Slashdot Mirror
US ISP Goes Down As Two Malware Families Go To War Over Its Modems (bleepingcomputer.com)
An anonymous reader writes from a report via Bleeping Computer: Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month, on April 10. The attack, which the company claimed was a "malicious hacking event," was the work of BrickerBot, an IoT malware family that bricks unsecured IoT and networking devices. "BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity." The crook, going by Janit0r, tried to pin some of the blame on Mirai, but all the clues point to BrickerBot, as Sierra Tel had to replace bricked modems altogether, or ask customers to bring in their modems at their offices to have them reset and reinstalled. Mirai brought down over 900,000 Deutsche Telekom modems last year, but that outage was fixed within hours with a firmware update. All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.
take that
but there is alink about previous incident in Deutsche Telekom?
What gives?
the level of the editors keeps getting lower or what?
Beadhull, get away from that Keyboard, you need a few cups of coffee! Now!
*** Suerte a todos y Feliz dia!
Hacked modem or not, assuming you actually use a respectable router (e.g. VyOS/Edgerouter), you can at least avoid main-in-the-middle attacks due to the fact that that packets will be encrypted by the time they ingress your modem on their way to the CMTS. That being said, it still won't stop the modem from becoming a zombie device itself. ISPs have a burden to resolve this as A) they and they alone lock down your device and manage it remotely via SNMP and B) their network is sending you the malicious unsolicited data from their network to yours.
This is why I only use Windows IOT Core based devices.
All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.
If the bricked devices were fixed, then they really were not bricked.
Modems are not "Things." They are necessary infrastructure.
Companies rent you hardware, and they give no thought to upgrades. Not only ISPs, but cable boxes and other such devices. As long as it works when installed, that's good enough. To be properly secure, you need to keep up with security updates.
Perhaps it is time that manufacturers have to accept liability for faulty software.
There are many things that are considered bad practice (or outright stupidity) that make it into the consumer market, these should be punished.
The lack of timely firmware updates (or even any updates), should be punished.
Hardcoded accounts/passwords should be punished
Telnet/SSH access from the DSL side on by default should be punished
Wireless not requiring a password (a complex one !) before the wireless can be enabled should be punished
If manufacturers had to shell out $1000 per item for this sort of behaviour a lot would go to the wall, the others would clean up their act quickly.
And NO, manufacturers can not opt-out/contract out of this (if they try, make it $5000 an item).
Sure, no software is perfect, but thats not the problem, its that so much junk is put out there with no attempt to make it secure. The average home user can not be expected to do this themselves.
Fuck this poster. Prob a malware crim
I agree with your definitions. However, the BrickerBot author is closer to a vigilante hero, than a criminal.
Yes. This merits a class action against the ISP, for distributing defective routers.
What security upgrades? Most of these manufacturers never try to upgrade their IoT crap. They drop it, and move on.
... on April 10."
Come for the nerd-news; stay hard for the WTFs.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Maybe all these folks that have been affected will start demanding more from manufacturers in regards to making sure these devices are secure and that security updates are provided on a regular and timely basis.
I wouldn't the author a hero of any kind. Sure, he's removing insecure devices from the internet but at great inconvenience to the end-users that depend on them and a lot of these people will be small business owners or home office types. It's the fault of Zyxel for producing such insecure crap in the first place but also the ISP for issuing them to their customers and then failing to secure their management interfaces from the internet at large.
For those not in the know, this company is the heir to Sierra On-Line/Sierra Entertainment/Yosemite Entertainment in Oakhurst, CA. They created King's Quest, Space Quest, Police Quest, Leisure Suit Larry, et al. After the studio joined Codemasters they remained in Oakhurst until at some point it became an ISP. I'm not sure if any of the original folk are still there.
Relevant Wikipedia Entry
(The Sierra name lives on as a trademark of Activision, but in name only. The hallowed halls of that great studio are now an ISP.)
Your argument is that paying customers were given a choice in the matter and so should vote with their feet. Normally I would agree with that assertion except that most ISPs don't offer a choice of modem to customers or even alert them that they have a choice. Often they'll grumble about incompatibility issues if a new customer says, "I already have a modem."
Modems are just another way for ISPs to milk money out of their customers. e.g.: ISPs bulk buy these modems from whomever they can source them for $10 each and then charge customers a once-off connection fee ($80-$100) or ongoing monthly rentals ($10-$20/month).
BrickerBot and their ilk are still punishing the unwary customers for the incompetence of the manufacturers and ISPs.
