Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Wireless Networking Privacy The Internet

A Mysterious Grey-Hat Is Patching People's Outdated MikroTik Routers (zdnet.com) 74

An anonymous reader quotes a report from ZDNet: A Russian-speaking grey-hat hacker is breaking into people's MikroTik routers and patching devices so they can't be abused by cryptojackers, botnet herders, or other cyber-criminals, ZDNet has learned. The hacker, who goes by the name of Alexey and says he works as a server administrator, claims to have disinfected over 100,000 MikroTik routers already. "I added firewall rules that blocked access to the router from outside the local network," Alexey said. "In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions." But despite adjusting firewall settings for over 100,000 users, Alexey says that only 50 users reached out via Telegram. A few said "thanks," but most were outraged. The vigilante server administrator says he's been only fixing routers that have not been patched by their owners against a MikroTik vulnerability that came to light in late April.
This discussion has been archived. No new comments can be posted.

A Mysterious Grey-Hat Is Patching People's Outdated MikroTik Routers

Comments Filter:
  • by Rick Schumann ( 4662797 ) on Friday October 12, 2018 @04:02PM (#57469142) Journal
    ..but the sysadmin they deserve?
    Regardless, I approve of this. Bravo, Sir.
    • bravo zulu in the navy...not sure what that means...
    • Re: (Score:2, Insightful)

      by Gravis Zero ( 934156 )

      Not the sysadmin they want but the sysadmin they deserve?

      The sysadmin they deserve is Janit0r. Janit0r took devices offline permanently with BrickerBot because people couldn't be bothered to maintain and secure their devices.

    • The Round-Robin Hood...
    • the terrorists screw up the system by fixing things so they work better.

    • In the end, you've had your router hacked - and it probably needs to be reset (or tossed and upgraded).

      So what if the hacker's trying to do the right thing. Would anyone smart trust a random stranger out there "fixing" your router without consent? Wouldn't a black hat just say the same thing - "Fixed your router for you. And oh yeah... you're welcome!" - and slip something malicious in?

      The dude is only accomplishing one thing: Getting even with lazy router owners to help other less lazy owners out. Misguide

      • by djinn6 ( 1868030 ) on Friday October 12, 2018 @08:38PM (#57470118)

        You should reset and update your router anyways. Just because this guy didn't install malware, it doesn't mean nobody else did.

        Besides, if this guy didn't get to you, then you would've never noticed your router is vulnerable and the black hats would've had all the time in the world to do damage. But since he did, at least you know there is a problem and can do something about it.

        • by AmiMoJo ( 196126 )

          Problem is that updates have a cost. I don't mean development, I mean that some percentage of devices will brick. Failed updates, failed flash memory etc. Then some percentage of users will have trouble like a lost configuration that their son or daughter set up and they don't know how to fix.

          As such there is little incentive for manufacturers to advertise the fact that an update is available. As long as it exists they are covered legally, but ideally (for them) no one will actually apply it.

  • they were smart enough to login and see the note but the router was still unpatched? maybe that was the bad guys?
    • by Anonymous Coward

      They can't log in remotely once he put the note there, so no.

    • That was my first thought too, but it could also just be undereducated "power users" who had just lost remote access to their LAN without realizing the security implications of everyone else having access, too.

  • Ah yes, outraged... (Score:2, Informative)

    by Anonymous Coward

    When people can't admit they were morons. They are the ones who ran unsecured hardware and didn't bother patching it. They should be thanking him, he may have prevented many actual scumbags from exploiting their hardware.

    • by TheReaperD ( 937405 ) on Friday October 12, 2018 @06:49PM (#57469770)

      I remember once that I switched a bad security setting with the intention of switching it right back. Well, I forgot to switch it back. Thankfully a guy from 4chan hacked my system and left me a note to fix it without doing any damage. Left him a thank you note. If you're bitching about this, you're an ungrateful asshole.

  • The Hero we need, but do not deserve

  • by Gravis Zero ( 934156 ) on Friday October 12, 2018 @04:26PM (#57469276)

    I'll say it plainly, if you do not maintain your devices then anyone should be free to brick them. The obvious argument is "but it's not yours!" but this disregards that like an unvaccinated child, it puts everyone else at risk. The only alternative to this is to hack the devices so that they permanently DoS the manufacturer and sellers of the device. The situation will not improve until companies are forced to make devices secure.

