back to article US, UK cyber cops warn Russians are rooting around in your routers

American and British crimefighters have launched another round of pin-the-tail-on-the-Russians – with a warning that Moscow-backed hackers are trying to subvert the world's network devices. The US Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security …

  1. Grikath

    Gosh..... Just 6 months ago it used to be the NORKs...

    Before mr. FattymcFat started, more or less successfully, detonating nukes it used to be the Chinese..

    When the Establishment figured out Asia in general had caught up and could and *would* outcompete them it was the Yellow Menace...

    We've covered about 30+ years of global development in those 3 sentences, and *only* if you look at them through PrUSAian propaganda.

    Anyone else see a pattern, or am I getting Old?

    1. Anonymous Coward
      Anonymous Coward

      --->Anyone else see a pattern, or am I getting Old?

      I wouldn't know, I've blocked everything on the Internet except The Register and am down in my Anderson shelter typing this on a tablet powered by a Mamod steam engine and a Sturmey-Archer dynamo.

      1. pɹɐʍoɔ snoɯʎuouɐ
        Pint

        Re: --->Anyone else see a pattern, or am I getting Old?

        "and a Sturmey-Archer dynamo."

        and up vote for the Sturmy-Archer and reminding me to rotate my tyres !!!

      2. Anonymous Coward
        Anonymous Coward

        Re: --->Anyone else see a pattern, or am I getting Old?

        I've also blocked this so called news website. I get all my updates via an encrypted carrier dolphin disguised as a shark dressed as a dolphin to my private volcanic island bunker.

        1. Muscleguy Silver badge
          Mushroom

          Re: --->Anyone else see a pattern, or am I getting Old?

          My avatar on lots of sites is a picture of me, a dumbo octopus. I of course get my internet by tapping into the USN's deep water listening system. Just for lols I'm quite good at making noises like a Russian nuclear sub.

          I've been hanging about off the Norwegian coast near an optical cable doing my act, you may have noticed. The Admiralty certainly has. It's great fun.

          -> icon because those of us in the Deep will be just fine when you have all nuked yourselves into oblivion. I expect a bit of marine snow from post apocalypse cockroaches shoved into the briny by their fellows. Yum!

      3. Flywheel Silver badge

        Re: --->Anyone else see a pattern, or am I getting Old?

        powered by a Mamod steam engine

        Crikey! I hope you're allowing some ventilation for that - I seem to remember the meths (pre-crystal type obvs) fumes giving one rather a headache, y'know!

        1. Anonymous Coward
          Anonymous Coward

          Re: --->Anyone else see a pattern, or am I getting Old?

          "Crikey! I hope you're allowing some ventilation for that"

          If I really was down in an Anderson shelter awaiting Armageddon I think the fumes from a few ccs of burning meths would be low on my list of things to worry about. But in fact early in my experiments with Mamod engines I discovered that a small butane torch worked a lot better than those meths burners.

          I do, in reality, possess a Dometic alcohol fuelled marine stove for use in emergency, but it gets used in the garage.

    2. Anonymous Coward
      Anonymous Coward

      "US, UK cyber cops warn Russians are rooting around in your routers"

      Presumably because they were there first and saw them...

  2. ITS Retired
    Holmes

    Aren't we doing the exact same thing to Russia?

    Of course we are. Also we are doing it to any and every entity that has a router, regardless of laws and countries the router is in.

    Why do you think the Internet is actually so slow? It is not any DoS, it is our own government filling the Internet up with data sucking traffic.

    1. elip

      Re: Aren't we doing the exact same thing to Russia?

      Well of course. How else do you think the US knows Russians are on the routers...they run 'w' in their existing sessions. :-P

    2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    I think I'm safe, I've used keyword blocking of bears, vodka and funny hats.

    1. Anonymous Coward
      Anonymous Coward

      That’ll keep Corbyn out then.

      1. Anonymous Coward
        Anonymous Coward

        Could be worse. http://www.bbc.co.uk/news/uk-scotland-scotland-politics-43784071

        I take neither side. They are all shits.

      2. Destroy All Monsters Silver badge

        But you might well attract raging BoJos.

