & rebooted the router.

 

My Linksys WRT160N V3 had these options properly configured when I set it up. Though it was given to me, I reset it to default, clearing any prior settings. Later on, that model was added to the list of risky routers, but I've not had a problem as of yet.

 

MrBruce1959 does make some very accurate points above. Back in 2010, I knew very little about networking, actually need to learn more, my learning is generally "on the run" to fix someone else's issues. Anyway, when Time Warner setup my service here, the passcodes for the router were left to the default vaules for Netgear & the wi-fi passphrase was actually my street number followed by the first six characters of my email address. No special characters at all. A knowlegdeable friend showed my how to change that & helped me to create a more secure passphrase that was easy for me to remember, but next to impossible for a neighbor/piggybacker to guess. Plus changed a couple of router settings to make it more secure (this was a combo modem & router in one). It ran hot & after 2 replacements, I demanded a wired cable modem & bought my own router & was much faster.

 

These "techs" are in so big of a hurry to make it to the next appointment, that they don't even show the customer these things. Though he did leave the box contents of the new router which had the instructions for setup, at the time I wasn't familiar with it, nor did I realize the importance of secure passphrases for wi-fi. He did install CA Internet Security 2010 (their "gift" to me) on my main computer though, By far, it was the most bloated security I've ever ran, even worse than those trial versions of Norton Internet Security that ships with many new computers. And I'm one of the 90% above that wasn't instructed a word about router security, not the first one.

 

I'd much rather he had spent the time to help choose a secure passphrase, as I have always done with any sites that invloves transactions. These, I do my best to perform on a wired conncetion, even with WPA-PSK2, I still feel queasy about conducting business on a wireless connection.

 

ISP technicians need to slow down about 10-15 minutes & at a minimum, provide a checklist of proper security measures & at least give the customer a say in their passphrase, as well as advise to make it a secure one. As well as a quick discussion about security in general, to include the proper use of security software. They have a EULA which mandates not to have an infected computer online & not spread viruses/malware through the network, so it would seem fitting that a discussion as to how to perform scans, keep everything updated (including apps & Windows Updates), anything else to make the customer aware of security. Some ISP's has this material online, but few customers bothers to read it.

 

In regards to all of these routers being hacked, I feel that the list will grow longer before it shrinks. Because these days, Internet crimes are the fastest rizing ones, requires no violence & seems fairly easy to someone who knows what they're doing to hit payload. 

 

What a waste of talent. If I were that smart, I'd have a nice six figure job somewhere in the tech industry, rather than creating havoc for many Internet users.

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#4 ScrapCath

ScrapCath

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 06 March 2014 - 07:02 PM

So, what happens when a router is compromised? What is the next step to recovering it?



#5 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:06:04 PM

Posted 06 March 2014 - 08:12 PM

The first thing I would do is reset the router. To do this, you can remove the battery, so the memory is not save. Remove the power supply, it might be an AC to DC adaptor or an AC power cord plugged into the back of the router/modem and the other end to the electric wall outlet. Then locate the reset button, this is commonly located in a little hole on the back side of the device, it requires a toothpick or pin to reach the button. Push that in and hold it for a minimum of 60 seconds, longer won't hurt. 

 

This will clear all the settings back to factory default. Now reconnect the power and wait for the device to establish a connection to your service provider, you can tell by the status lights located on the device. Don't forget to reinstall the back up battery if you removed.

 

Now perform a firmware update, this may help, firmware updates are automatic with some devices, others you have to access the router's internal computer chip, which holds the setup settings. You access this via a web browser, routers have different ways to log on to the router's setup parameters. It depends on the brand name, what you type in the address bar, it may be an IP address, or a URL such as www.myrouter.net or www.myrouter.com From there, a log in screen for your router will load, most factory settings are the log in name is admin and the password is simply password everyone knows this information, its no secret and therefore, you need to change that password to something strong, like V4HW0*m>lQ><9TQL5CcIt or mYFF5leA9.e4LLe5v/-yH.

 

If your router does not do automatic firmware updates, you can tell it to call home and look for new security updates, NetGear devices can do that. If yours does not, you have to go to the router manufactures website and look for the firmware, once it is downloaded and on your computer, you can run it, it should flash your router's firmware.

 

Next:

 

Once you gain access to your router's parameters, you have to go through the different menus and change all the passwords for your router's log in credentials. You also need to change your security key, use strong passwords such as this Wb%*>>..HsW2t%7JcD:4Zp for your WPA settings.

