Hacked routers used for paid DDoS attacks

The rent-a-DDoS service that knocked out Xbox Live and Playstation Network is powered by thousands of hacked residential internet routers, according to security journalist Brian Krebs.

The hacking group Lizard Squad has been using unsecured routers with unchanged passwords to build its own network of stresser bots that can be uses to take down sites with excessive fake traffic.

“As it turns out, that service draws on Internet bandwidth from hacked home Internet routers around the globe that are protected by little more than factory-default usernames and passwords,” Krebs explained on his blog.

According to The Guardian, the malware has also targeted commercial routers at companies and universities too, and worse uses infected systems to look for other routers to add to its arsenal. Krebs states, “in addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as ‘admin/admin,’ or ‘root/12345’. In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.”

Lizard Squad quickly claimed credit for the attacks that took out the Xbox Live and Playstation Network gaming services over Christmas, and it was later revealed that the high-profile hits were an elaborate commercial for the group’s dedicated service, allowing customers to take down sites of their choosing by paying for DDoS attacks.

For information on how to keep yourself safe from this, and similar attacks, read the comprehensive We Live Security guide on protecting your router.

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.