Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Crime Security IT

Anonymous Accused of Running a Botnet Using Thousands of Hacked Home Routers 52

An anonymous reader writes: New research indicates that Anonymous hacktivists (among other groups) took advantage of lazy security to hijack thousands of routers using remote access and default login credentials. "'For perpetrators, this is like shooting fish in a barrel, which makes each of the scans that much more effective,' the report explains. 'Using this botnet also enables perpetrators to execute distributed scans, improving their chances against commonplace blacklisting, rate-limiting and reputation-based defense mechanisms.'"
This discussion has been archived. No new comments can be posted.

Anonymous Accused of Running a Botnet Using Thousands of Hacked Home Routers

Comments Filter:
  • Remote access is a great tool, fix problems where you are, don't go to the site, reach it as you want.

    But wait, it can be used to attack too, the number of suckers who will turn on Remote access tools and trust a stranger is high enough that some groups try it.

    Have it on by default? Router makers must be insanely reckless. Oh wait, it isn't just them. It is medical device manufacturers as well. Pacemakers and microwaves atrebad enough. Unsecured WiFi? What?

  • by Anonymous Coward on Tuesday May 12, 2015 @09:39AM (#49673129)

    to put the router in the cloud.

  • by xxxJonBoyxxx ( 565205 ) on Tuesday May 12, 2015 @09:41AM (#49673151)

    >> Anonymous hacktivists (among other groups) hijacked thousands of routers using remote access and default login credentials

    Well, duh. Anonymous launches DDOS attacks. Lots of compromised routers or compromised desktops are basically the two items you need to run an effective DDOS. The good news is that millions compromised IoT devices will soon also provide a third base of operations. https://twitter.com/iot_securi... [twitter.com]

    • My thoughts, almost exactly. Now and then, Anonymous allows one of their attacks to become public knowledge ahead of time. I've kinda sat in on the forums while the attack was being waged. Yeah - members of anonymous have command of botnets. Maybe not the largest, maybe not the most sophisticated, but, individuals might have ten, a hundred, a thousand bots under their control.

      It takes no great leap of intuition to realize that "anonymous" might have thousand, or even tens or hundreds of thousands of sho

    • by Errol backfiring ( 1280012 ) on Tuesday May 12, 2015 @10:48AM (#49673759) Journal
      And off course the other way around. If I hack a router, I want to be anonymous. Oops, forgot to post as coward...
    • by Falos ( 2905315 )
      I'm actually amused by the idea of my refrigerator being the majestic warhorse of destruction against some prolife/choice* website (depends which Anonymous you get - remember, it's a banner before it's a group).

      It'd be quietly chilling in the corner and suddenly (the pump?) would start humming with the strain, the effort of my valiant fridge clashing horns across the cyberspace! Rawrrrrrrgh! Taste this, heathens!

      *gun control, samesex whatever, health insurance, $hot_button, etc
  • by gstoddart ( 321705 ) on Tuesday May 12, 2015 @09:48AM (#49673199) Homepage

    If these things are shipped with weak security which allows an account with a default password to access the router from the outside ... then no bloody wonder.

    How could people not go for such trivial attacks?

    I can see it being bad enough that behind the router you have default passwords, you're doing it wrong.

    All the "units are remotely accessible via HTTP and SSH on their default ports," the report reads, meaning they can be accessed easily over the Web. "On top of that, nearly all are configured with vendor-provided default login credentials."

    When you ship crap like that, you are basically shipping without any actual security in the first place.

    That's completely idiotic.

  • I'd love to see a list of vulnerable routers. Or at least a list of routers known to ship with remote access enabled by default. TFA has no such list.
    • by tyr ( 40246 )
      Um... from the report, included in the article: "predominantly ARM-based Ubiquiti devices" Was that so hard?
  • This might not be an official function of the group anonymous.

    Say for example a user runs a botnet and participate in Anonymous. I don't want to be found when the feds hack the server. Some users could simply be using the routers as an anonymous proxy.

    This may have no official connection to anonymous. This could be the same as accusing Torr as being set up and run by anonymous as some of the exit notes log into the anonymous server.

