Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

April 14, 2014

Router hijacks signal technological evolution

The tactics used by cyber criminals keep on changing and your router may be at risk. Thousands have been affected although as yet it remains unclear what the targeted devices may be used for.

The fact that cyber criminals have started to attack internet gateways instead of actual machines shows how technology is evolving, according to one researcher. Steve Santorelli from internet security firm Team Cymru made the claims after his organisation discovered a sizeable network of infiltrated routers stretching right around the world.

More than 300,000 devices were found to be infected, most of which were being used in households and small business premises. This makes it one of the most significant discoveries of its kind, with devices from a variety of manufacturers affected.

Team Cymru said that while the compromised routers were first found in areas of Eastern Europe, the threat had become more prominent in other areas of the continent, with a number of victims also located in Vietnam.

Man-in-the-middle attack

Once access had been gained, the devices' internal security settings were changed to remove certain restrictions. The report’s authors explained: "Attackers are altering the DNS configuration on these devices in order to redirect victims DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers, effectively conducting a Man-in-the-middle attack."

In theory, this would give the attackers more control over the pages their victims are directed to. As yet, though, it’s not clear what the compromised routers will be used for.

While this is the first attack of its kind to be carried out on such a large scale, Mr Santorelli said that it is similar in some ways to another case discovered earlier this year. In February, a network of routers was hijacked by attackers who then sent victims to malicious websites. It is thought that the motive for this scheme was to steal login details from users' online banking accounts.

Team Cymru said that it has contacted a number of internet service providers (ISPs) and has also been in touch with police about the findings.

If you are concerned about how you would stand up to such an attack, or want to test your resilience, please contact us on 0207 621 7836 or info@cstl.com. We are always happy to help.