    2. Mark 85 Silver badge

      When you get the "blond hair" block, let us know. The others were easy, this one keeps screaming at my router.

    3. John Smith 19 Gold badge
      Coat

      " I think I'm safe, I've used keyword blocking of bears, vodka and funny hats."

      I'd add "bare chest" and "oiled torso" to that list.

  4. Anonymous Coward
    Anonymous Coward

    Who hacked the router Angela Merel's data was routed through, oh, yes, that would be the UK

    The kettle's calling... paging pot, paging pot, has anyone seen pot.

  5. Anonymous Coward
    Anonymous Coward

    After all, that's where the DRAMA is

    The PFY got warned one night

    By "national authorities" concerning a blight

    Possibly setting up shop in his router

    Behaving like a malevolent looter

    A peril not yellow

    And neither of Mossad

    Not Turkish, not Mobster

    And no NSA wombat

    With smooth voices they told him what exactly to fear:

    "There's Putin rummaging in your Cisco gear"

  6. Kabukiwookie Silver badge

    FBI has high confidence

    Russians, blah blah, evil, blah, we have proof but we will not show it to you, blah blah.

    Getting tired of this bullcrap.

    Has any of those morons heard the story of the boy who cried wolf?

    Moral of the story is 'Never tell the same lie twice'. (Garak).

    1. KenBW2

      Crying Wolf

      >Has any of those morons heard the story of the boy who cried wolf?

      Doesn't matter, they seem to be winning over public opinion despite their hypocrisy.

      "The people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country." - Hermann Göring

      1. Mark 85 Silver badge

        Re: Crying Wolf

        Let's not forget Goebbels quote: "If you tell a lie big enough and keep repeating it, people will eventually come to believe it."*

        *Just one of several variants credited to him

        1. Anonymous Coward
          Anonymous Coward

          Re: Crying Wolf

          works the same way in any country." - Hermann Göring....Let's not forget Goebbels quote: ...

          When asking the frequently unasked question "what did the Nazis ever do for us?", I come to the conclusion that the answer is "Gave us lots of useful quotes".

          1. Anonymous Coward
            Anonymous Coward

            Re: Crying Wolf

            And they saved The History Channel

          2. Usermane

            Re: Crying Wolf

            And the black uniforms for the Sci-Fi movies and TV series.

            1. Anonymous Coward
              Anonymous Coward

              Re: Crying Wolf

              And the black uniforms for the Sci-Fi movies and TV series.

              Autobahns, they did those well.

            2. onefang

              Re: Crying Wolf

              "And the black uniforms for the Sci-Fi movies and TV series."

              Not to mention the black uniforms for Australia's Border Force.

        2. Scroticus Canis
          Devil

          Re: Crying Wolf - @Mark 85

          So that's where the the Orange Prune in the White House got the idea.

          1. Michael Habel Silver badge

            Re: Crying Wolf - @Mark 85

            My are we clever Mr. Canis.... At leat President Trump loves his Prople, instead of selling them out piecemeal back to the EU.

      2. Michael Habel Silver badge
        Joke

        Re: Crying Wolf

        Patriotism has no place in the greater new world order dear citizen, or are you some kind of biggoted, islamic-xenophobe, who hates brown ladies who like to dress up as Pacman Ghosts?

    2. Voland's right hand Silver badge

      FBI has high confidence

      How about FBI has EVIDENCE - to satisfy a prosecutor that a prosecution in a court of law may succeed. Real court. Anywhere in the developed world (preferably not USA).

      If they really have it - then, we are talking.

      Until then it is not even kettle paging pot. It is black hole calling a pot black. The best thing to do is not to listen to either one of them.

      1. Anonymous Coward
        Anonymous Coward

        At the least, they should be able to check the programming that is on networking devices against the programming that should be on networking devices. That would not necessarily prove who put any additional programming on those devices but could, at least, inform one as to whether there was programming on those devices that shouldn't be on them. I would think that's a fairly standard check, but I've been wrong, many times, before.

  7. Kernel

    What we need to do to counter this threat is .......

    use strong end-to-end encryption.

