A mysterious Russian hacker is apparently out in the open breaking into people’s routers and installing a patch that will better protect them from potential cybercrimes, according to ZDNet.
The hacker, who goes by the name “Alexey” online, says he’s a server administrator who’s already broken into and fixed over 100,000 faulty MikroTik routers. Unlike most hackers doing this sort of thing, Alexey is not trying to keep his actions a secret. He’s been vocal and open about it and has posted about his hacking on Russian blogging platforms.
He wrote that all he does once he has access to a router is to change their setting to make them less susceptible to future abuses, which he believes represents the use of his hacking powers for good.
“I added firewall rules that blocked access to the router from outside the local network,” Alexey wrote.
“In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions.”
Alexey says only 50 users have reached out with questions, with most of them really upset about the incident.
The vulnerability that Alexey is after, known as CVE-2018-14847, was an issue with the launch of the router. Despite quickly releasing a patch, hackers still quickly were able to exploit the flaw.
CVE-2018-14847 allows hackers to easily bypass authentication settings and lets them download the user files. Hackers then decrypt that file and are then able to log into a remote device, change OS settings and run various scripts. The vulnerability has been used to install hidden cyrptojacking scripts on outdated routers and hijack servers to redirect people to malicious websites.
MicroTik happens to be one of today’s most popular brands when it comes to routers, which means about two million people could possibly fall victim to a hack.
Troy Mursch, a cybersecurity researcher, told ZDNet that over 420,000 routers show some signs that they’ve been broken into and infected by malicious cryptocurrency-mining software. Similarly, Ankit Anubhav, a security researcher for NewSky Security, told the same publication that the distributed denial of service (DDoS) botnet makers have also attempted to hack these devices into their total control, but seem to have failed so far.
“The usual [internet of things] blackhat botnet factory is basically clueless about the exploit, and how it can be deployed for a proper functioning botnet,” Anubhav said.
Anubhav revealed that Alexey was able to clean up and reverse the damage to the routers because the initial hackers were sloppy with their work.
“The attackers are not closing [device ports] or patching the devices, so anyone who wants to further mess with these routers, can,” Anubhav told ZDNet.
Alexey isn’t the first hacker to attempt to take justice into his own hands. In the past few years, good guy hackers, often called white hat hackers, have worked against other hackers with malicious intent, known as black hat hackers, in hopes of minimizing the types of damage they can do according to ZDNet. But after the 2016 election, it’s understandable why people might not like the idea of Russian hackers going through their home technology.