Hackers Took Over My Router and I Had NO Clue.
Graphic artist was victim of DNSChanger virus. Are you safe?
We're all aware that hackers can do something to our computers through a network virus. But did you know they can attack your router—the key to directing all your Internet activity? More than that, they can do it in a such a sneaky way that you have no clue it's happened.
That's what happened to Steve, an accomplished website designer and graphic artist, who gave his exclusive story to WhatIsMyIPaddres.com recently (June 1017).
Steve is a successful, independent graphic designer in Southern California, and he has always seen himself as being fairly computer savvy. "I make my living on my computer and I interact with my clients almost exclusively over the Internet. I count on being able to have a safe and fast Internet connection around the clock."
And until recently, he'd never had any reason to think anything could be wrong.
Like most computer users—and most likely like you—Steve fired up computer every day, surfed the Internet and did his work without a worry.
So, when he received an email from his ISP (Internet Service Provider) to tell him his router or computer might be compromised by a virus called DNSChanger, his blood ran cold. Was this true, or was this just a hacker's trick to get him to click on an infected website? Afterall, he was on a Mac, and Mac's usually aren't susceptible to viruses like PCs are, he thought.
There was no reason to think anything was wrong, so he was skeptical at first.
"I wanted to be sure."
"I've read a lot of articles on WhatIsMyIPaddress.com about hackers and online hoaxes. I take a close look at any message before I just click," Steve explains. "I'm also very cautious about hackers and viruses, and I'm careful about what websites I visit and try to keep my anti-virus programs up to date."
To his point, hackers often use scary tactics to get computer users to click on ads and links. Usually, they use pop-up ads that say "your computer has been infected" or similar messages.
But this time it was different. This alert came to his email address and by all appearances it seemed to be from his Internet Service Provider (ISP).
So, this time around, Steve paid attention.
The bad news. His router had indeed been infected!
As it turns out, the email was 100% legitimate—his ISP had indeed detected network activity that indicated his router might have been infected with a well-known virus known as DNS changer. Steve knew he couldn't dismiss this seemingly legitimately warning without taking a closer look. As it turns out, he's glad he did.
"Hey guys...is this real?"
Fortunately, one of Steve's clients runs the website, WhatIsMyIPaddress.com, so that's who Steve reached out to first.
"I forwarded him the email I received from my ISP and asked his opinion. I'm glad I did, because with his help, I found out that my router had been compromised. Hackers had changed my router's settings and I had absolutely NO clue! I came to learn that they had hacked into my router using a virus called DNSChanger. I'd never heard of it".
What happened to his router?
Imagine calling your best friend on your cellphone, but reaching another telephone number instead, maybe one that rings up charges. The DNSChanger can do a similar thing when you search for a website from your browser.
Steve had absolutely NO idea that every time he requested to visit a website through his browser, his request wasn't going through "normal" channels, as it had before. The DNS settings his ISP had chosen for him and been changed. The hackers were now in control.
"You hear all the time that we need to avoid websites that might infect our computer with a virus or launch serious malware. The DNSChanger virus was set up to direct unsuspecting users to those dangerous sites!
He didn't know it and for a while neither did his ISP.
What damage can DNSChanger do?
Steve realizes the potential danger his hacked router put him in. "It's frightening to think what could happen if I interacted on an infected website or some bogus, mirrored site to extract personal details, usernames, passwords, etc.. I just hope that I didn't get tricked into going to those sites. And the scary thing is that I would never know."
Is your router compromised? You need to find out!
Like Steve, you may be using a computer with a compromised router and not be aware. So, how do you go about finding out?
You'll need to do some research into your router's settings as well as find out if there have been any reported hacks to your specific router model.
Read more about this topic.
You can also read the next article in this series that goes over the steps involved with checking your router settings and changing them if you need to.
Also, read our related article about setting up a new password for your router, which, as Steve found out, was at the heart of his problem.
"During the 'fix it' process, I discovered that I had never changed the default username and password for my router," Steve admits, adding he'd also never checked for firmware updates for his router from his manufacturer either. Both of those mistakes are corrected now."