    • This is like saying if I put my bike in my backyard, go in the house to take a leak and find my bike stolen, it is completely my fault for it being stolen and anyone should be free to steal it. This is BS. There may be many reason why an update was not performed. Two wrongs do not make a right. Making changes to someone's property without their permission is wrong. Period.
    • Re: (Score:3, Insightful)

      by quonset ( 4839537 )

      I'll say it plainly, if you do not maintain your devices then anyone should be free to brick them.

      I'll say it plainly, if you do not lock every single door and bolt down your windows then anyone should be free to steal your stuff.

      I'll say it plainly, if you do not lock your car then anyone should be free to steal it.

      I'll say it plainly, if you do not hold onto your phone every second you are out then anyone should be free to steal it.

      • by epyT-R ( 613989 ) on Friday October 12, 2018 @08:15PM (#57470062)

        Theft is not the same thing as breaking and entering so those are bad analogies. In this case, he fixed the issue you couldn't be bothered to fix for the sake of everyone else. It's still breaking and entering, but more like a neighbor breaking in to shut the gas off before your house destroys the neighborhood. I'd look at it as a favor...then I'd wipe the device and reflash and/or replace as necessary.

        • by AmiMoJo ( 196126 )

          If people understood that they would probably be grateful. Unfortunately there are a lot of tech support scams these days and people are worried about doing their banking and shopping online...

          Not worried enough to really do much about it of course.

      • You make an analogy between physical devices and internet devices. Your analogy is dead wrong. Here is why:

        An internet-connect device has potentially billions of attackers. Billions. Literally anyone, anywhere on the planet, any time. To contrast, someone has to show up to your door, car, phone.

        Furthermore, hacking internet devices can be automated, so ONE attacker can potentially attack ALL the devices on the internet that share that vulnerability.

        So your RISK on your internet connected device so far

  • ... to consider:

    Let's say it takes 30 minutes (being very, very generous here) to do the patch, post the blurb and stuff. Appreciate I'm ignoring the time it takes to locate these puppies.

    100,000 routers X 30 minutes = 3,000,000 router-minutes ÷ 60 = 50,000 router-hours ÷ 24 = 2,083 router-days ÷ 365.25 = 5.7 router-years.

    • Plus you haven't factored in the time it take him/her to drive to where the router is and then somehow sneak in, hook up a laptop and to the fix and then sneak out! ;-)
  • Can the updates run without reboot?

    That is the one part of why they don't get updated the down time.

    • by Anonymous Coward

      RouterOS boots quickly and has failover methods. That stuff is built for ISPs. If you don't have a redundant router that can take over while the other one reboots, you're not serious about avoiding down time anyway.

  • Like if you were "renting/leasing" your router from your ISP and they bricked it as a "favor" for you,

    If you bought your own router:

    1) Disable remote access

    2) Change all the "passwords" you can. Extra points if you can change the admin account to something other than admin.

    3) Get the most recent update from the vendor and apply ir to your device. Repeat step 1 and 2.

    4) Create some local firewall rules, make sure nothing in your network is in an Internet reachable DMZ.

  • by Anonymous Coward

    ... insensitive clod!

  • ...to make a router that was secure against any realistic attack and still offer better throughput than anything being sold today. Reason you don't get that? It costs a little more and has to be modular, not single board.

    People prefer cheap and nasty to quality, every time.

  • by slacka ( 713188 ) on Friday October 12, 2018 @05:35PM (#57469546)

    This is the Right Thing To Do! So many times the Goody Two-Shoes so called "white hats" take out the botnets but rather that do this and patch the hacked machines, they just try to disable the current botnet. And surprise, surprise within a few months all the hacked machines are back in a new botnet, more fault tolerant botnet.

    It's almost like these researchers realize that doing what this unsung hero did would hurt there job security. We should all celebrate this Russian hero. We need more like him.

  • by SuperKendall ( 25149 ) on Friday October 12, 2018 @05:55PM (#57469608)

    I read the article but there was no mention of what the angry replies said... I'd be really curious to find out in what way they were angry, instead of just saying "thanks, but don't do it again".

    It seems like maybe there should be something like statute of limitations, where if an exploit was older than a certain amount it was legal for others to patch it even if it broke systems.

    • by Mistlefoot ( 636417 ) on Friday October 12, 2018 @08:30PM (#57470094)
      They were angry because they were administering networks remotely and all of a sudden were not able to as their access was disabled as well.

      Imagine you are an incompetent IT doing work remotely and you can't access it anymore. So you have your client login locally to enable that feature again and they read that message to you. Now your client knows you are incompetent too. And then when the client refuses to enable access from outside the network you actually have to leave your desk to do the work. Or find a new customer as you have now been replaced.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...