The Learning Center
Home  »  Learn  »  Hackers and Hoaxes  »  Router Hacking

Hackers are Targeting Routers
Is Yours at Risk? Better find out.

 Share the knowledge!

Usually hackers are just content to mess up our lives by infiltrating a network and disrupting business. Typically, they find their way into our networks or computers to do their trickery.

Recently they've decided to change things up by taking over a home or business's router, the veritable heart of any home's our business's wired or wireless network. They're having success at hacking routers because they happen to know which models of select router brands have vulnerabilities that can be exploited.

And hackers are not shy about exploiting those weak spots. So, it's very important for you to be aware of the latest developments so you might be able to avoid the danger.

Who thinks about their router? Not many of us.

In short, you should learn about your router's security features and investigate whether your router's firmware (internal software) needs a security update. You should also find out what the password is for updating and managing your router. Yes...there is one, and few people know about it.

This is what hackers are counting on.

This unusual hacker attack has a few twists and turns, so you may want to visit our Learning Center to fill in any knowledge gaps you might come across, which features easy-to-read articles on routers, DNS, and several other terms touched upon in this article.

Alluring ads to lure you in.

The goal of this hack is for hackers to steal valuable ad traffic from large web ad agencies with names like Propellerads, Popcash and Taboola, and redirect it instead to sites called Fogzy and TrafficBroker.

It's large scale ad theft. Online advertisers who pay for services to post an ad get swindled when hackers step in and steal their traffic.

And to pull off the online heist, hackers are using you and your router. Without you being aware of it.

DNS Changer attack.

This manipulation is being called a DNS Changer attack vector. (DNS stands for Domain Name System, a networking/Internet process that takes you to websites you want to visit.) The hackers place a small but disruptive piece of malicious software inside your router.

It happens in two primary stages, both involving you clicking on images or ads:

  • You visit a webpage, perhaps one that you visit often and never worry about. On that page one day there may be a new ad that you choose to click on.

    What you don't know is that ad was placed, legitimately, by a hacker group; the ad has a malicious code imbedded in it that may wind up in your router if you click on it. Once the malware is secretly "installed," all devices connected to the router are redirected to less legitimate ad agencies—connections generally not secured and might let viruses slip through.

    You should not have seen either the website or the ads but because somewhere along the way, a hacker rerouted your request, you got pulled into the old "switcheroo."
  • So, the next time you key-in a web destination on your Internet browser, instead of going there, you will be redirected to a totally different webpage. On the false webpage—the one the hacker directed you to—there are even more ads that may contain the hacker's second-level payload...the more-dangerous router malware.

First stage. Targeting you by IP address.

The ads/images in the first stage of the DNSChanger exploit are there to look at IP addresses, casting a net to see if it fits into the group of potential router targets. Security experts say that the first round of malicious ads are hosted in waves for a few days at a time, on legitimate ad networks and displayed on ordinary, and otherwise safe websites.

If this first phase identifies a target router, the attack continues. The router is redirected to a webpage and this time, when a certain image is clicked on by the unsuspecting user, malware is unleashed into the router to exploit weak security. And if you and your router fit a specific profile, you're in danger.

Second stage. Targeting you by router type, profile.

The malware that's on the deceptive websites hoping for one of two situations:

  1. That you're using one of many routers which has "out-of-date" firmware.
  2. Your router has easy-to-break security due to either weak or, even worse, default administrative password—meaning you kept the password your router came with and never bothered to update it. To seasoned hackers, that's along the lines of using the word "password" as a password.

According to security information websites, hackers and attackers are zeroing in on 165 router models that are vulnerable routers—vulnerable because the manufacturer has not updated the routers' internal "firmware" or made it more secure. Hackers keep up to date on this type of news and share it with other hackers.

Somewhere online there's likely a comprehensive list of all the makes and models; most sites will say that D-Link DSL-2740R, Netgear WNDR3400v3 (plus related models), and Netgear R6200 can all be susceptible to attack. (Apple's routers, so far, haven't been exploited with the DNSChanger attack).

With all that's going on today, DNS Changer and beyond, maybe this is a good time to research your router and find out if it's vulnerable...before the hackers do

Related Articles

Facebook Google+ Twitter