Ann Arbor Area Business Monthly
Small Business and the Internet

Reset Your Router

By Mike Gould

June 2018

The wonderful Roto-Rooter machine
      Twists and turns and shaves lines clean
            50-year old jingle

No, no, “Router”, not “Rooter”.

Let's Go! (Sixties Surf Instrumental)       The Routers

Um, better, but I don’t get the connection to surf music. Oh, wait, surf … surfing the Web! That’s the ticket. Man, these tedious tenuous connections to music intros are getting harder to pull off…

Router Doubter
Anyway, the FBI wants you to reset your router. Seriously.

To begin with, do you have a router? If you are not sure, you probably don’t. Most of you are using cable modems provided by Comcast or some other provider, and these aren’t affected. Yet. (Gotta put in that proviso because things change, and usually not for the better…) You have a router if you are running multiple computers connected with ethernet cable, maybe with wirelessness involved. If you have one, it is a black or maybe blue box attached to your cable modem with a bunch of wires in the back of it. I used to run with Linksys routers back when we had cable internet; now we have an AT&T system that talks to cell towers. Long story.

Firing Up The Wayback Machine
Some background: I last wrote about home routers waaaay back in November 2000, URL below. Here’s a bit of text from that article:

[That box that connects your various computers to your cable modem] is called a router (pronounced "rowter", not "rooter"), and its job is to connect one network (the Local Area Network - LAN - made up of your several computers and hub) to another (the Internet)…

So here's the sequence: your multiple Macs, PC's, whatever, connect via their Ethernet connections to a hub, which may be built into the router. …The router then connects to the cable modem (or DSL box), and the cable modem connects you to the Internet.

So why does the FBI want you to reset your little black box? Because Russia. It seems that there is a new malware threat called “VPN Filter”, which can reside in an infected router and provide a backdoor into your network. A malicious Boris Badinov-type of agent, presumably tucked away in the Kremlin somewhere, can use this to:

… render small office and home office routers inoperable," the FBI stated. "The malware can potentially also collect information passing through the router."

The above from a cnet.com article, URL below.

I can just imagine the scenario: “Hah, Natasha, moose and squirrel havink no idea we are hackink into their home systemsk.” But seriously, folks, this is serious biz.

Why Russia? Because the US Justice Dept. believes that hackers, known as the Sofacy Group (AKA Fancy Bear, and a bunch of other silly names), are behind the problem. These are the same people believed to be behind the 2016 hack of the Democratic National Committee, which gathered info to allegedly sway the election. Again, how does the FBI know they are from Russia? Because the servers involved are in Russia. Oh, and the fact that Dutch spies caught them red-handed, even video taping the hackers via their own security cameras. URL below.

Long story short, there is a clear consensus among world computer security analysts that Russians are behind the attacks, and that support for this comes from the highest levels of the Kremlin.

In battling malware on other fronts, indications are that botnets pointing to servers located in Russia are involved, and in fact, the FBI just busted one. The FBI recently announced that it had taken down one such server, which was running a network of hundreds of thousands of compromised routers and other devices.

Remember the good old days when all we had to worry about were Eastern European mafia/gangster hackers? Well, it looks like they all got hired by the Kremlin and are now an arm of the Russian military.

Anyway, back to home routers:

Who is vulnerable?
The affected devices are mostly older models, and there aren’t that many of them out there. Here’s the list of manufacturers and models:

Linksys: E1200, E2500, WRVS4400N
Mikrotik: 1016, 1036, 1072
Netgear: DGN2200, R6400, R7000, R8000, WNR1000, WNR2000
QNAP: TS251, S439 Pro, other QNAP NAS devices running QTS software
TP-Link: R600VPN

If you have one of these, you may already be at the mercy of Post-Soviet shenanigans. The FBI would like to politely suggest that you turn your router off, wait a moment, then turn it back on again, re-booting it. That’s it. Sorta. URL below.

This should disrupt the activities of the malware, if you have it, but to be really safe, you need to do a complete factory reset. This usually involves jabbing a pin into a tiny hole at the base of the unit, usually followed by a software exercise that involves “talking” to your router from your computer. If you go this route, you should also disable remote administration of the device and re-set the admin password. Instructions for this vary – consult your instruction manual (hah), or the website of your device.

What a pain, right? Still, a threat is a threat. I would recommend you check your router and if it is one of the above jobbies, have at it. Or, better, go out and buy a new router that is presumably immune (currently) to this flavor of malfeasance. It will also probably work a bit faster and be more reliable.

Back when I was on cable Internet, I would usually replace my wireless routers every other year or so, just to keep up with the latest tech. And because those old devices tended to die just when I needed them. Or maybe the Russians killed them…

Touting Routers
http://mondodyne.com/b2b/smbiznet.33.shtml

CNET article
https://www.cnet.com/how-to/the-fbi-says-you-should-reboot-your-router-should-you-explainer/

Dutch Spies Catch Russians On Camera

https://nypost.com/2018/01/26/dutch-spies-reportedly-caught-russian-hackers-on-video/

FBI Notification
https://www.ic3.gov/media/2018/180525.aspx

Mike Gould currently doesn’t have a router. He was a mouse wrangler for the U of M for 20 years, runs the MondoDyne Macintosh Training/Photography mega-mall, is a laser artist, directs the Illuminatus Lasers, and welcomes comments addressed to mgould@mondodyne.com.

MonodoDyne <M> The Sound of One Hand Clicking...
734 904 0659
Entire Site © 2018, Mike Gould - All Rights Reserved