Router Hijacking Threat: 300,000 Computers Affected
A significant security vulnerability has been discovered by Team Cymru, a renowned enterprise security research organization. The issue lies in a large network router, which has been compromised, allowing hackers to hijack and affect a staggering 300,000 computers on the internet. This phenomenon occurs when a computer is redirected to a different DNS server, causing network traffic to be redirected in the wrong direction.
Although there is no evidence to suggest that this was a deliberate attempt at deception, the researchers are still investigating the matter. Steve Santorelli, a member of the Cymru team, stated, “We now know that more than 300,000 devices are being directed to different DNS servers.” What’s even more astonishing is that the two co-leads of the IP addresses responsible for this issue are registered to a hosting company called 3NT Solutions, based in London.
A Different Kind of Threat
Contrary to initial assumptions, this is not a botnet issue, as the problems are primarily limited to the router itself, rather than the computers. However, the Cymru team has pointed out that this level of access can be more threatening. In a previous similar attack in Poland, a router was used to create a fake banking site, allowing hackers to obtain user credentials. In this case, a hacker can use the router to redirect to a specific URL on any server they want, paving the way for more diverse attacks.
A Long-Existing Vulnerability
The most disturbing aspect of this issue is that the vulnerability has existed for two years. Most of the routers in the United States and Western Europe have already been equipped with the necessary security measures, but the routers in Eastern Europe and Asia are still vulnerable to attacks. This problem is particularly acute in Vietnam.
Collaboration and Resolution
Team Cymru has contacted law enforcement authorities and is working to track down the two major IP addresses responsible for this issue. They have also reached out to the router manufacturers, urging them to take immediate action to repair the problem. Santorelli emphasized, “This is an evolved version of traditional botnet technology, which requires equipment manufacturers to repair immediately.”
Key Statistics
- 300,000 computers affected by the router hijacking issue
- 2-year history of the vulnerability
- Most of the routers in the United States and Western Europe have the necessary security measures
- Routers in Eastern Europe and Asia are still vulnerable to attacks
- Vietnam is particularly affected by this issue