A Russian Hacker Is Breaking Into People’s Routers To Patch An Error And Protect Them From Cybercriminals

[nir]

A Russian hacker calling himself Alexey is taking internet justice into his own hands by hacking into people's routers and fixing an error that makes the tech super accessible to other malicious hackers.
 

A mysterious Russian hacker is apparently out in the open breaking into people’s routers and installing a patch that will better protect them from potential cybercrimes, according to ZDNet.
 

The hacker, who goes by the name “Alexey” online, says he’s a server administrator who’s already broken into and fixed over 100,000 faulty MikroTik routers. Unlike most hackers doing this sort of thing, Alexey is not trying to keep his actions a secret. He’s been vocal and open about it and has posted about his hacking on Russian blogging platforms.
 

He wrote that all he does once he has access to a router is to change their setting to make them less susceptible to future abuses, which he believes represents the use of his hacking powers for good.

“I added firewall rules that blocked access to the router from outside the local network,” Alexey wrote.

“In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions.”
 

Alexey says only 50 users have reached out with questions, with most of them really upset about the incident.
 

The vulnerability that Alexey is after, known as CVE-2018-14847, was an issue with the launch of the router. Despite quickly releasing a patch, hackers still quickly were able to exploit the flaw.
 

CVE-2018-14847 allows hackers to easily bypass authentication settings and lets them download the user files. Hackers then decrypt that file and are then able to log into a remote device, change OS settings and run various scripts. The vulnerability has been used to install hidden cyrptojacking scripts on outdated routers and hijack servers to redirect people to malicious websites.
 

MicroTik happens to be one of today’s most popular brands when it comes to routers, which means about two million people could possibly fall victim to a hack.
 

Troy Mursch, a cybersecurity researcher, told ZDNet that over 420,000 routers show some signs that they’ve been broken into and infected by malicious cryptocurrency-mining software. Similarly, Ankit Anubhav, a security researcher for NewSky Security, told the same publication that the distributed denial of service (DDoS) botnet makers have also attempted to hack these devices into their total control, but seem to have failed so far.

 

“The usual [internet of things] blackhat botnet factory is basically clueless about the exploit, and how it can be deployed for a proper functioning botnet,” Anubhav said.
 

Anubhav revealed that Alexey was able to clean up and reverse the damage to the routers because the initial hackers were sloppy with their work.
 

“The attackers are not closing [device ports] or patching the devices, so anyone who wants to further mess with these routers, can,” Anubhav told ZDNet.
 

Alexey isn’t the first hacker to attempt to take justice into his own hands. In the past few years, good guy hackers, often called white hat hackers, have worked against other hackers with malicious intent, known as black hat hackers, in hopes of minimizing the types of damage they can do according to ZDNet. But after the 2016 election, it’s understandable why people might not like the idea of Russian hackers going through their home technology.

Source

[dMog]

wow...

[knowledge-Spammer]

u see  not all bad guys

[steven36]

A Mysterious Russian Grey Hat Vigilante has patched over 100,000 routers

 

 

Hacking to help – and not everyone appreciates it.

In the interest of keeping things light on a Friday, let’s turn our attention to a fascinating story that was first reported on by ZDNet’s Catalin Cimpanu: a Russian-speaking grey-hat hacker has been breaking into people’s MikroTik routers and patching them so they won’t be exploited by crypto-miners and other kind of digital ne’er-do-wells.

On a Russian blog site, the Russian-speaking Grey Hat, Alexey, boasted that he had already patched over 100,000 MikroTik routers.

“I added firewall rules that blocked access to the router from outside the local network,” Alexey wrote. “In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions.”

Unfortunately, the response has been tepid at best. About 50 people have contacted Alexey, a few to say thank you but most of them were angry at the invasion.

There’s a little bit to unpack here about Hacker hats, the MikroTik vulnerability and the ethics of this kind of activity.

So, let’s hash it out.

What is a Grey Hat Hacker?

When discussing colored hats, there are three that relate to hackers and one that relates to the US president. We’re going to focus on the first three.

