If you haven’t got anything better to do this Memorial Day weekend, consider spending time with your home Internet router. Actually, your government needs you to, to help fend off a major international cyberattack.
On Wednesday, the Federal Bureau of Investigation warned consumers to reboot their Internet routers and install new software patches, to fight a nasty new malware attack called VPNFilter that has so far infected about half a million devices in more than 50 countries, including the United States. VPNFilter can be used to steal data, or to order routers to “self-destruct,” knocking thousands of Internet-connected devices offline.
That’s a big ask on the part of the government. While routers are as commonplace as PCs, hardly anybody knows how they work, or how to update their software. Most of us don’t even protect them with passwords, much less know how to log onto a router to download and install software updates. I can’t remember the last time I did, and I enjoy that kind of thing.
There’s no shortcut here: Look up your router’s brand, model and serial numbers, figure out its default password, log onto its internal control software, and download a patch from the company’s website. Easy enough, right?
The FBI, working with the Talos Intelligence Group of networking hardware maker Cisco Systems, has traced the infection to an outlaw group linked to Russia’s military intelligence service — the same bunch blamed for hacking the Democratic National Committee during the 2016 presidential campaign.
The VPNFilter malware is capable of all sorts of harm: It could steal critical files from infected machines, or ravage entire networks, knocking tens of thousands of computers offline.
Talos has been monitoring the spread of the malware for several months and recently spotted a surge in infections in routers in Ukraine, suggesting an imminent attack on the digital infrastructure of that country.
The Ukrainian security services warned VPNFilter could be used to take down the country’s networks ahead of Saturday’s Champions League soccer match between Liverpool and Real Madrid in Kiev, which will draw a worldwide television audience. Such a shutdown would be a massive international humiliation for Ukraine, which has already seen Russia annex a large part of the country in 2014.
The FBI is trying to preempt such an attack by taking down the malware’s control infrastructure. Routers and other devices infected by VPNFilter automatically visit the ominous-sounding Internet address “toknowall.com” to receive attack instructions. The FBI used a court order to seize this Internet address and take it offline. Still, thousands of routers remain infected, including an unknown number in the United States.
The FBI is urging Internet service providers Comcast Corp. and Verizon Communications Inc. and others to check whether their hardware is vulnerable, and work with customers on updating their routers. Routers by Linksys, MikroTik, Netgear, and TP-Link are affected, as are big external hard drives made by a company called Qnap.
Merely rebooting the routers will wipe much of the toxic code from memory. But a portion survives, and it will reinstall the malware when the device powers up. The only sure cure is a software patch for each vulnerable device.
A spokesman for Netgear told me that some of his company’s newer products will handle the update automatically, but other models will not. He said it was up to consumers to master the art of patching their routers.
“This is something people need to learn,” the Netgear guy told me. “It’s a new world.”
So it is. And it won’t stop with routers. One by one, we’re connecting other digital devices to our home networks — audio speakers, thermostats, security systems. Each will need regular software updates if they’re to remain safe. And even if the process takes 15 minutes per device, what happens when that 15 minutes is multiplied by five or 10 or 20 devices?
You know what happens: We get lazy and do nothing, leaving our networks open to thieves and vandals. So unpleasant as it sounds, spend a little quality time with your router this weekend.Hiawatha Bray can be reached at firstname.lastname@example.org.