US, UK warn of Russian hackers targeting millions of routers – CNET


Russian hackers have been targeting millions of routers around the world, according to a joint statement from the US and the UK. 

Aaron Robinson/CNET

Russian hackers are targeting millions of routers around the world, including devices in homes and offices, according to US and UK officials.

In a joint announcement Monday from the US Department of Homeland Security, the FBI and the UK’s National Cyber Security Center, officials warned Russian spies have been looking for vulnerabilities on millions of routers as a tool for future attacks. 

The targets include routers in both homes and offices, as well as firewalls and switches from internet service providers, critical infrastructure and major private companies, Rob Joyce, the National Security Council’s cybersecurity coordinator said in a conference call.

“We have high confidence Russia has carried out a coordinated campaign to gain access to enterprise, small office, home office routers known as SOHO routers and residential routers, and the switches and connectors worldwide,” Joyce said.

The DHS said it’s seen Russian activity with scans for vulnerabilities on routers over the last two years, but it’s hard to assess how many have been affected. 

“The purpose of these attacks could be espionage, it could be theft of intellectual property, it could be prepositioning for use in times of tension,” NCSC Director Ciaran Martin said.

State-sponsored cyberattacks are a national security concern, as hackers look to use vulnerabilities to affect elections, power grids and businesses. The US has taken actions in the last year against alleged hackers from Iran, Russia and North Korea

In router attacks, consumers can protect themselves by keeping the devices updated.  But the responsibility also falls on device makers to issue necessary fixes.

“Once you own the router, you own the traffic,” Jeanette Manfra, DHS’s top cybersecurity official, said on the conference call.

Compromising a router would allow attackers to steal credentials, as well as use it for future attacks, Joyce added.

“It is a tremendous weapon in the hands of an adversary,” the NSC’s cybersecurity coordinator said.

As such, the US and UK are also issuing a technical alert on Monday, warning that people update their internet of things devices and routers, and for companies to build their connected gadgets with better security. 

Attacks on routers can have more potential for damage since they’re not maintained with the same level of security as servers or computers are, Manfra said. The DHS and the UK’s NCSC hope to change that with Monday’s technical alert. Part of the alert calls on people to step up their own security, with Manfra pointing out that the DHS can’t “protect every single device.” 

Cambridge Analytica: Everything you need to know about Facebook’s data mining scandal.

Tech Enabled: CNET chronicles tech’s role in providing new kinds of accessibility.