Turn your router off now, says FBI after Russian malware discovered taking over the internet

Switching off and back on should disrupt the malware and help identify infected devices

Andrew Griffin
Monday 28 May 2018 13:59 BST
Comments
FBI asks people to turn their routers off after Russian malware detected

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

People should turn their routers off and back on again to help halt the spread of a dangerous piece of Russian malware, the FBI has said.

The software has infected hundreds of thousands of devices. It could use that army of routers under its control to collect information by reading people's internet activity, or to shut down their internet entirely.

Turning off the routers and then switching them back again – as well as updating the devices and ensuring that passwords are safe – could not only fix the problem but also allow authorities to track down where the problem has spread.

The warning followed a court order Wednesday that allowed the FBI to seize a website that the hackers planned to use to give instructions to the routers. Though that cut off malicious communications, it still left the routers infected, and Friday's warning was aimed at cleaning up those machines.

Infections were detected in more than 50 countries, though the primary target for further actions was probably Ukraine, the site of many recent infections and a longtime cyberwarfare battleground.

In obtaining the court order, the Justice Department said the hackers involved were in a group called Sofacy that answered to the Russian government.

Sofacy, also known as APT28 and Fancy Bear, has been blamed for many of the most dramatic Russian hacks, including that of the Democratic National Committee during the 2016 U.S. presidential campaign.

Earlier, Cisco Systems Inc said the hacking campaign targeted devices from Belkin International's Linksys, MikroTik, Netgear Inc, TP-Link and QNAP.

An FBI official told Reuters that the kinds of devices known to be affected by the hack were purchased by users at electronic stores or online.

However, the FBI was not ruling out the possibility that routers provided to customers by internet service companies could also be affected, the official added.

Cisco shared the technical details of its investigation with the U.S. and Ukrainian governments. Western experts say Russia has conducted a series of attacks against companies in Ukraine for more than a year amid armed hostilities between the two countries, causing hundreds of millions of dollars in damages and at least one electricity blackout.

The Kremlin on Thursday denied the Ukrainian government's accusation that Russia was planning a cyber attack on Ukrainian state bodies and private companies ahead of the Champions League soccer final in Kiev on Saturday.

"The size and scope of the infrastructure by VPNFilter malware is significant," the FBI said, adding that it is capable of rendering peoples' routers "inoperable."

It said the malware is hard to detect, due to encryption and other tactics.

Additional reporting by Reuters

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in