DSL Modem Attack in Brazil Impacts Millions 'Perfect Storm' of Incompetence Ars Technica has an interesting read on a new attack that has been exploiting vulnerabilities in multiple varieties of DSL modems, forcing users in Brazil to visit compromised websites in turn leading to the theft of financial information. Researchers say the attack is a "perfect storm" of incompetence courtesy of Brazilian regulators, ISPs and hardware vendors who failed to properly test and confirm modem security across more than six unnamed varieties of DSL modems. Kaspersky Lab Expert Fabio Assolini put it this way in a blog post: "This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems. This enabled the attack to reach network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months."
"The negligence of the manufacturers, the neglect of the ISPs and ignorance of the official government agencies create a 'perfect storm,' enabling cybercriminals to attack at will." The attack has infected more than 4.5 million DSL modems, according to Assolini.
|
  tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3
 ·Comcast
2 edits | Individual networks owners are... .. or should be liable for the misuse of their network and it effect on connected networks ( The Internet, as we know it) whether it's defective hardware or poor management of an open/unprotected WLAN, each user MUST take all reasonable precautions to help protect the rest of the community.
IMHO It would be reasonable for transport providers to begin selective block of traffic from brazil, IF the Brazilian ISP's and Gov't fail to act. | |
|  | kxrm
join:2002-07-18
Fort Worth, TX | Re: Individual networks owners are... said by tshirt:.. or should be liable for the misuse of their network and it effect on connected networks ( The Internet, as we know it) whether it's defective hardware or poor management of an open/unprotected WLAN, each user MUST take all reasonable precautions to help protect the rest of the community.
IMHO It would be reasonable for transport providers to begin selective block of traffic from brazil, IF the Brazilian ISP's and Gov't fail to act.
I respectfully disagree. | |
| | | tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 Reviews:
·Comcast
| Re: Individual networks owners are... said by kxrm: I respectfully disagree.
With what part?
We are a community?
We share common space?
We must take responsibility?
That if we make no effort to self police, others may be forced to take action?
Yes reaching the point where others MUST step in is undesirable.
and yes stepping in, must be done with great care, but bank robbers (electronic or otherwise) have no socially redeeming value. | |
| | | | kxrm
join:2002-07-18
Fort Worth, TX | Re: Individual networks owners are... said by tshirt:said by kxrm: I respectfully disagree.
With what part? We are a community? We share common space? We must take responsibility? That if we make no effort to self police, others may be forced to take action? Yes reaching the point where others MUST step in is undesirable. and yes stepping in, must be done with great care, but bank robbers (electronic or otherwise) have no socially redeeming value. Yes, we must be responsible for what we do with our networks but your scenario plays out that inevitably we can be punished for a mistake in a router configuration. That's crazy. | |
|
| CXM_SplicerLooking at the bigger picturePremium
join:2011-08-11
NYC
kudos:1 Reviews:
 ·Verizon FiOS
| said by tshirt:...or poor management of an open/unprotected WLAN, each user MUST take all reasonable precautions to help protect the rest of the community.
Certainly, then, you would agree that the ISP should dispatch techs for free to assist clueless customers in setting up wireless security? After all, there are millions of routers they installed before wireless security was on the minds of all decent and lawful citizens. | |
| | | tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 Reviews:
·Comcast
| Re: Individual networks owners are... We could always hope, as the ISP level SHOULD be the first line of detection beyond the user.
Unfortunately ISP often choose to ignore the problem rather than tell a paying customer "We're sorry, but we have a problem" and dealing with it as promptly and directly as they should.
Individuals ARE probably interested in fixing it, IF they had notice and careful instruction.
yes there are millions of infected devices now, but if we wait for a 'miracle' or a perfect solution there will be billions tomorrow. | |
| | | | CXM_SplicerLooking at the bigger picturePremium
join:2011-08-11
NYC
kudos:1 Reviews:
·Verizon FiOS
| Re: Individual networks owners are... said by tshirt:yes there are millions of infected devices now, but if we wait for a 'miracle' or a perfect solution there will be billions tomorrow.
I would hardly call the responsible ISP or router manufacturer stepping up to correct their mistake a 'miracle'. Imposing liability on the billed customer as a means of fixing the problem is a backwards and ridiculous step. | |
| | | | | tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 Reviews:
·Comcast
| Re: Individual networks owners are... Well, I'm trying to find a method that engages all the parties involved, it's less about extracting money and more about incentive to fix the problem, sort of like ComCast notification and then walled garden if you fail to act.
Obviousley the modem/router owner would be responsible for any costs. | |
|
|  Woody79_00I run Linux am I still a PC?Premium
join:2004-07-08
united state | said by tshirt:.. or should be liable for the misuse of their network and it effect on connected networks ( The Internet, as we know it) whether it's defective hardware or poor management of an open/unprotected WLAN, each user MUST take all reasonable precautions to help protect the rest of the community.
IMHO It would be reasonable for transport providers to begin selective block of traffic from brazil, IF the Brazilian ISP's and Gov't fail to act.
Thats insane...not only is blocking all traffic from Brazil flatout Censorship that most likely violates Americans Constitutional rights, buts its inpractical as well.
How are American Businesses that do business with companies in that country supposed to do business when using the internet to communicate with branch offices and partners is pretty much essential today. In your scenario you cost companies millions if not billions and lost jobs.
Secondly, its not these users fault there was a firmware flaw in the DSL modems. The manufacturer or the ISP is responsible for updating the firmware on those devices, not the end user.
Under your scenario, the honest, law-abiding, everyday citizen would be punished. It doesn't make practical sense to do that, and censorship of any kind...well im not willing to go down that road.
"I would rather be exposed to the inconveniences attending too much liberty than to those attending too small a degree of it." - Thomas Jefferson | |
|
| | Really? I stopped reading as soon as I saw "Kaspersky"... | |
| |  vpokoPremium
join:2003-07-03
Boston, MA | Re: Really? I stopped as soon as I saw "the". Equally dumb on both our parts. | |
| | | | | |
 ThalerPremium
join:2004-02-02
Los Angeles, CA
kudos:3 | BRBRBRBRBR I was wondering why the quality of online PC gamers has been going up as of late. | |
| | |  KrKHeavy Artillery For The Little GuyPremium
join:2000-01-17
Tulsa, OK | Re: I wonder They are probably affected. | |
| | |
 EndyPremium
join:2003-01-07
Riverside, CA | Didn't this happen before? Didn't something similar happen a year or so ago with a trojan called 'Chuck Norris' that would poke at common default router settings and change the DNS servers to re-route through malicious sites?
»www.enigmasoftware.com/chuck-nor···-modems/
Yeah, that one. | |
|
| |
|
|
·
·
·