Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Mysterious Grey-Hat Is Patching People's Outdated MikroTik Routers (zdnet.com)

Posted by BeauHD on from the just-trying-to-help dept.

An anonymous reader quotes a report from ZDNet: A Russian-speaking grey-hat hacker is breaking into people's MikroTik routers and patching devices so they can't be abused by cryptojackers, botnet herders, or other cyber-criminals, ZDNet has learned. The hacker, who goes by the name of Alexey and says he works as a server administrator, claims to have disinfected over 100,000 MikroTik routers already. "I added firewall rules that blocked access to the router from outside the local network," Alexey said. "In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions." But despite adjusting firewall settings for over 100,000 users, Alexey says that only 50 users reached out via Telegram. A few said "thanks," but most were outraged. The vigilante server administrator says he's been only fixing routers that have not been patched by their owners against a MikroTik vulnerability that came to light in late April.

4 of 74 comments (clear)

  1. Not the sysadmin they want.. by Rick+Schumann · · Score: 5, Insightful

    ..but the sysadmin they deserve?
    Regardless, I approve of this. Bravo, Sir.

    1. Re:Not the sysadmin they want.. by Narcocide · · Score: 4, Insightful

      No, that guy is just a vandal. This guy is a hero.

  2. Enough Already! There is no grey here by slacka · · Score: 4, Insightful

    This is the Right Thing To Do! So many times the Goody Two-Shoes so called "white hats" take out the botnets but rather that do this and patch the hacked machines, they just try to disable the current botnet. And surprise, surprise within a few months all the hacked machines are back in a new botnet, more fault tolerant botnet.

    It's almost like these researchers realize that doing what this unsung hero did would hurt there job security. We should all celebrate this Russian hero. We need more like him.

  3. Re:Really curious what the angry ones said by Mistlefoot · · Score: 4, Interesting

    They were angry because they were administering networks remotely and all of a sudden were not able to as their access was disabled as well.

    Imagine you are an incompetent IT doing work remotely and you can't access it anymore. So you have your client login locally to enable that feature again and they read that message to you. Now your client knows you are incompetent too. And then when the client refuses to enable access from outside the network you actually have to leave your desk to do the work. Or find a new customer as you have now been replaced.