Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Mysterious Grey-Hat Is Patching People's Outdated MikroTik Routers (zdnet.com)

Posted by BeauHD on from the just-trying-to-help dept.

An anonymous reader quotes a report from ZDNet: A Russian-speaking grey-hat hacker is breaking into people's MikroTik routers and patching devices so they can't be abused by cryptojackers, botnet herders, or other cyber-criminals, ZDNet has learned. The hacker, who goes by the name of Alexey and says he works as a server administrator, claims to have disinfected over 100,000 MikroTik routers already. "I added firewall rules that blocked access to the router from outside the local network," Alexey said. "In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions." But despite adjusting firewall settings for over 100,000 users, Alexey says that only 50 users reached out via Telegram. A few said "thanks," but most were outraged. The vigilante server administrator says he's been only fixing routers that have not been patched by their owners against a MikroTik vulnerability that came to light in late April.

14 of 74 comments (clear)

  1. Not the sysadmin they want.. by Rick+Schumann · · Score: 5, Insightful

    ..but the sysadmin they deserve?
    Regardless, I approve of this. Bravo, Sir.

    1. Re:Not the sysadmin they want.. by Narcocide · · Score: 4, Insightful

      No, that guy is just a vandal. This guy is a hero.

  2. Ah yes, outraged... by Anonymous Coward · · Score: 2, Informative

    When people can't admit they were morons. They are the ones who ran unsecured hardware and didn't bother patching it. They should be thanking him, he may have prevented many actual scumbags from exploiting their hardware.

    1. Re:Ah yes, outraged... by TheReaperD · · Score: 3, Interesting

      I remember once that I switched a bad security setting with the intention of switching it right back. Well, I forgot to switch it back. Thankfully a guy from 4chan hacked my system and left me a note to fix it without doing any damage. Left him a thank you note. If you're bitching about this, you're an ungrateful asshole.

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
  3. Should have gotten Janit0r. by Gravis+Zero · · Score: 2, Interesting

    I'll say it plainly, if you do not maintain your devices then anyone should be free to brick them. The obvious argument is "but it's not yours!" but this disregards that like an unvaccinated child, it puts everyone else at risk. The only alternative to this is to hack the devices so that they permanently DoS the manufacturer and sellers of the device. The situation will not improve until companies are forced to make devices secure.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:Should have gotten Janit0r. by I-am-a-Banana · · Score: 2

      This is like saying if I put my bike in my backyard, go in the house to take a leak and find my bike stolen, it is completely my fault for it being stolen and anyone should be free to steal it. This is BS. There may be many reason why an update was not performed. Two wrongs do not make a right. Making changes to someone's property without their permission is wrong. Period.

    2. Re:Should have gotten Janit0r. by quonset · · Score: 2, Insightful

      I'll say it plainly, if you do not maintain your devices then anyone should be free to brick them.

      I'll say it plainly, if you do not lock every single door and bolt down your windows then anyone should be free to steal your stuff.

      I'll say it plainly, if you do not lock your car then anyone should be free to steal it.

      I'll say it plainly, if you do not hold onto your phone every second you are out then anyone should be free to steal it.

    3. Re:Should have gotten Janit0r. by epyT-R · · Score: 3, Insightful

      Theft is not the same thing as breaking and entering so those are bad analogies. In this case, he fixed the issue you couldn't be bothered to fix for the sake of everyone else. It's still breaking and entering, but more like a neighbor breaking in to shut the gas off before your house destroys the neighborhood. I'd look at it as a favor...then I'd wipe the device and reflash and/or replace as necessary.

  4. Re:100,000 routers? by ole_timer · · Score: 2

    they've probably sold millions of devices in the last 20+ years...

    --
    nothing to see here - move along
  5. Re:outraged...but patched by Narcocide · · Score: 2

    That was my first thought too, but it could also just be undereducated "power users" who had just lost remote access to their LAN without realizing the security implications of everyone else having access, too.

  6. Enough Already! There is no grey here by slacka · · Score: 4, Insightful

    This is the Right Thing To Do! So many times the Goody Two-Shoes so called "white hats" take out the botnets but rather that do this and patch the hacked machines, they just try to disable the current botnet. And surprise, surprise within a few months all the hacked machines are back in a new botnet, more fault tolerant botnet.

    It's almost like these researchers realize that doing what this unsung hero did would hurt there job security. We should all celebrate this Russian hero. We need more like him.

  7. Really curious what the angry ones said by SuperKendall · · Score: 3, Interesting

    I read the article but there was no mention of what the angry replies said... I'd be really curious to find out in what way they were angry, instead of just saying "thanks, but don't do it again".

    It seems like maybe there should be something like statute of limitations, where if an exploit was older than a certain amount it was legal for others to patch it even if it broke systems.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Really curious what the angry ones said by Mistlefoot · · Score: 4, Interesting

      They were angry because they were administering networks remotely and all of a sudden were not able to as their access was disabled as well.

      Imagine you are an incompetent IT doing work remotely and you can't access it anymore. So you have your client login locally to enable that feature again and they read that message to you. Now your client knows you are incompetent too. And then when the client refuses to enable access from outside the network you actually have to leave your desk to do the work. Or find a new customer as you have now been replaced.

  8. Re:Not the sysadmin anybody wants by djinn6 · · Score: 3, Insightful

    You should reset and update your router anyways. Just because this guy didn't install malware, it doesn't mean nobody else did.

    Besides, if this guy didn't get to you, then you would've never noticed your router is vulnerable and the black hats would've had all the time in the world to do damage. But since he did, at least you know there is a problem and can do something about it.