 

Make sure port forwarding is NOT enabled and if you have kids, you can go to block websites and type in key words such as SEX, and any words related to porn websites and if they try to access those sites your router can block them from doing so.

 

Some routers allow you the ability to change a setting that broadcasts your devices name, that is the name you look for when you try to access your router through wireless devices. My broadcast name was MrBruce, however if I wanted to I could make that name hidden, so other people in my neighborhood won't see my device. As I said that option is available in one of the menus.

 

Different manufacturers have different menus and it is hard for me to cover all of them in a few words.

 

Bruce.


Edited by MrBruce1959, 06 March 2014 - 08:35 PM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#6 ScrapCath

ScrapCath

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 06 March 2014 - 08:30 PM

Thanks Bruce, great advice. :thumbup2:



#7 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:06:04 PM

Posted 06 March 2014 - 08:38 PM

I updated that post, like twenty times LOL! I just kept thinking of new things to add to it. Hence you see that I edited it and edited it and edited it.

 

You're very much welcomed. :)

 

Bruce.


Edited by MrBruce1959, 06 March 2014 - 08:38 PM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#8 ScrapCath

ScrapCath

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 06 March 2014 - 09:30 PM

Lol, thanks for the updated/edited info :)



#9 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:04 PM

Posted 07 March 2014 - 02:39 AM

During this time, if your router is one of the listed (or closely related) & your computer goes to acting weird, such as strange popups, it would be best to perform the reset procedure that MrBruce1959 has taken the time to post. Plus run Full scans with your installed security software. 

 

If any issues persists, you may wish to create a thread in the Security section of this Forum. Be sure to include all details for the most accurate response & work closely with the member who offers to assist you. Unlike many other tech forums, Bleeping Computer has real specialists on hand to assist, with real solutions. 

 

The reason being, that many tech forums will have one to run the more popular tools, such as MBAM. Though the adviser's intentions may have indeed been well, many times it takes a combination of tools in the proper sequence to repair an infected computer. This requires special knowledge beyond that of running scans with the installed security solution, including MBAM. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#10 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:06:04 PM

Posted 07 March 2014 - 12:00 PM

Very good advice cat and thank you for adding that to the topic.

 

You're very much correct, our MRT staff is one of the best groups of people out there.

 

I am glad you brought up the issues regarding the computer its self, since I did not mention it in my advice. Actually, as I was composing my post I kept coming up with new things to add and eventually I just decided it was time to stop and leave it as it was. Too much information in one post can tire peoples eyes or lose them in the process.

 

Firewalls can also be a very important part of security as well. A good firewall, that denies both outgoing and in coming connections is a must have!

 

There are good firewalls and semi-good ones out there. Routers often have built in firewalls as well.

 

If anyone wishes to contribute what firewalls they feel have worked well for them, by all means chime in with the name of it. Windows now has its own built in firewall, it may not be the best, but it is better then no firewall at all.

 

One should check the status of that firewall on occasion to see what ports, or what programs have been allowed access to the Internet. Security in the administrators section of windows can reveal issues as well. Event Viewer can also reveal security issues as well if you comb through it and look for red X's or exclamation marks.

 

I have provided just a few pointers, but there are many other ways to detect intrusion, knowledge is your best friend and the more you read the more you learn. This is a good time for anyone who has this knowledge to chime in now so others can learn from it.

 

Bruce.


Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#11 bobbybrantley

bobbybrantley

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 07 March 2014 - 04:04 PM

I might be out of place here, but does this pertain to DOCSIS 3.0 Netgear items?



#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:04 AM

Posted 07 March 2014 - 10:24 PM

My ISP even modified their own firmware version that didn't allow me to change anything except wifi password.

Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 bludshot

bludshot

  • Members
  • 657 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 07 March 2014 - 11:19 PM

What a waste of talent. If I were that smart, I'd have a nice six figure job somewhere in the tech industry, rather than creating havoc for many Internet users.
 
Don't be fooled. Most script kiddies have no talent, they just download pre-done hacks and use them.


#14 technonymous

technonymous

  • Members
  • 2,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 08 March 2014 - 06:48 PM

If you have a router that has UPNP turn it off.



#15 bobbybrantley

bobbybrantley

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 09 March 2014 - 12:32 AM

I've had that turned off in mine for awhile now...there doesn't appear to be any open source firmware for my modem though so I'm stuck with factory default settings outside the ones i can change






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users