The fact that cyber criminals have started to attack internet gateways instead of actual machines shows how technology is evolving, according to one researcher. Steve Santorelli from internet security firm Team Cymru made the claims after his organisation discovered a sizeable network of infiltrated routers stretching right around the world.
More than 300,000 devices were found to be infected, most of which were being used in households and small business premises. This makes it one of the most significant discoveries of its kind, with devices from a variety of manufacturers affected.
Team Cymru said that while the compromised routers were first found in areas of Eastern Europe, the threat had become more prominent in other areas of the continent, with a number of victims also located in Vietnam.
[themecolor]Man-in-the-middle attack[/themecolor]
Once access had been gained, the devices’ internal security settings were changed to remove certain restrictions. The report’s authors explained: “Attackers are altering the DNS configuration on these devices in order to redirect victims DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers, effectively conducting a Man-in-the-middle attack.”
In theory, this would give the attackers more control over the pages their victims are directed to. As yet, though, it’s not clear what the compromised routers will be used for.
While this is the first attack of its kind to be carried out on such a large scale, Mr Santorelli said that it is similar in some ways to another case discovered earlier this year. In February, a network of routers was hijacked by attackers who then sent victims to malicious websites. It is thought that the motive for this scheme was to steal login details from users’ online banking accounts.
Team Cymru said that it has contacted a number of internet service providers (ISPs) and has also been in touch with police about the findings.