    Oh, wait - bugger!

    1. Michael H.F. Wilkinson Silver badge
      Pint

      Re: What we need to do to counter this threat is .......

      Brilliant! Have one on me.

      Now where is my one time pad?

      1. Rich 11 Silver badge

        Re: What we need to do to counter this threat is .......

        Now where is my one time pad?

        You left it in the pub. Again.

  8. Kev99

    It would be so much safer if everyone and his brother didn't assume the internet was safe and decided to all their proprietary, sensitive, and confidential on that bunch of holes held together by string.

    1. Michael Habel Silver badge

      It would be so much safer if everyone and his brother didn't assume the internet was safe and decided to all their proprietary, sensitive, and confidential on that bunch of holes held together by string.

      But, wouldn't that kind of thinking not only crash the likes of Amazon & PayPal, but, also pretty much every other Bank as well?

  9. Dacarlo
    Alert

    Paper cup and a piece of string...

    All this talk of Ruskies attacking routers reminds me there's a few subs out there looking for internerd cables...

    https://www.theregister.co.uk/2015/10/26/russian_cablehunt_recalls_cold_war/

  10. Zog_but_not_the_first
    IT Angle

    Russians are rooting around in your routers

    Er, how would I know?

    1. Anonymous Coward
      Joke

      Re: Russians are rooting around in your routers

      because they leave a big note that says "Kilroyski was ere"

      1. Anonymous Coward
        Anonymous Coward

        Re: Russians are rooting around in your routers

        because they leave a big note that says "Kilroyski was ere"

        The string to check for is in fact "Килрой был здесь".

        This information provided as a public service to Boris Johnson so he can check his iPhone.

    2. DropBear
      Trollface

      Re: Russians are rooting around in your routers

      "how would I know"

      There's a simple test; just start watching FailArmy videos - if you hear a faint "blyat!" after each gag from your router, it's probably compromised...

      1. Anonymous Coward
        Anonymous Coward

        Re: Russians are rooting around in your routers

        "There's a simple test; just start watching FailArmy videos - if you hear a faint "blyat!" after each gag from your router, it's probably compromised"

        And if it's in Moscow you can be fined for letting it swear in public.

        Typical bureaucratic mentality: just about everybody says "whore!" when something annoying happens, some people don't like it so make it illegal. That instantly causes people to stop swearing. So yob tvoiu mat, rude people!

  11. Anonymous Coward
    Anonymous Coward

    If anyone shoud know

    ... whether the Russians are in your CISCO router, it should be the NSA.

    1. vtcodger Silver badge

      Re: If anyone shoud know

      Surely there's enough room for both (plus France, North Korea, Iran, ISIS, and the Grand Duchy of Fenwick).

  12. Anonymous Coward
    Anonymous Coward

    I think my router manufacturer has been rooting around in my router as well...

    Poisoned DNS, Analytics, Remote Admin etc.

    https://routersecurity.org/bugs.php

    And wasn't it Russias own Kaspersky that caught the US rooting around with the Slingshot exploit?

  13. deadlockvictim Silver badge

    If home routers are as buggy as hell, even if they are updated and enterprise-grade routers are expensive and possibly more dangerous if configured by someone who is not an expert in them, what should the lay person do?

    Just update the firmware often and hope for the best?

    Turn off the router when it's not being used?

    Treat it like a car — pay a professional many thousands to recommend a good router and have it serviced once or twice a year?

    1. Ochib

      Problem is that most home routers are supplied by the ISP and updated by the ISP.

      When I was a Sky customer, i attempted to replace the rebadged netgear router with something a bit more secure. I asked for my ADSL usename/password and was told that they did give that information to the customers as their service would only work with their routers. A few days later there was a report about all the security issues with sky routers.

      1. Scroticus Canis
        Big Brother

        Problem is that most home routers are supplied by the ISP and updated by the ISP.

        Well I have had two firmware updates from BT* this year, last one on the 7th April, now whether that is a good thing or not I have no idea.

        * presumably British Telecom and not Babushka Telecon :)

        1. Anonymous Coward
          Anonymous Coward

          Re: Problem is that most home routers are supplied by the ISP and updated by the ISP.

