Slashdot Mirror

← Back to Stories (view on slashdot.org)

US ISP Goes Down As Two Malware Families Go To War Over Its Modems (bleepingcomputer.com)

Posted by BeauHD on from the new-kid-on-the-block dept.

An anonymous reader writes from a report via Bleeping Computer: Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month, on April 10. The attack, which the company claimed was a "malicious hacking event," was the work of BrickerBot, an IoT malware family that bricks unsecured IoT and networking devices. "BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity." The crook, going by Janit0r, tried to pin some of the blame on Mirai, but all the clues point to BrickerBot, as Sierra Tel had to replace bricked modems altogether, or ask customers to bring in their modems at their offices to have them reset and reinstalled. Mirai brought down over 900,000 Deutsche Telekom modems last year, but that outage was fixed within hours with a firmware update. All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.

6 of 93 comments (clear)

  1. Bricked or not? by Nkwe · · Score: 4, Insightful
    From the summary

    All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.

    If the bricked devices were fixed, then they really were not bricked.

    1. Re:Bricked or not? by Anonymous Coward · · Score: 3, Informative

      Bricked means the device is unsalvagable (by the end user.) You can typically salvage such devices by returning them to the manufacturer and having them JTAG the device to replace the firmware. Most cable/DSL modems can be updated via TFTP, but only if the device hasn't been wrecked beyond recovery.

      For example, any wireless router/modem can be destroyed permanently by setting the radios to maximum power and then connecting to each other so that they generate excessive amounts of EM radiation and eventually it will melt the amplifiers on at least one of the radios. It's like going from sitting inside a jet to sitting in front of the jet engine.

      DOCSIS cable modems can also destroy an entire neighborhood, trash the firmware in the right way and the cable modem will scream over the RF line and take out everyones modems. Not too different from how old pre-docsis modems would drown out a neighborhood every time someone loaded up winmx or kazaa

  2. Companies deploy hardware without any upgrade plan by jfdavis668 · · Score: 3, Informative

    Companies rent you hardware, and they give no thought to upgrades. Not only ISPs, but cable boxes and other such devices. As long as it works when installed, that's good enough. To be properly secure, you need to keep up with security updates.

  3. Liability by sit1963nz · · Score: 4, Interesting

    Perhaps it is time that manufacturers have to accept liability for faulty software.

    There are many things that are considered bad practice (or outright stupidity) that make it into the consumer market, these should be punished.
    The lack of timely firmware updates (or even any updates), should be punished.
    Hardcoded accounts/passwords should be punished
    Telnet/SSH access from the DSL side on by default should be punished
    Wireless not requiring a password (a complex one !) before the wireless can be enabled should be punished

    If manufacturers had to shell out $1000 per item for this sort of behaviour a lot would go to the wall, the others would clean up their act quickly.

    And NO, manufacturers can not opt-out/contract out of this (if they try, make it $5000 an item).

    Sure, no software is perfect, but thats not the problem, its that so much junk is put out there with no attempt to make it secure. The average home user can not be expected to do this themselves.

  4. King Graham has fallen so far! =( by An+Ominous+Cow+Erred · · Score: 3, Informative

    For those not in the know, this company is the heir to Sierra On-Line/Sierra Entertainment/Yosemite Entertainment in Oakhurst, CA. They created King's Quest, Space Quest, Police Quest, Leisure Suit Larry, et al. After the studio joined Codemasters they remained in Oakhurst until at some point it became an ISP. I'm not sure if any of the original folk are still there.

    Relevant Wikipedia Entry

    (The Sierra name lives on as a trademark of Activision, but in name only. The hallowed halls of that great studio are now an ISP.)

  5. Have you modified your toaster yet? by Overzeetop · · Score: 3, Insightful

    1) I was unaware that website currently require that you manually execute each script

    2) Show me a commercial OS with a supplied browser that includes a good adblocker and a NoScript installed and properly configured by default.

    Computers are basically appliances for 80% of the users on the internet now. I can mod my toaster and replace the plug with a grounded type, and only plug it into a GFCI outlet to reduce the risk of shock, but everybody else just plugs theirs in and makes toast. Until OS makers start putting actual, safe browsers on their products, instead of the two-bare-wires versions they currently include, the problem isn't actually with the users. It's with the negligent programmers.

    --
    Is it just my observation, or are there way too many stupid people in the world?