FBI to America: Reboot Your Routers, Right Now

Authored by popularmechanics.com and submitted by blaspheminCapn
image for FBI to America: Reboot Your Routers, Right Now

The FBI has issued a dire warning to everyone who has a router in their home. The Internet Crime Complaint Center sent a rare Public Service Announcement declaring: "Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide."

The hackers are using VPNFilter malware to target small office and home office routers, the FBI said. "VPNFilter is able to render small office and home office routers inoperable," the FBI warns. "The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption."

The feds recommends "any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices." They also advise to consider disabling remote management settings on devices, use encryption, upgrade firmer and choose new and different passwords, which is pretty much best practice anyway.

The IC3, formerly known as the Internet Fraud Complaint Center was renamed in October 2003 to include this kind of attack. Their stated mission "is to provide the public with a reliable and convenient reporting mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners."

Today, that means telling you to reboot your router, so hop to it.

_m0kka on May 26th, 2018 at 14:31 UTC »

Luckily my power company is so shit that my power goes out often enough that I'm not worried about this. (4 hours outage 2 days ago) and my ISP drops so often that if my router needs to "phone home" it will have done it and failed by now.

Thanks shitty utility companies! :D

Boon-Lord on May 26th, 2018 at 14:25 UTC »

Symantec has published what the affected routers are. Here

Linksys E1200 Linksys E2500 Linksys WRVS4400N Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072 Netgear DGN2200 Netgear R6400 Netgear R7000 Netgear R8000 Netgear WNR1000 Netgear WNR2000 QNAP TS251 QNAP TS439 Pro Other QNAP NAS devices running QTS software TP-Link R600VPN

Lishy1_5 on May 26th, 2018 at 14:17 UTC »

How did the routers get hacked? How do you know if yours is hacked or not?

edit:

My router does not appear on the list, but it's pretty old. How can I tell if it's hacked or not?

The last official firmware update on the product's website is for 2015. Am I screwed? What can I do to ensure it's clean?

Also, what should I watch out for in my router's activity log to know if anything is suspicious?