That’s basically how the Sasser worm came to be. A hacker found a buffer overflow in the LSASS service, used that to replicate and then shut down the vulnerable service. But apparently he failed to account for Windows shutting down when LSASS was stopped, leading to a bootloop.
In the end it lead to massive damages when it actually was supposed to be a cure.
gregorum@lemm.ee 9 months ago
creepy: a buttload of out-of-date routers were infected with chinese malware and unknowingly used in as a bot network in a cyberattack
creepier: the fbi was able to take control of all of the routers and wipe the malware
creepiest: the router owners were unaware anything had happened
cmnybo@discuss.tchncs.de 9 months ago
I’m curious as to whether the router manufacturer included a back door or if the FBI used the same exploit that was used to infect the routers in the first place.
gregorum@lemm.ee 9 months ago
probably the latter, since all of these routers were unpatched, out-of-date routers, and that’s how they were exploited in the first place.
phx@lemmy.ca 9 months ago
It’s not entirely uncommon for the latter to happen. Some greyhats have done similar things to clear out botnets in the past. It still counts as unauthorized access to a system though so most avoid doing so even if the intended result is beneficial
Dead_or_Alive@lemmy.world 9 months ago
The U.S. has a very robust hacking capability, we just don’t advertise it and we concentrate on shutting down or infiltrating critical infrastructure in times of war or espionage.
Instead of hacking China to steal industrial secrets, we hack them to see if we could say open or close all the floodgates at the 3 Gorges Damn… China hacks us to steal state and industrial secrets, though they are now starting to focus on infrastructure.
mlg@lemmy.world 9 months ago
I would assume they used the same exploit as the botnet because only the NSA gets to use the fancy secret backdoors and secret list of vulnerabilities.
Unless the routers were also managed by ISPs in which case they might have just had builtin remote access/remote commands
gregorum@lemm.ee 9 months ago
if the routers were managed by ISPs, the ISPs would have kept them up-to-date. these were not home users, but small business users, and a standard service contract would have covered that sort of thing. considering the issue was so widespread and over several different ISPs and different devices, the most likely explanation is that they were owned and managed by the user.
HeartyBeast@kbin.social 9 months ago
How would you like the router owners to have been alerted?
Darkassassin07@lemmy.ca 9 months ago
Perhaps via the contact information they provided to their ISP?
NeoNachtwaechter@lemmy.world 9 months ago
By two men in black showing up at their doors, of course.
:-)
VampyreOfNazareth@lemm.ee 9 months ago
That’s very creepy
MonkderZweite@feddit.ch 9 months ago
“Computer Sabotage” crime in Germany, no?