    There is a possibility this is real, but at this point is is mostly specu

    • What group Anonymous? Claiming to be part of a nebulous group with no leaders is great distraction material, but anybody can do that.

      • Anonymous is a brand not a group. A free brand that anyone can use if they want. What the brand represents is just the aggregate of the many individual actions done and opinions put forth under its banner. How has this purported attack impacted the Anonymous brand?

        Typical of semi-official "professional" journalism, TFA does not give any details about the target(s) of the DOS attack. But isn't that a key piece of information if we want to understand the situation? The alleged attackers could be engaged

  • by Anonymous Coward

    Hackers, hack things that are easy to hack and then use them to help them with other hacks!

  • by Anonymous Coward

    Both the Canadian CSE, and British GCHQ have false flag attacks in their playbook, so the NSA probably has it too. Hence:
    1) Hack tons of home routers for agency gain
    2) Accuse Anonymous of doing it
    3) Gain public support for going after them
    4) Gain FUNDING for doing so
    5) Profit.

    The NSA acting like scumbags means I can never trust these types of stories ever again.

  • Although TFA does not name all of the routers affected, it does name Ubiquiti routers specifically as being an issue.
    • by hjf ( 703092 )

      Which ones?

      Ubiquiti has currently two lines of "routers": EdgeMax (running a custom version of Vyatta), and AirGateway, a small WiFi Access Point (which i THINK has routing functionality. Though, Maybe it's just an AP).

      On the other side, all of their AirOS devices (from NanoStation LOCO to Rocket and even AirFiber) have the possibility of routing. And IIRC, by default, these expose the web management to the public interface with user/pass ubnt/ubnt.

  • The article recommends updating the firmware to the latest provided by the vendor - which is quite often, no help. First, check to see if that latest firmware is corrected... But preferably - install better 3rd party firmware - like openwrt - designed by people that care about your security, reliability, and uptime.
    • by mtaht ( 603670 )
      I incidentally came up with a way to make remote compromise MUCH harder recently, but I don't know how to implement it in tcp. by default, emit replies to ssh/telnet/web requests with a TTL of 1, thus limiting all admin access to the local link.
    • by tyr ( 40246 )
      From the report itself, which is at the bottom of the article: "Faced with this homgenous botnet .. initial assumption was that the routers were compromised by a shared firmware vulnerability.... further inspection revealed that all units are remotely accessible via HTTP and SSH on their default ports. On top of that, nearly all are configured with vendor provided default login credentials." This has nothing to do with default vs 3rd party firmware, and everything with failure to configure whatever firmw
  • Does anyone have a better link with more information on this story?

    • by mea2214 ( 935585 )

      Does anyone have a better link with more information on this story?

      I too would like to see a proof of concept. I'm pretty sure they can't come close to doing that to my routers even with username and password. This article doesn't provide any details so it could be FUD.

  • I have an ssh honeypot analyzer at longtail.it.marist.edu [marist.edu] at Marist College [marist.edu] and it shows that the second most popular account after root is "admin" [marist.edu], and that the most common account/password tried is ubnt/ubnt [marist.edu].

    Anybody who's been paying attention knows that default passwords on home routers are high on the bad guy's list of accounts to hack.

  • IMHO, if Anonymous creates a big enough network of compromised routers, they could create a meshed voip service or something like firechat where they can communicate using the mesh, without being monitored. If they are "cracking" home routers, it wouldn't be to use the wifi router's measly 1G port and cpu for DDOS attacks, it'd be for something more ambitious.

  • ... to compel us to read further.

    Anonymous is a punk outfit that sprays DDoS graffiti and that's it.

    The REAL Anonymous players lost that attribute when the bastards went to jail.

    Fuck Anonymous.

  • My Internet is hacked by the NSA/AT&T, my router is hacked by Anonymous, my Mac is hacked by China, my watch is hacked by fanboys, my VAX is hacked by Kevin Mitnick, my butt is hacked by racks of BBQ ribs, my brain is hacked by mounds of plaque, and my cat is hacked by a rat. What else is new?

  • Comment removed based on user account deletion
  • It's a loose collective with no centrally organized leadership. How do you accuse a group of something that they, as a group, have no control over? How do you prosecute anarchy?

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...