          Well I have had two firmware updates from BT* this year, last one on the 7th April, now whether that is a good thing or not I have no idea.

          If the router updates are as good as this, then I think I'd be saying "bad thing"

          1. Dz

            Re: Problem is that most home routers are supplied by the ISP and updated by the ISP.

            HP Microserver (1st Gen is fine) + 4 Port 1GB nic + Sophos UTM = Excellent home solution that's updated by Sophos incredibly regularly.

            Sophos UTM Home License can be registered for free. You even get a 12 endpoint Anti-Virus license that works on workstation and server OS types too. Ideal for a home lab with servers or just a home with a few machines. Everything is logged, highly configurable and also has a great IDS. Downside is the learning curve. I.T techies are alright deploying these but home users with web browsing only skills would struggle. Thankfully I fall into the former category. Never looked back since going with UTM though, purely due to the frequency of the updates provided.

            1. This post has been deleted by its author

        2. Anonymous Coward
          Anonymous Coward

          Re: Problem is that most home routers are supplied by the ISP and updated by the ISP.

          "presumably British Telecom and not Babushka Telecon"

          AIUI vKontaktye is pretty much already Babushka Telecom - recipes, knitting, cat videos. The future of Facebook. Or Litsokniga, as it will be renamed once all the compromised routers are activated and take over Western social media.

      2. Anonymous Coward
        Anonymous Coward

        --> When I was a Sky customer

        I used WireShark to extract usename/password.

      3. Archtech Silver badge

        Why?

        "When I was a Sky customer..."

        Well, there's your problem. You have a filthy great digger stuck in your router pipes.

        1. Sir Runcible Spoon Silver badge

          Re: Why?

          I used WireShark to extract usename/password.

          Which pretty much means anyone else can get it too if they really want it.

          Best bet is to shove your own firewall in behind and treat it (the ISP router) like a dirty whore hub. Your connection may get owned, but you should retain control over your inner network and systems.

  14. ScottishYorkshireMan

    What's on at the cinema?

    At this rate The Iron Giant will be getting another cinema tour.

    1. I ain't Spartacus Gold badge
      Happy

      Re: What's on at the cinema?

      Is that what the "Russian state-sponsored cyber actors" will be starring in then?

    2. onefang

      Re: What's on at the cinema?

      Netflix in Australia recently put The Iron Giant back on. Does that count?

    3. Alistair Silver badge
      Coat

      Re: What's on at the cinema?

      The Iron Giant will be getting another cinema tour.

      Ready Player One.

  15. Andy The Hat Silver badge
    Facepalm

    More security required ...

    We should replace control systems where you have to connect to the device using dedicated protocols via a dedicated cli or gui from a physically attached device to something much more sensible ... like a fully accessible web front end on a server so I don't have to get off my arse to manage things ... and nor do those darned Ruskies ...

  16. random_username

    suggestive

    War propaganda? all of it is possible, very suggestive but we haven't seen any proof that Russia is really doing these things. The US on the contrary is doing this for certain, they have backdoors in the big brand routers build-in (guess why they don't like Huawei). The US gov has spy tools build in directly into social networks and and mirrors fiber-optic cables.

    Seems more like projection of the US gov own ills and scaremongering always does well when elections are coming.

  17. MrBoring

    The US and UK cyber spooks found these Russian hackers by also hacking said routers.

  18. Dr. G. Freeman

    I should hope the Russians are poking around our IT gear at the lab.

    Otherwise, why are we paying Andrei and Yulia ?

  19. Chronos Silver badge
    Big Brother

    We have always been at war...

    East Asia, Eurasia, who cares? The important thing is to keep that state of emergency alive and the proles on side. Couple that with laws you can't not break (wipe, re-encrypt the device with a UUID as the passphrase and then slam the poor unfortunate into the jug when they can't decrypt it) and you've a recipe for a very paranoid population who will accept just about anything for a sense of security, however false that may be.

    1. Anonymous Coward
      Anonymous Coward

      Re: We have always been at war...

