this post was submitted on 01 Feb 2024
254 points (98.1% liked)

Technology

59192 readers
2433 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 9 months ago (1 children)

In other news, "fbi installed mallard on your router"

[–] [email protected] 4 points 9 months ago

I would also like a mallard

[–] [email protected] 38 points 9 months ago

That's basically how the Sasser worm came to be. A hacker found a buffer overflow in the LSASS service, used that to replicate and then shut down the vulnerable service. But apparently he failed to account for Windows shutting down when LSASS was stopped, leading to a bootloop.

In the end it lead to massive damages when it actually was supposed to be a cure.

[–] [email protected] 181 points 9 months ago* (last edited 9 months ago) (5 children)

creepy: a buttload of out-of-date routers were infected with chinese malware and unknowingly used as a botnet in a cyberattack

creepier: the fbi was able to take control of all of the routers and wipe the malware

creepiest: the router owners were unaware anything had happened

[–] [email protected] 1 points 9 months ago

"Computer Sabotage" crime in Germany, no?

[–] [email protected] 2 points 9 months ago

That's very creepy

[–] [email protected] 7 points 9 months ago (1 children)

I would assume they used the same exploit as the botnet because only the NSA gets to use the fancy secret backdoors and secret list of vulnerabilities.

Unless the routers were also managed by ISPs in which case they might have just had builtin remote access/remote commands

[–] [email protected] 4 points 9 months ago (1 children)

if the routers were managed by ISPs, the ISPs would have kept them up-to-date. these were not home users, but small business users, and a standard service contract would have covered that sort of thing. considering the issue was so widespread and over several different ISPs and different devices, the most likely explanation is that they were owned and managed by the user.

[–] [email protected] 2 points 9 months ago (1 children)

I used to fall for that logic that an ISP would keep my router up to date. It doesn’t happen.

In my case I had the same ISP router for over four years and there was a known bug streaming video. I didn’t have privileges to update and they refused to. Nor would they replace my router with a current one because “it’s not broken and hasn’t yet reached the age we switch them out”.

My solution was to stop renting the router. Also stop renting set top boxes and drop phone and cable service. I’m much happier with only internet for however many years that’s been and I have more control over keeping my network up to date and configured properly

[–] [email protected] 1 points 9 months ago

ymmv, but most ISPs do actually push updates to their hardware. i'm not surprised to hear that some don't, however.

of course, you're right that the best option is to bring your own hardware. not only is it safer, but, in the long run, you save a ton of money.

[–] [email protected] 5 points 9 months ago (2 children)

How would you like the router owners to have been alerted?

[–] [email protected] 8 points 9 months ago (2 children)

How would you like the router owners to have been alerted?

By two men in black showing up at their doors, of course.

:-)

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

We are here to help.

[–] [email protected] 3 points 9 months ago

"We're musicians maam"

[–] [email protected] 22 points 9 months ago (2 children)

Perhaps via the contact information they provided to their ISP?

[–] [email protected] 9 points 9 months ago

I suspect it might have been problematic to tip off the malware operators that the network was about to be shut down. Apparently customers are going to be informed via their ISPs now. I guess some if them may decide to junk the routers.

[–] [email protected] 50 points 9 months ago (3 children)

I'm curious as to whether the router manufacturer included a back door or if the FBI used the same exploit that was used to infect the routers in the first place.

[–] [email protected] 3 points 9 months ago

The U.S. has a very robust hacking capability, we just don’t advertise it and we concentrate on shutting down or infiltrating critical infrastructure in times of war or espionage.

Instead of hacking China to steal industrial secrets, we hack them to see if we could say open or close all the floodgates at the 3 Gorges Damn… China hacks us to steal state and industrial secrets, though they are now starting to focus on infrastructure.

[–] [email protected] 12 points 9 months ago

It's not entirely uncommon for the latter to happen. Some greyhats have done similar things to clear out botnets in the past. It still counts as unauthorized access to a system though so most avoid doing so even if the intended result is beneficial

[–] [email protected] 43 points 9 months ago* (last edited 9 months ago) (1 children)

probably the latter, since all of these routers were unpatched, out-of-date routers, and that's how they were exploited in the first place.

however, the article specifically states that the court documents are all redacted when it comes to the details

[–] [email protected] 4 points 9 months ago

Secrets for me but not for thee.

load more comments
view more: next ›