Router ravaging, crippling code, and why not to p*ss off IT staff

Saturday 14th April 2018 17:19 GMT Anonymous South African Coward

Tsk.

Still boggles my mind that people will try to beat the BOFH... and they get caught.

It is not worth it. Rather walk away, keep your record clean and avoid all sorts of nasty surprises down the line.

10 0 Reply
1. Sunday 15th April 2018 00:46 GMT tfewster
  
  Walk away after making sure someone disables your accounts and remote access.
  
  >As any security professional will tell you it's not outside hacking attacks that make up the bulk of issues, but your own staff.
  
  BS - A recent El Reg article estimated internal issues as 25% of the total, and even that was inflated by inappropriate access, e.g. users accessing celebrities records.
  
  >Kugler pleaded guilty to one count of fraud
  
  Strange that a fraud charge was used, as it doesn't appear that she took money. But maybe it's easier for the courts to handle than hacking charges.
  
  4 0 Reply
  1. Sunday 15th April 2018 18:37 GMT Blockchain commentard
    
    Creating fake user accounts to log on = fraud (by impersonation of people other than herself). I think the US reserves hacking charges to UK citizens !!!!
    
    10 0 Reply
2. Monday 16th April 2018 08:43 GMT Anonymous Coward
  
  Rather ensure that it can't be traced back to you. And that any business you're trying to take down is taken down hard - including all backups etc.
  
  I see such a plan as taking around 2 years to mature (ie ensure that backups are corrupt or at least no longer relevant). By that time they will most likely have other people who are more likely to be blamed too.
  
  AC, natch
  
  1 0 Reply
Saturday 14th April 2018 19:01 GMT macjules

Drupalgeddon

The security team is now aware of automated attacks attempting to compromise Drupal 7 and 8 websites using the vulnerability reported in SA-CORE-2018-002. Due to this, the security team is increasing the security risk score of that issue to 24/25

https://www.drupal.org/psa-2018-002

Basically, if you didn’t patch then why not?

2 1 Reply
1. Sunday 15th April 2018 06:25 GMT Ken Moorhouse
  
  Re: Basically, if you didn’t patch then why not?
  
  My guess would be website designers who promise to get you to the top of google not providing any ongoing means for the end-user to maintain their site.
  
  3 0 Reply
2. Monday 16th April 2018 08:40 GMT Anonymous Coward
  
  Re: Drupalgeddon
  
  Maintenance costs are unappealing.
  
  Repairing after it has been hacked and defaced is a legitimate expenditure.
  
  The fact that the one could have been prevented by the other is irrelevant.
  
  1 0 Reply
Sunday 15th April 2018 08:33 GMT Anonymous Coward

"nasties leveraging vulnerable ......."

What are you? Some kind of reject from Pointy Haired Boss School?

7 0 Reply
1. Sunday 15th April 2018 16:12 GMT Anonymous Coward
  
  Advanced malware infects people's systems
  
  @anon: "What are you? Some kind of reject from Pointy Haired Boss School?"
  
  Not exactly, it's just a violation of elReg editorial policy to mention $THAT->SYSTEM in relation to computer malware. The short version being that if you enable UPnP and use the default password on your router, you can get compromised.
  
  2 0 Reply
Sunday 15th April 2018 16:14 GMT Lee D

"In all, Akamai estimated that around five million routers could be vulnerable to hijacking via UPnP exploits: miscreants can use the flaws to rewrite networking tables, and turn devices into proxy servers. "

Yep. If you didn't know this, you didn't do your research and turned on UPnP because it was "convenient". UPnP is an unauthenticated protocol that allows ANY LOCAL USER to open ANY PORT to the world and direct it to ANY internal machine. Yes, your kids clicking one thing doesn't just break the computer they are on, it can put a permanent port forward of your CIFS/SMB port out to the public Internet for all the see, if it wants.

Most routers have terrible UPnP implementations too, so that it's not just local users, so that settings can persist, so that the user is never aware they're being accessed, etc.

UPnP is, was, and always will be a ridiculous idea for "convenience" when 99.9% of the world doesn't need to open any incoming ports anyway, no, not even for gaming. Only if YOU are hosting the server do you need to do that, and even then with an intermediary server on the Internet, you can still host games with ZERO open ports. Companies are just lazy and ask UPnP to open up port X to the world while you're playing your game rather than deploy even a single intermediary server.

And if you have UPnP on... tell me how the average user is supposed to know what's open, why and when it opens up? Because I've never seen a router that had that level of detail outside of big commercial things. Literally, UPnP is just a trojan horse that can unlock all your network firewall protections in seconds because ANY user asked it to, even unwittingly, from a games console, mobile phone or PC.

3 3 Reply
Sunday 15th April 2018 16:39 GMT OzBob

Works both ways

I left a job in acrimonious circumstances, and made one of the most senior people there in terms of service (the facilities management lady) who could not be bought or intimidated by manglement, watch while my replacement disabled my accounts and changed the root passwords with me in the room (me being on the other side of the room). I also had a copy of the dates, sizes and checksums for all the important config files and libraries, and told manglement I did so (in a secure repository) and that if they falsely attributed my work to any faults, I would hear about it and I would sue. (I had references from others who had already left, and from my replacement who was a stand-up lady). Post-departure was surprisingly quiet in terms of support requests :)

8 0 Reply
Sunday 15th April 2018 21:11 GMT Anonymous Coward

Akamai report flawed.

The report from Akamai regarding UPnP and the list of 400 router models from 73 manufacturers that are hackable is somewhat flawed.

i.e. ASUS 'have not' opened up UPnP to the Internet (it is not supposed to be), therefore I am puzzled what vulnerability has been proven on the listed routers, or has an assumption been made based on other routers without verification. !!!

1 0 Reply
1. Monday 16th April 2018 18:01 GMT Dave Bell
  
  Re: Akamai report flawed.
  
  The Akamai report mentions "Open WRT" with a note that they couldn't tell the version.
  
  Well, it's open source software for any number of different boxen, so maybe the model number is pointless, but it looks a bit odd how they handled it.
  
  On the version I have on my router, UPnP is not enabled by default. It's a bit reckless not to check the Firewall settings.
  
  I suspect that finding whether UPnP is enabled is easier to check than some think, but many users will need some hand-holding while they do the check. And that can start getting expensive.
  
  0 0 Reply
Sunday 15th April 2018 22:33 GMT Mayday

$6k

Doesn't seem a lot by yank standards. They tend to flog people for $50M and demand 25 years in the joint when someone changes a password, modifies a screensaver or makes a PHB's homepage Goatse or Lemonparty.

6 0 Reply
Sunday 15th April 2018 23:21 GMT Anonymous Coward

> the cops, who quickly fingered Kugler and arrested her.

2 0 Reply
1. Monday 16th April 2018 09:05 GMT Prst. V.Jeltz
  
  fnarr fnarr?
  
  Seriously though, If I rang the local plod with a story like that there no way they would quickly apprehend a suspect. Hell , I could ring them and say my garage has been broken into , here's the kid on cctv , unfortunately wearing a balaclava , but we all know its billy from "the estate" and still nothing would happen.
  
  2 0 Reply
  1. Monday 16th April 2018 10:45 GMT Adrian 4
    
    Not fnarr. Port 79.
    
    2 0 Reply