 

A White hat hacker is an ethical hacker, typically you see White hats in the context of penetration testing, where they’re looking to break a system or application in order to better secure it. They are indeed hacking, but they’re doing it for ethical reasons. And they typically have authorization to do what they’re doing.

 

A Black hat hacker is on the opposite end of the spectrum, they have malicious intent and are looking to break into and exploit vulnerable systems. Pretty much every major hack that you see in the news is as a result of state-backed hackers or black hat hackers. Depending on who you talk to, those can actually be one in the same, but there is a distinction to be made between a group like Fancy Bear, which is acting maliciously on behalf of a government and a group like Magecart that is acting maliciously in their own self-interest.

 

So, let’s talk about Grey hats. A grey hat hacker lives somewhere in the middle. Generally speaking, they are breaking laws and violating ethics, but their intent isn’t malicious. A good example would be our friend Alexey, who is hacking into MikroTik routers to patch them. It’s a net-positive, but there are some ethical questions created by that kind of conduct. We’ll address that later.

What was wrong with MikroTik routers?

It’s been a bad year for routers in general, but MikroTik specifically had an issue last April (CVE-2018-14847) that allowed attackers to bypass authentication and download the user database file, which can then be decrypted and harvested for usernames and passwords. This gives the attackers the ability to log into remote devices, jigger with OS settings and run scripts.

 

MikroTik, which is a Latvian-based company that specializes in routers and wireless ISP systems, released a patch almost immediately. But when was the last time you patched your router? Seriously.

Knowing full-well that most people wouldn’t install the update, cybercriminals have been having a field day ever since.

The majority of the exploits have involved crypto-jacking, but some attackers have also used the vulnerability to hijack DNS servers and redirect the traffic towards malicious websites.

MikroTik is one of the larger router manufacturers in the world with over 2,000,000 currently in use—so patching 100,000 of them is still only about 5%. However, only about 420,000 have given indications of infection.

One group that hasn’t had much luck with this exploit are botnet herders.

“The usual IoT blackhat botnet factory is basically clueless about the exploit, and how it can be deployed for a proper functioning botnet,” Ankit Anubhav, a security researcher for NewSky Security told ZDNet.

So maybe not every cybercriminal is having a field day.

Is this Ethical?

That’s the million-dollar question and it’s not one that is going to find a consensus anytime soon. Depending on your philosophy about the internet and technology in general, you may look at this as a necessary evil or a complete violation.

 

The reason that Alexey has been able to patch so many routers is that the black hat hackers attacking them are being sloppy.

“The attackers are not closing [device ports] or patching the devices, so anyone who wants to further mess with these routers, can,” Anubhav told ZDNet.

This kind of activity is nothing new, in fact Cimpanu even lists a number of notable grey-hat events.

 

• 2014 – A grey hat hacks thousands of Asus routers and planted text warnings about files that were left exposed and reminding users to patch.
• 2015 – A group of grey hats, ironically called the White team, releases a piece of malware that closes security holes in several models of Linux routers.
• 2017 – A grey hat releases a piece of malware that punishes people for not patching their IOT devices by either deleting firmware or bricking them.
• 2017 – A grey hat makes over 150,000 printers print a message to their owners about the dangers of leaving your printer exposed online.
• 2018 – Another grey hat renames thousands of MikroTik and Ubiquiti routers “HACKED” to scare their owners into updating them.

So is grey hat hacking ethical? Again, it depends on your outlook, but from the standpoint of legality, Alexey isn’t exactly abiding the law. It’s illegal to access someone else’s computer or devices without authorization. And while Eastern Europe and Russia may have a more relaxed attitude about this kind of activity, there are plenty of cases in the US where antiquated laws and overzealous prosecutors have thrown the book at someone for activity far more trivial than this. This is almost the equivalent of breaking into someone’s house to fix their deadbolts and alarm system. Thanks, but you broke into my house.

 

So, ethical? Maybe. Legal? Definitely not.

 

Source