back to article FBI to World+Dog: Please, try turning it off and turning it back on

The FBI has reminded the world it wants us to reboot our routers to try and help it identify VPNFilter-affected routers. It first asked for reboots last Wednesday, May 23, in the Department of Justice VPNFilter media release, but on Friday added a stand-alone public service announcement emphasising its "IT Crowd" strategy. …

  1. Ole Juul Silver badge

    but

    Probably not a bad idea, but I'm one of those people who looks at uptime and doesn't step on a crack. Not gonna happen. Besides I don't run proprietary code on my router and I have a feeling that the majority of those that do (barring professional installations) are not going to get this news nor care.

    1. Dave Bell

      Re: but

      It depends on your set-up, particularly your ISP, but one side effect can be to change your IP address. I doubt it will hide whether or not you are in the EU, but I am not sure it's a good idea to be a fixed target.

      I don't think the code in any router/modem is all that reliable, long-term. I don't think it's strictly a memory leak, but something accumulates on mine until performance slumps. And a reboot fixes it. We're talking several weeks of uptime, and there is a downside to frequent reboots, but my system reports over a week of uptime, yet the line has only been up for an hour. Something must have glitched at the ISP.

      So I think you might be a little bit optimistic.

      1. Anonymous Coward
        Anonymous Coward

        Re: Dave Bell

        May not be your end. If a consumer setup, try unplugging the line for a while and plugging back in without rebooting. That will tell you if it is a slow down on the exchange needing a reboot or your router.

      2. Ole Juul Silver badge

        Re: but

        "something accumulates on mine until performance slumps. And a reboot fixes it. "

        It sounds like you're using some crap software there. You might like to try something better. What you're describing is exactly the kind of thing which happens with proprietary software when they just want to push stuff out the door. Get something where the writers actually care.

        And yes, I understand that only serious computer people like you and I will do that kind of thing. Hence my comment that I think that most people won't even hear about this and reboot their routers, let alone take some measure of control of their software.

        So I think you might be a little bit optimistic.

        Well I certainly don't think I'm immune to malware or attacks of any kind. Things are pretty tight here - but never say never. :)

  2. veti Silver badge

    I routinely reboot my router several times a week

    It's by far the easiest way to get the kids off YouTube.

    1. jelabarre59 Silver badge

      Re: I routinely reboot my router several times a week

      It's by far the easiest way to get the kids off YouTube.

      Tried setting up YouTube as a blocked site for my daughter's devices through our Linksys router. Their code is such shit it ends up blocking the entire connection and not just one site.

      Need to seriously figure out the parental controls on the EdgeRouter Lite, so I can finally swap that in it's place.

  3. Blockchain commentard Silver badge

    If the FBI can tie the IP address to Ukrainian government officials and the router has a option to allow state snoops onto private networks...

    1. nagyeger

      If the FBI can tie the IP address to people...

      I hope they're GDPR compliant.

  4. Anonymous South African Coward Silver badge

    *cough*

    how about no? Or have the FBI counterinfected world+dog, and now want a reboot to make it permanent?

  5. Version 1.0 Silver badge
    WTF?

    And they are getting infected how?

    Rebooting doesn't "cure" it, it just restarts the malware and it seems that, even after several months of investigation, they have no clue how it go onto the devices ... so I expect we'll see an updated version of the malware going at it again soon.

    1. Chronos Silver badge
      Devil

      Re: And they are getting infected how?

      Ancient kernel versions infested with binary blobs, uPNP enabled out of the box, web interface with glaring vulnerabilities accessible from the WAN, no SMB egress filtering, backdoors in stock firmware, "telemetry," insecure browsers running malicious js/vb/skiddie-language-du-jour, Windows 10 p2p patches distribution punching holes in the firewall and so on.

      How many more vectors do you need? Consumer IT is one big maelstrom of beta testing, spyware and experiments in Darwinism - and these same TLAs are making it worse by keeping the tasty vulns to themselves for use in projects with twee uppercase names.

      So no, Feds, nobody is buying your "caring" advice.

    2. TechnicalBen Silver badge

      Re: reconnect to host website?

      If the FBI now have the host, does that not mean reboots would let them know where or possibly also where not these are. Not a cure. As cures don't get you more funding, but busy work does.

      1. 9Rune5

        Re: reconnect to host website?

        If the FBI now have the host,

        They have the domain, not the host.

        My guess is that infected routers will have cached the host address. A reboot effectively resets the DNS cache allowing the new A record to be used instead. Not a cure, but might provide a little bit of relief.

  6. G2

    auto-reboot

    my router auto-reboots itself every day at 4 AM... =)

    0 4 * * * sleep 120 && touch /etc/banner && /sbin/reboot

    (the sleep & touch are needed to prevent reboot loops, this way it stores the 04:02 AM time as most recent known timestamp and won't reboot immediately)

  7. Anonymous Coward
    Anonymous Coward

    Ahem.

    "On Thursday, the FBI revealed it had seized a domain associated with the campaign, giving it the chance to drop malware traffic into a sinkhole."