      The important thing is to keep that state of emergency alive and the proles on side

      I'm really starting to wonder if that's even necessary any more. The government seems to do whatever the hell it likes, when it likes, and sod the logic/reasoning/proof/legality.

      I mean, what are people going to do?

      There is only one solution to the problem of MSM and that is to boycott it. Since the Syrian thing I've started boycotting all MSM sites and I'm not buying any more US made movies. It's a start.

  20. GruntyMcPugh Silver badge

    Didn't the FCC,...

    ... moot banning, or actually ban modding router ROMs? Under the guise that the spectrum being used could be altered, but it's probably so known exploits remain available.

  21. Nimby
    Joke

    Feature Request

    I think I'm just going to add a guestbook feature to my router firmware.

    1. moooooooo

      Re: Feature Request

      ha!! you made me snort my beer! And go back in time - guestbooks hey!!

  22. Crisp
    Coat

    Are Russians taking a proper gander at my router?

    It makes a change from the Chinese.

  23. Michael Habel Silver badge

    You don't say

    >Insert Nicolas Cage Face HERE!

    Next you'll be telling us that the CIA, BND, FBI, GCHQ, and the NSA are somehow missing out of the party. Because The US, Germany, and Great Britan all respect our privacy...

  24. I am the liquor

    network devices are ideal targets because almost all network traffic passes through them

    Almost all... I knew there was a reason I stuck with 10base2.

  25. Anonymous Coward
    Anonymous Coward

    Better security is a must

    Hackers been compromising routers for years. Testing has shown that most consumer grade cable routers are easily hacked. It's time everyone install real security as the situation is beyond ridiculous. There is plenty of useful info online for those who want to secure their systems with quality routers at affordable prices.

    1. Patrician

      Re: Better security is a must

      There may be "quality routers at affordable prices" available but a lot of people have routers supplied by their ISP and are not able to make use of 3rd party equipment.

  26. Archtech Silver badge

    Officially denied, then

    ""FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations..."

    Shouldn't that begin with "FBI believes it is HIGHLY LIKELY..."? I think that is the new officialese for "untrue".

  27. Archtech Silver badge

    Can anyone tell me...

    "FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations..."

    Is there anyone reading this who knows about network thingies?

    Because I would love to hear an explanation of how the FBI discovered

    1. That it was "Russian state-sponsored cyber actors" responsible, rather than a fat guy sitting in his bedroom (as Mr Trump so eloquently put it).

    2. That they were attacking people's routers "to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations..." rather than for any other given reason? Is there some special revealing bit pattern that shows you are planning espionage, extraction of intellectual property (whatever that may be), maintenance of persistent access to "victim networks", or "potentially" laying any kind of foundations?

    Last I heard (when I read "The Cuckoo's Egg" about 30 years ago) most of the US government's computers were pwned - some VAXen still had the credentials "System" and "Manager". So how would they know if any information they get through those systems is right, wrong, not even wrong, or exactly what some unknown black hats want them to think?

    1. Sir Runcible Spoon Silver badge

      Re: Can anyone tell me...

      The only way they could know any of that is if they were watching it on a honeypot. Even then they still have to attribute the source connections - but I'm guessing they just skip that part, probably skip the first part too.

  28. Eclectic Man
    Coat

    TheTTP Project

    At last we know what Dilbert's 'TTP' project was all about:

    Tools, Techniques, and Procedures.

    (From the UK / US advisory on the Russian hacking. I'll get me coat.)

  29. Anonymous Coward
    Anonymous Coward

    Never as it seems

    I remember seeing some mod bods in a router many patches ago.

    Looking closer the norks were in there also.

    ..a few tears ago.

    Quite often the miscreants use these states as their launchpad for criminal activity,so it isnt always state sponsored...

    Yes.paid ruski sites for their dirty wares,not new if you look closely.

    Blaming it on a nation state without very clear evidence is unprofessional.

    Proving it is or isnt state sponsored is not easy,as the miscreants purchased malware and code appears state sponsored.

    Its easy to see the many endpoints for vpn and gre tunnels still planted in ruski country.

    Cut a few off and see blue sky appear....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020