Russians Hacking Routers in the US and UK, Officials Warn
U.S. and U.K. government officials are warning of ongoing cyberattacks carried out by Russian hackers using the vulnerabilities of internet routers, switches and other network devices belonging to government organizations, critical infrastructure providers, internet service providers, businesses and consumers.
In a rare joint alert released April 16, the Department of Homeland Security, the Federal Bureau of Investigation and the United Kingdom’s National Cyber Security Centre say that since 2015, cyber actors sponsored by the Russian government have exploited security weaknesses in routers for the purposes of espionage, intellectual property theft and access in order to wage future attacks.
“The current state of U.S. network devices—coupled with a Russian government campaign to exploit these devices—threatens the safety, security, and economic well-being of the United States,” the alert states.
Ciaran Martin, chief executive of the U.K.’s National Cyber Security Center, said the hackers have targeted millions of devices in both countries, according to the New York Times.
Instead of individually targeting devices, Russian cyber actors cast a wide net, spanning several networks, to identify routers with forward-facing vulnerabilities, such as generic, default passwords or outdated security protections.
Because these devices monitor and transmit internet data, a hacker that compromises them could effectively control a victim’s internet traffic.
If your router – or any internet-connected device – comes with a generic password, experts recommend changing it to a strong, unique password. Likewise, if your router is more than five years old, it might be a good idea to purchase a more modern one with better built-in security protections, or firmware.
Joining us to discuss the joint tech alert and ways to further protect your internet devices from hacking are web developer Derek Eder, founder of the civic data company DataMade; and Mike Petitti, vice president of cyber security solutions at Uptake, a data analytics company.
Follow Evan Garcia on Twitter: @EvanRGarcia