Hackers May Use Home Routers for DDoS AttacksAdded: Thursday, February 5th, 2015
Category: About Torrents > Staying Safe And Secure
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, www.extratorrent.cc, 2015
According to security experts, the well-known hacking group Lizard Squad may have been using hacked home routers in order to run its LizardStresser service. The latter helps launch DDoS attacks to take online portals offline. The hackers started their LizardStresser a few weeks ago, shortly after their own attacks affected Sony’s PlayStation Network and Microsoft’s Xbox Live services over Christmas.
The LizardStresser online service charges anyone between $6 and $500 to start their own attacks against any websites and services they want. The high-profile console attacks work as a large marketing scheme for the hackers’ commercial ambitions.
The industry experts believe that LizardStresser can run because many Internet users don’t change their default passwords on home routers. Apparently, the service draws on the bandwidth from the cracked home routers all over the world, because many of them are not protected by anything else except for factory-default usernames and passwords.
The security researchers point out that the malware used by the hackers with the purpose to build its network of “stresser bots” has been operating for about a year now, and is able to affect commercial routers at educational institutions and businesses, let alone households.
In the meantime, the security experts point out that aside from turning the infected host into attack zombies, the malware uses the infected system to scan the web for other devices that could allow access through the default credentials, like “admin/admin” or “login/password”. In other words, all infected hosts keep trying to spread the malware to other home Internet routers and other devices that are able to accept incoming connections (through telnet) with default settings.
A group of the researchers who desired to remain unnamed is currently cooperating with the law enforcement officials and Internet service providers in order to help take infected systems down. Their ultimate goal is to disrupt the LizardStresser botnet entirely.
While they are on their way to achieve their goal, all Internet users are recommended to make sure they changed the default credentials on their home broadband router, such as the username and password. In addition, it will appear useful to also encrypt the connection in case of using a wireless router.
February 5th, 2015Posted by:
Thursday, February 5th, 2015
|posted by (2015-02-05 17:01:37)|
|I hack my next door neighbour router, and I sleep very well at night.|
|#4 its quite easy to access and change router settings and even lock out the user if they are not password protected and on close inspection there will be a log of your IP address and your connection to it should they call in the police,such practice has been used for years by many,many people as have other exploits using air crack and air snort etc,what is happening in this exploit is that they access via telnet and do it old skool in a way most are not aware of using Malware which is not trackable to them enslaving computers and routers which are then given a command to attack other services and sites which would be very effective unless they had a server with a java backend.A very interesting piece and a clever exploit,although 500 dollars is a large amount to DDOS any site as most Bot networks can be employed for around 100 dollars.Personally I have a Hub from my ISP which I use in Modem mode only and it is password and user named as well as a personal router attached also pass worded and user named so double redundancy,also have an encrypted HDD with LUKS and port forwarded router settings etc,etc and still not as secure as I would like.#4 you may have packet flood protection in your router but does your system have telnet capabilities as almost all systems do,if the answer is yes I would`nt be so confident you are not already working for a botmaster and not even aware of it. (:^D)|
|#3 your Arris may have packet flooding protection (DDOS protection)but it does not make you invulnerable when attacked via telnet through your computer in the first instance to access your router,the haxors do not wish to DDOS your router but to enslave it and make it work for them. (:^D)|
|Thanks for the read|
|They already hacked my wifi and are doing some sort of crazy pirating stuff lol|
|posted by (2015-02-06 04:31:52)|
|Home routers have it's on event log status so you can see when it's disconnected and why.. most broadband technician can figure it out what it going on and fixing it very easy if nothing happen to the router of course and I thing with never have an attack so what can others do to your routers without you know...|
|posted by (2015-02-06 05:33:24)|
|of course nobody use factory default id and password to have wireless router with devices and if some used my router what they can do? just surf online what it a trick like e-mail scams trying to log in paypal by malicious ip addresses or Syria's, or Kuwait business man's need you for business etc.. so wpa2 can be safe for any device etc.. this Sam article can do more of what we know about routers so minds work how to protect more...|
|posted by (2015-02-06 06:30:10)|
|ok so im sure you guys know this already but most routers actually have a sort of backdoorish username and password that doesnt include the user and pass you type into to access the router and can change easily.|
this password is meant to only be for technicians, but 5min on google and you can find most routers have this.
also a cheap ass router from TELSTRA has the option to turn various services off and block them, TELNET is one of them. FYI #6 and #10.
also most routers these days operate silenty and are invisible to sniffers the only chance of you getting done is if someone has local access to your network/pc (wireless being incredibly easy to crack no matter what security protocol you use, it can be done) or if you give away your ip or hostname by visiting a site owned, operated or in league with someone wanting to hack you.
in conclusion fork out a few dollars a year and get a vpn, be sure to wipe your drive and reinstall before hand.
Most Popular Stories