Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mass Router Hack Exposes Millions of Devices To Potent NSA Exploit (arstechnica.com)

Posted by msmash on from the security-woes dept.

More than 45,000 Internet routers have been compromised by a newly discovered campaign that's designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers say. From a report: The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don't reveal precisely what happens to the connected devices once they're exposed, Akamai said the ports --which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed -- provide a strong hint of the attackers' intentions.

The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play -- often abbreviated as UPnP -- to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets.

11 of 73 comments (clear)

  1. More Backdoors, more backdoors...!! by ripvlan · · Score: 2

    We need the government to request and be granted access to Back Doors !!!! Because we know that they will keep it secret and none of us will ever be affected by rogue hackers figuring them out. Better yet - the No Such Agency can be in charge of keeping the secrets.

    Government secrets !! yay team !

  2. UPnP by JBMcB · · Score: 4, Insightful

    The first five or six wave of horrendous uPnP vulnerabilities weren't enough to convince people that uPnP on your router is a bad idea?

    --
    My Other Computer Is A Data General Nova III.
    1. Re: UPnP by BlueStrat · · Score: 2

      Of course they fucking talked about them, each time. If you had UPnP running after 2002 YOU ARE A MORON.

      They talked about them on tech sites and blogs. Not in places where mom, dad, or grandpa & grandma would notice. The most they would have seen is some newsreader mentioning something about NSA leaks and exploits by "hackers" in a fact- and detail-free one or two line blurb/filler in between the local news and the weather forecast.

      The vast majority of non-tech-savvy "normies" have still never heard of any of it. The MSM doesn't try to inform anyone because such tech-heavy articles with enough info to be useful don't drive many advertising views or clicks on articles.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  3. Is there a list? by Anonymous Coward · · Score: 5, Insightful

    I don't care about badly written vague explanations of how the exploit works. Is there a list of routers affects so I can search for mine?

    1. Re:Is there a list? by msmash · · Score: 2, Informative

      There isn't one. Here's what Akamai advises: "The best way to identify if a device is vulnerable or actively being leveraged for UPnProxying is to scan an end-point and audit it's NAT table entries. There are a handful of frameworks and libraries available in multiple languages to aid in this process. Below is a simple bash script used during this research. It is capable of testing a suspected vulnerable endpoint by attempting to dump the first 10,000 UPnP NAT entries from the devices exposed TCP daemon."

    2. Re:Is there a list? by SEMLogistics · · Score: 5, Informative

      Yes, Akamai published the list of manufacturers and models in their whitepaper: https://www.akamai.com/us/en/m...

  4. Re:Who has power by pgmrdlm · · Score: 3, Interesting

    Why would I want to abolish an agency that is part of my national defense. And able to intercept attacks before they happen by monitoring communications? Look at any war that has occurred. Interception of communications has always been a national defense strategy by all nations?

    --
    Anonymous comments are as pathetic as the anonymous "sources" that contaminate gutless journalism from the New York Time
  5. Re:Who has power by jpaine619 · · Score: 2

    Why would you want to keep an agency around that doesn't just spy on our enemies, but also spies on us?

  6. Re:Who has power by shoor · · Score: 2

    As others have pointed out, it's a representative democracy. When the USA was started, neither the telegraph nor the railroad had been invented yet. Counties would elect representatives to go off to State Capitals, and States would elect representatives to go off to Washington, D.C. because that was the only practical way to get things done. We still have that system which was put in place with the adoption of our Constitution.

    However, the real problem is with human nature itself. You've probably heard expressions like "Power corrupts, and absolute power corrupts absolutely", or "Who watches the watchers." We have several TLA (Thee Letter Acronym) Agencies that we have to deal with; the FBI, the CIA, and the NSA are the biggest and best known, and each has plenty of scandals in its history. To some extent they watch each other, or maybe it's mostly the FBI watching the CIA. Check out Aldrich Ames for example https://en.wikipedia.org/wiki/Aldrich_Ames

    Governments feel like they need these agencies, and maybe they do, but even if they start out with nothing but highly competent honorable people, they are bound to gradually go from being what historian Carroll Quigley called 'instruments' into what he called 'Institutions'.:

    transformation of social arrangements functioning to meet real social needs into social institutions serving their own purposes regardless of real social needs

    (Quote is from the wikipedia entery on Quigley.)

    There's no easy simple solution to the problem because the problem is in human nature. The first amphibian that evolved to walk on dry land probably couldn't walk very well. The first bird that evolved flight probably couldn't fly very well. We're the first species to come up with this thing we call 'civilization'. How good do you think we are at it?

    --
    In theory, theory and practice are the same; in practice they're different. (Yogi Berra & A. Einstein)
  7. Re: Who has power by jd · · Score: 2

    Except that they have never successfully prevented any attacks. A congressional enquiry got the NSA to admit a 100% failure rate.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  8. Re:It would not be hard by sremick · · Score: 2

    Like pfSense?

    https://www.pfsense.org/

    I wouldn't say it's "bulkier"... you can run it on pretty tiny hardware, like I do (mine is a tiny Jetway box, smaller than most peoples' routers, chassis is metal and functions as the heatsink). Definitely "more complex to administer" but it's right up my alley.