Anonymous Accused of Running a Botnet Using Thousands of Hacked Home Routers 52
An anonymous reader writes: New research indicates that Anonymous hacktivists (among other groups) took advantage of lazy security to hijack thousands of routers using remote access and default login credentials. "'For perpetrators, this is like shooting fish in a barrel, which makes each of the scans that much more effective,' the report explains. 'Using this botnet also enables perpetrators to execute distributed scans, improving their chances against commonplace blacklisting, rate-limiting and reputation-based defense mechanisms.'"
And this friends is why convenience is dangerous (Score:1)
Remote access is a great tool, fix problems where you are, don't go to the site, reach it as you want.
But wait, it can be used to attack too, the number of suckers who will turn on Remote access tools and trust a stranger is high enough that some groups try it.
Have it on by default? Router makers must be insanely reckless. Oh wait, it isn't just them. It is medical device manufacturers as well. Pacemakers and microwaves atrebad enough. Unsecured WiFi? What?
The solution must surely be (Score:5, Funny)
to put the router in the cloud.
Well duh... (Score:3)
>> Anonymous hacktivists (among other groups) hijacked thousands of routers using remote access and default login credentials
Well, duh. Anonymous launches DDOS attacks. Lots of compromised routers or compromised desktops are basically the two items you need to run an effective DDOS. The good news is that millions compromised IoT devices will soon also provide a third base of operations. https://twitter.com/iot_securi... [twitter.com]
Re: (Score:2)
My thoughts, almost exactly. Now and then, Anonymous allows one of their attacks to become public knowledge ahead of time. I've kinda sat in on the forums while the attack was being waged. Yeah - members of anonymous have command of botnets. Maybe not the largest, maybe not the most sophisticated, but, individuals might have ten, a hundred, a thousand bots under their control.
It takes no great leap of intuition to realize that "anonymous" might have thousand, or even tens or hundreds of thousands of sho
Re:Well duh... (Score:5, Funny)
Re: (Score:1)
It'd be quietly chilling in the corner and suddenly (the pump?) would start humming with the strain, the effort of my valiant fridge clashing horns across the cyberspace! Rawrrrrrrgh! Taste this, heathens!
*gun control, samesex whatever, health insurance, $hot_button, etc
Low hanging fruit ... (Score:3)
If these things are shipped with weak security which allows an account with a default password to access the router from the outside ... then no bloody wonder.
How could people not go for such trivial attacks?
I can see it being bad enough that behind the router you have default passwords, you're doing it wrong.
When you ship crap like that, you are basically shipping without any actual security in the first place.
That's completely idiotic.
Re: (Score:2)
As usual, The Simpsons did it.
http://watchonlinefree.tv/tv/t... [watchonlinefree.tv]
Skip to 19:30 (or watch the whole thing)
Re: (Score:2)
Re: (Score:3)
If you have goten into a router, then discovering what the internal network is, is trivial. No matter how much obstication you do, the network interfaces are inspectable. So they may as well be the same as changing them is no protection at all.
Re: (Score:2)
A bit like hiding SSID. Pointless, and tends to annoy valid users more than malicious outsiders.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
We don't need a fine:
--
Press "Agree" to continue.
Please change Default Setting number one:
We're sorry, but installation will not continue until you. Please change Default Setting number one:
That entry does not conform to the instructions we provided. Please change Default Setting number one:
Thank you, and please record Default Setting number one.
Please change Default Setting number two: ...
Practical Information? (Score:2)
Re: (Score:1)
Another explination (Score:2)
This might not be an official function of the group anonymous.
Say for example a user runs a botnet and participate in Anonymous. I don't want to be found when the feds hack the server. Some users could simply be using the routers as an anonymous proxy.
This may have no official connection to anonymous. This could be the same as accusing Torr as being set up and run by anonymous as some of the exit notes log into the anonymous server.
There is a possibility this is real, but at this point is is mostly specu
Re: (Score:2)
What group Anonymous? Claiming to be part of a nebulous group with no leaders is great distraction material, but anybody can do that.
Re: (Score:2)
Anonymous is a brand not a group. A free brand that anyone can use if they want. What the brand represents is just the aggregate of the many individual actions done and opinions put forth under its banner. How has this purported attack impacted the Anonymous brand?
Typical of semi-official "professional" journalism, TFA does not give any details about the target(s) of the DOS attack. But isn't that a key piece of information if we want to understand the situation? The alleged attackers could be engaged
THIS JUST IN! (Score:1)
Hackers, hack things that are easy to hack and then use them to help them with other hacks!
Smells like a false flag attack (Score:1)
Both the Canadian CSE, and British GCHQ have false flag attacks in their playbook, so the NSA probably has it too. Hence:
1) Hack tons of home routers for agency gain
2) Accuse Anonymous of doing it
3) Gain public support for going after them
4) Gain FUNDING for doing so
5) Profit.
The NSA acting like scumbags means I can never trust these types of stories ever again.
Ubiquiti (Score:2)
Re: (Score:2)
Which ones?
Ubiquiti has currently two lines of "routers": EdgeMax (running a custom version of Vyatta), and AirGateway, a small WiFi Access Point (which i THINK has routing functionality. Though, Maybe it's just an AP).
On the other side, all of their AirOS devices (from NanoStation LOCO to Rocket and even AirFiber) have the possibility of routing. And IIRC, by default, these expose the web management to the public interface with user/pass ubnt/ubnt.
Friends don't let friends run factory firmware (Score:3)
Re: (Score:2)
Re: (Score:2)
Want more details (Score:2)
Does anyone have a better link with more information on this story?
Re: (Score:1)
Does anyone have a better link with more information on this story?
I too would like to see a proof of concept. I'm pretty sure they can't come close to doing that to my routers even with username and password. This article doesn't provide any details so it could be FUD.
Hackers love admin accounts (Score:2)
I have an ssh honeypot analyzer at longtail.it.marist.edu [marist.edu] at Marist College [marist.edu] and it shows that the second most popular account after root is "admin" [marist.edu], and that the most common account/password tried is ubnt/ubnt [marist.edu].
Anybody who's been paying attention knows that default passwords on home routers are high on the bad guy's list of accounts to hack.
Mesh network (Score:1)
IMHO, if Anonymous creates a big enough network of compromised routers, they could create a meshed voip service or something like firechat where they can communicate using the mesh, without being monitored. If they are "cracking" home routers, it wouldn't be to use the wifi router's measly 1G port and cpu for DDOS attacks, it'd be for something more ambitious.
TFS mentions Anonymous ... (Score:2)
... to compel us to read further.
Anonymous is a punk outfit that sprays DDoS graffiti and that's it.
The REAL Anonymous players lost that attribute when the bastards went to jail.
Fuck Anonymous.
Sweet Hacks A-pleanty (Score:2)
My Internet is hacked by the NSA/AT&T, my router is hacked by Anonymous, my Mac is hacked by China, my watch is hacked by fanboys, my VAX is hacked by Kevin Mitnick, my butt is hacked by racks of BBQ ribs, my brain is hacked by mounds of plaque, and my cat is hacked by a rat. What else is new?
Re: (Score:2)
How do you accuse anonymous? (Score:2)