True, it would be much more secure (in one way) if administration was only possible from the local, lan-side port. However, that's neither practical nor sufficient.
First, some people can't effectively and reliably admin their own modem. They need the cable ISP to manage it. The ISP is on the external side. So the ISP needs access from the outside. That *should* be secured reasonably well, though.
Second, iframe src=http://192.168.1.1/admin/changepasswd.php?newpass=yourfucked
Putting that into any web page will cause the browser, which is on the internal network, to access the router or modem. So restricting access to be from the local network only is insufficient for security.
it steals the owner's ability to use the device. i don't need to move your car to prevent you using it.
Not a bad thing when you in a neighborhood full of criminals who'll steal that car and use it for crime a couple of days after you bought it.
No sig today...
My view too. Janit0r is absolutely a vigilante, but currently BrickerBot (and the less destructive Hajime) are only active "solutions" to the various IoT botnets such as Mirai and, from their posts, I believe (s)he would stand down as soon as more active steps were taken by the vendors, ISPs, and owners. Far from ideal but, until those in a position to do something about it in a less disruptive manner step up to the plate, if that's the only option for the rest of us caught in the firing line, then I'll live with it. Keep calm, and carry on bricking!
As for this specific incident, although Zyxel has to take some blame for shipping broken routers in the first place, I'd say the main culprit here is actually SierraTel, both for their failure to implement secure central management of their modems in the first place, but mostly for failing to learn from Deutsche Telekom's experience and remediating that error, despite having *six months* to do so. Clearly that has now cost them financially and in customer satisfacation, which should hopefully server as a wake up call to anyone else in a similar situation and dragging their feet over deploying a solution. Somehow, I don't think SierraTel is going to be the only ISP to have this kind of problem though.
UNIX? They're not even circumcised! Savages!
1) I was unaware that website currently require that you manually execute each script
2) Show me a commercial OS with a supplied browser that includes a good adblocker and a NoScript installed and properly configured by default.
Computers are basically appliances for 80% of the users on the internet now. I can mod my toaster and replace the plug with a grounded type, and only plug it into a GFCI outlet to reduce the risk of shock, but everybody else just plugs theirs in and makes toast. Until OS makers start putting actual, safe browsers on their products, instead of the two-bare-wires versions they currently include, the problem isn't actually with the users. It's with the negligent programmers.
Is it just my observation, or are there way too many stupid people in the world?
So the ISP didn't do enough security patching and left their clients vulnerable to malware. BrickerBot just stopped their devices from being used to hack/ddos others. I'm not saying either is right but surely the ISP is guilty of not doing due diligence. Blaming BrickerBot alone is not the answer.
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Vigilantes are criminals. Of course they are criminals. They have to be criminals.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
that damn vigilante hacker bricked my router!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The device is doing exactly what it was instructed to do. Maybe manufacturers should instruct their devices to do what the customer wants instead of what other people want.
woody188:
Wish Janit0r would change phase two so that it instead redirects all outbound requests to a page explaining what is wrong with the device and to contact their ISP. At least for modems/routers this would be much more preferable to just bricking a device and would empower the person to get help and maybe even salvage their device should an update be available. Vigilantes don't hurt the innocent! You listening Janit0r?
Nice idea. Ideally someone else should host that site.
"we are all atheists about most of the gods that societies have ever believed in. Some of us just go one god further."
At work we have a att ADSL2+ modem with the software modified to disable the disconnection redirect and disable updates.
They really really want their modem to brag every time it loses connection which would be ok but they don't have no cache set so once the connection resets you have to close out of whatever your doing to get it to stop redirecting to the modem status page.
They issued a firmware update to the modem so you couldn't modify it but didn't add the no-cache option required to fix the problem that made people need to modify it in the first place and that's why updates are blocked.
Maybe this is an example of DIMSS?
https://ask.slashdot.org/story...
Internet @ATT Hey your modem software sucks! here's how to fix it:*fix instructions here*
ATT @internet no thanks we don't want our equipment to work *tears up fix instructions*
Minimum threshold fixed. Thanks!
You left your car unlocked, so I've removed the engine to prevent anyone from stealing it!
concomitant concomitant concomitant
I just adore BrickerBot more and more each story I read about it. This is the best solution, and sadly the financial impact is the only way to make these companies take security seriously.
So this ISP was handing out shoddy insecure modems by the truckload, leaving all their customers susceptible to attack.
It's bad enough that this kinds of crappy device exist on the market in the first place, but for an ISP to peddle the things... that's inexcusable. IMO the ISP needed this firm punch in the nose.