    Did it also arrest itself for making malware?

    1. vtcodger Silver badge

      Re: Ahem.

      "Did it also arrest itself for making malware?"

      No, but it has seized one of it's own cell phones involved in the case, and is seeking help from the vendor in cracking the password.

      1. Yet Another Anonymous coward Silver badge

        Re: Ahem.

        The first rule of counter-espionage is to suspect everyone, Darling. Believe me, I shall be asking myself some pretty searching questions later on.

        1. Paul Crawford Silver badge
          Gimp

          Re: Ahem.

          I shall be asking myself some pretty searching questions later on.

          But will you be taking the rubber truncheon to yourself?

          1. Yet Another Anonymous coward Silver badge

            Re: Ahem.

            But will you be taking the rubber truncheon to yourself?

            Use any method you see fit.

            Personally, I’d recommend you get hold of a cocker spaniel, tie your suspect down on a chair, with a potty on his head, then pop his todger between two floury baps and shout, “Dinnertime, Fido!”

  8. The_Idiot

    Giving in to...

    ... (semi) facetious conspiracy and paranoia - if I'd recently put a new form of back door malware into the wild, _I_ might think asking everyone to reboot the devices I'd infected (to trigger it) was a good idea too (Big Evil Grin).

  9. Blackheart

    If you patch, doesn't it generally involve a reboot anyway?

    1. Yet Another Anonymous coward Silver badge

      Yes, they are asking infected people to reboot to see if the infected machines go to any new C&C server.

      In other words the government agency that protects us from international-ninja-secret-cyber-attack is more interested in seeing who did it than actually stopping it

  10. Kevin McMurtrie Silver badge

    Good luck

    The best way to secure a Cisco/Linksys personal network device is to throw it in the trash and never buy another one. It's not getting fixed.

    1. Yet Another Anonymous coward Silver badge

      Re: Good luck

      Most Linksys personal network device are among the most secure.

      Simply install dd-wrt on them and keep it updated

  11. Anonymous Coward
    Happy

    Two great bits of advice

    FBI Turn off the router and turn it back on again (Reboot the router).

    "Netgear said users should install the latest firmware for their devices, change the default admin password, and turn off remote management;"

    Two great bits of advice

    But can we actually require manufacturers to not provide any password for routers.

    but up instead pop up a Set-Up advisory to set the password before continuing. The worst that can happen is the password is forgotten and they have to reset the router via using a toothpick.

    And do not set remote admin or at least insist on MAC numbers too, that would stop drive by and mass internet attacks.

  12. Anonymous Coward
    Windows

    Cannot switch off java

    In recent day I have visited websites that have bypassed my no java settings in My Firefox browser,

    Ajax and java have run despite My setting java off using a number of config togglers and switches available.

    Looking at the script it was written by bods from MIT, I could not see how it ran in the first instance as js was off, but it then undid/re enabled any settings I had disabled. just in order show a benign but interesting graphic in the browser.

    Running java in my browser can give a hacker a leg up to my system and router.

    As long as this can occur and our browser settings are slowly removed and the user's preference disabled we are going to exacerbate the hacker problem.

  13. sanmigueelbeer Silver badge
    FAIL

    Listen to the FBI, people. The FBI wants to get rid of this nasty piece of Soviet-made software so that the NSA/CIA/FBI/NRA can install their rootkit into your router.

    Listen to the FBI & reboot your router.

    Thank you very much.

    Signed D. Trump

  14. Anonymous Coward
    Anonymous Coward

    March 2017

    Was when the Vault 7 docs were released by Wikileaks. Among the material published were the details of exploits discovered or developed to compromise Mikrotik gear. The router manufacturer responded by releasing updates to counter those threats. Many customers applied those updates before the month was over. A year later, the press, acting as stenographer for the FBI "announces" the same vulnerability. Huh? Oh, that's right: the Vault 7 material was classified, and its release unauthorized, so no US government agency can acknowledge its content. As a result, we now have this independent revelation of these exploits.

  15. oldgreyguy

    why should I?

    I am already secure... I have a Microsoft operating system, a Netgear modem, and Spectrum as my ISP

    What me worry??

  16. jelabarre59 Silver badge

    done regardless

    I have a recent-model Linksys router. I have to reboot it every 2-3 days anyway, even *without* a malware attack. Then again, perhaps their code is almost malware anyway ("mal" as in "malady", which the code definitely suffers from). Crapware would probably be a better description.

  17. Anonymous Coward
    Anonymous Coward

    Here's an easier solution...

    Since this is potentially an issue of national security, they could just initiate a series of rolling blackouts from coast to coast, lasting only a few minutes--long enough to kill the power on every router that isn't plugged into a backup generator, or UPS.

    Anyone that's got their network configured with redundant power, should be wise enough to figure out how to reboot them on their own.

    Sure, it would be kinda weird--but there are too many lazy and/or idiots that don't know what the hell they're doing and forced compliance is clearly the easiest method to get everyone to fall in line.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019