Guarding Your Network Against Russian Hackers

According to the alert, a joint investigation between the Department of Homeland Security, the FBI and the U.K.'s National Cyber Security Centre uncovered evidence that hackers sponsored by the Russian government have been infiltrating numerous devices connected to the internet since at least 2015. The hackers could be using these compromised devices to spy on communications or even plant the seeds for future sabotage of critical systems.

So far, the hackers haven't targeted general purpose personal computers. Instead, the attacks focus on the machines that make communication across the internet possible. That includes routers, switches, firewalls and more. These are the components that guide information to where it needs to go across the internet. By taking over these components, Russian hackers can intercept messages or even pose as a trusted entity in what is called a "man in the middle" attack.

There are a few reasons the hackers chose these specific types of hardware. One is that many organizations rely upon older routers and switches that no longer get security patches and updates or rely upon obsolete protocols. It's a daunting task to upgrade all the elements of a network infrastructure. Some organizations set low priorities for the basic components, like routers and switches, perhaps because they tend to be low maintenance and until there is an outright equipment failure they remain "good enough."

Even routers and other network infrastructure that still gets updated patch support can be vulnerable if the operator (you) fails to change default passwords. Hackers frequently seek out lists of common login and password information used by manufacturers for their products. Many people won't take the extra step to change this default information when they install the hardware on their networks. Changing this password is like locking your front door while you know there are thieves outside who have a key to that lock. The smart thing to do is to change the locks on the door, i.e. change the password.

While there are many things large organizations, hardware manufacturers and Internet Service Providers can do to help mitigate this problem, there are only a few actions the average internet user can take to minimize the chances of being swept up in the attacks. For one thing, the only component you're likely to have direct access to as a consumer is a router. When you purchase a router, always update the default password to a new, strong password that you don't use for anything else.

Another action you should take is to make sure your components, such as your modem and router, have the latest firmware patches. This isn't always easy to do. The Technical Alert urges ISPs to send out messages to customers whenever it becomes necessary to install a software patch on their devices.

Otherwise, there's little the average person can do. The alert recommends that Internet Service Providers change their policies so that the ISP will only support hardware that meets current security standards. If a switch or router isn't capable of accepting a security update, the ISP should no longer support it. For some network administrators, this could mean replacing numerous network components to those capable of following encrypted and authenticated protocols.

While the steps to mitigate the influence Russian hackers could have on internet infrastructure is laborious and potentially expensive, it's also imperative. Hackers could potentially cause enough damage to make the expense of updating networks pale in comparison. From espionage to blackmailing to sabotage, the consequences of allowing hackers to compromise these network components are dire.

In the meantime, make sure your local router and modem passwords aren't set to the default and keep an eye out for emails that urge you to install updates. It could help prevent your network from becoming part of the problem.