• gregorum@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    10 months ago

    creepy: a buttload of out-of-date routers were infected with chinese malware and unknowingly used as a botnet in a cyberattack

    creepier: the fbi was able to take control of all of the routers and wipe the malware

    creepiest: the router owners were unaware anything had happened

        • shalafi@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          My ISP has never had info on my router, for 20+ years. Was there something in the story I missed about these being ISP issued routers?

          • BakedCatboy@lemmy.ml
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            10 months ago

            Your ISP knows the Mac address of your router since it requests a public IP from them using DHCP. That’s why if you contact support they usually can confirm the brand of your router by doing an oui lookup.

            In theory the FBI could have collected a list of MACs and optionally used an ASN lookup on the public IP and then handed each ISP their list of MACs, which the ISP could associate back to customers to contact. It would only not work for customers who spoof their router WANs ethernet mac.

            But I think just patching it is a normal and fine solution imo.

            • Case@lemmynsfw.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              6 months ago

              Or I mean, Shodan exists. I’m sure the gov has better.

              A theoretical botnet I was looking at on github used shodan to identify possible targets to infect.