- Russian hackers are trying to gain access to Western internet routers and data switches.
- Routers and switches control how you access the internet, and how the internet gets to you. They are found in the kind of Wi-Fi network router box you might have in your own home and the kind of huge corporate networks that link employees’ computers together.
- Cisco has warned customers to disable older versions of its Smart Install products to prevent Russian hacking.
- Russia could use affected devices to launch widescale denial of service attacks that paralyse the internet.
The Russians are hacking into Western internet routers and data switches in order to read all the internet traffic that flows through them, according to an unusual joint announcement from UK and US cyber-security services.
If they are successful – and the UK’s National Cyber Security Centre (NCSC) says they have been – they could be able to see everything you do on the web. Anytime you punch in your Wi-Fi, bank, or social media passwords, hackers can record that information, if your web activity goes through any routers or switchers they have breached.
Routers and switches control how you access the internet, and how the internet gets to you. They are found in the kind of Wi-Fi network router box you might have in your own home and the kind of huge corporate networks that link together employees’ computers with their printers, servers, and data centres. Switches control traffic inside a network, making sure it all goes to the right place. Routers control traffic between networks. If you can see the traffic going through these devices, you can pretty much see everything.
One of the vulnerabilities they’re using is a flaw in older versions of Cisco’s Smart Install product. That software allows network administrators to control their internet switches remotely.
Cisco describes the product this way: “Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. You can ship a switch to a location, place it in the network and power it on with no configuration required on the device.”
The problem is that the Russians can now do that, too.
“Imagine, for example, a massive distributed denial of service attack where the source of the attack was home routers – who would you blame?”
Cisco warns its customers to disable the product after it has been used precisely to prevent this kind of hack. But many people forget, leaving the software in command of the switches:
“Our recommendation for customers not actually using Smart Install is to disable the feature using the no vstack command once setup is complete. … If not properly disabled or secured following setup, Smart Install could allow for the exfiltration and modification of configuration files, among other things, even without the presence of a vulnerability.”
The NCSC warned about Russian spying through routers in August 2017. It said British telecoms and internet service providers had been hacked:
“The NCSC is aware of a number of router compromises in telecommunications companies and Internet Service Providers, where a hostile actor has extracted configuration files from internet facing network devices. The configuration files can contain administrative credentials which may then be used to compromise all traffic passing through the router, and allow the actor to target other devices on the network. They have also gained interactive engineer access to some routers.”
Yesterday’s statement adds that the “hostile actor” is Russia:
“[The] FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.”
The Russians can’t see your internet activity if your communications are encrypted. But so many people use old, insecure network equipment – or just forget to keep its software updated – that there are plenty of holes for online spies to take advantage of.
Worse, Russia could use the devices to launch wide-scale distributed denial-of-service (DDoS) attacks that can paralyse the internet, according to Professor Alan Woodward from the University of Surrey, who spoke to Forbes:
“Imagine, for example, a massive distributed denial of service (DDoS) attack where the source of the attack was home routers – who would you blame?”