FBI: reset wifi router?

**John K Jordan** · 05-28-2018, 10:17 PM

Does anyone know the details about this? I heard on the news and found some reports suggesting everyone turn cycle the power to their WiFi router to reset it.

https://www.nytimes.com/2018/05/27/t...t-malware.html

Tthis article says it's only a temporary fix.

JKJ

**Bruce Page** · 05-28-2018, 11:27 PM

I saw it on NBC nightly news tonight. I have it set so my router turns off when I shut down my PC. I do not have (or want) a smart home..

**David Bassett** · 05-28-2018, 11:44 PM

Originally Posted by John K Jordan

Does anyone know the details about this? ...

The way I understood the article I read was the (Russian Botnet) Infection doesn't do anything bad on its own. It looks in specific places for instructions, which had been telling it to do bad things, and the FBI has taken those places offline or seized them and "fixed" them to not provide instructions. Reseting your router causes it to have to refetch instructions and it is rendered harmless. Of course, it is still infected and your manufacturer should provide upgraded firmware, and... we can all guess how likely that'll happen soon is.

**Jim Koepke** · 05-29-2018, 1:51 AM

Of course, it is still infected and your manufacturer should provide upgraded firmware, and... we can all guess how likely that'll happen soon is.

The manufacturers and ISPs will get on it right after the government gets its head out of the sand and gets concerned about a foreign adversary hijacking our communications system. Though sometimes it seems their heads are not in the sand but some where the sun don't shine.

jtk

**Curt Harms** · 05-29-2018, 7:24 AM

The lack of security updates for out-of-production communications gear is a concern. Android phones, especially the low end models have a similar issue, they may get one or two updates and that's it. I have DD-WRT on my WiFi router and that gets updates ever couple months.

**Mark Blatter** · 05-29-2018, 7:53 AM

Originally Posted by Curt Harms

The lack of security updates for out-of-production communications gear is a concern. Android phones, especially the low end models have a similar issue, they may get one or two updates and that's it. I have DD-WRT on my WiFi router and that gets updates ever couple months.

So the best solution may be to just buy a new router. Wait, are we sure it is the Russians behind this thing and not router manufacturers? Oh heavens, of course not. Companies would not indulge in that sort of behavior just to make a few billions bucks.

OK, time to put the tinfoil hat back on.

**Jim Becker** · 05-29-2018, 9:35 AM

This doesn't affect all routers, but doing a restart is supposed to clear the risk because the FBI took over the target site for the malicious code. It only takes a few moments to do that. The Actiontec that serves as my edge router/firewall for FiOS isn't affected, but I still did the reboot as a best practice.

**glenn bradley** · 05-29-2018, 10:08 AM

The FBI has been tracking Russian groups and others for years. How would you like to have one of those jobs? Sit at a computer and run orchestrated cyber-attacks 24 x 7. Sheesh. The university got a nice letter from the FBI with some of our credentials in it stating that we might want to button up those machines. In the university environment you are trying to police 20,000+ people who are quite bright but, not necessarily computer savvy . . . unsecured servers under people's desks and all that. I fondly remember when the internet wasn't a toilet.

**Carlos Alvarez** · 05-29-2018, 1:57 PM

And people, please, change the passwords and keys on your new routers. Don't leave things default. I did an interview for a local TV station showing how many networks were visible in my area with a handmade extended antenna, and how many I could access with simple/default credentials. Then when they aired it people called the station asking what to do instead of calling their computer person or looking online. Sheesh.

**Jim Becker** · 05-29-2018, 2:56 PM

Originally Posted by Bruce Page

I saw it on NBC nightly news tonight. I have it set so my router turns off when I shut down my PC. I do not have (or want) a smart home..

This doesn't really "protect" you from as much as you think it might. Yes, nobody can do anything nefarious when it's off line, but the kind of mischief that goes on happens very fast...with or without compromised code. Strong passwords that are unique from others is a best practice and changing them from time to time is a good idea, even when your connection isn't constant.

**Carlos Alvarez** · 05-29-2018, 3:07 PM

Yeah, turning off the network is useless as a security measure. I mean, ok, so the attackable time is shorter, but these attacks are automated and constantly scouring the internet. If you have a vulnerable device, it will happen. My servers see around 27,000 attacks per day, each.

**Simon MacGowen** · 05-29-2018, 3:14 PM

Originally Posted by glenn bradley

The FBI has been tracking Russian groups and others for years. How would you like to have one of those jobs? Sit at a computer and run orchestrated cyber-attacks 24 x 7. Sheesh. The university got a nice letter from the FBI with some of our credentials in it stating that we might want to button up those machines. In the university environment you are trying to police 20,000+ people who are quite bright but, not necessarily computer savvy . . . unsecured servers under people's desks and all that. I fondly remember when the internet wasn't a toilet.

For the record, some universities themselves have been victims of ransomware!

I don't who is safe and who is not these days. The scariest one is not the hack, no matter how many people or accounts are affected by it, that is known, but the one that has not been discovered.

Simon

**Carlos Alvarez** · 05-29-2018, 3:29 PM

About a year ago I discovered an exposed folder full of Excel files containing all the personal info for several hundred thousand mortgage applicants. Calling the company to notify them was way harder than it should have been, as they mostly wanted to treat me like a customer and the salespeople probably thought I was pranking. Finally I searched Linkedin for their head of legal, called him, and told his secretary that I was looking at HER mortgage application info on the public internet so he might wanna talk to me. He didn't, but instantly put me through to the CIO/CSO. I was able to find an employee and a friend within the info.

All it takes is one moron to click "share with anyone" on a unified internal/web server like MS Sharepoint. What a dangerous and awful product.

**Curt Harms** · 05-30-2018, 6:15 AM

Originally Posted by Jim Becker

This doesn't affect all routers, but doing a restart is supposed to clear the risk because the FBI took over the target site for the malicious code. It only takes a few moments to do that. The Actiontec that serves as my edge router/firewall for FiOS isn't affected, but I still did the reboot as a best practice.

It's too bad that routers don't commonly support automated periodic reboots. I don't think they do though I don't have a recent vintage device. DD-WRT does, I can schedule that router to reboot at a time that is not disruptive and can select how often it reboots. In theory I guess a router should never have to be rebooted but .... yeah.

**Jim Becker** · 05-30-2018, 9:05 AM

Curt, occasional reboot of a router isn't a horrible thing just for practical reasons. It cleans up some stuff that hangs on and builds up like any other computing device. Routers are computers at the heart and a good kick in the pants is warranted once in awhile just like any other computer...even computers that are inherently stable over longer periods of time.

Thread: FBI: reset wifi router?

Thread Tools

Rate This Thread

Display

FBI: reset wifi router?

Posting Permissions