Eir, routers, hacking and botnets

eir

The big security story of recent days is the Eir modem hack. In late November up to 400,000 Eir users were affected as the service was hit with suspected DDoS attack, but now Eir is concerned about the safety of some 130,000 of its broadband customers’ routers, because some 2000 may have been compromised by malware.

Researchers at Fox IT have pinned the blame for the DDOS attack against Eir customers on an updated version of the Mirai botnet, which recently launched a massive IoT-powered attack against the website of security blogger Brian Krebs and knocked major websites offline after similarly assaulting DNS service Dyn.

As many as 900,000 Deutsche Telekom customers were also knocked offline recently as an attempt was made to hijack broadband routers into a botnet.

Malicious hackers were detected commandeering vulnerable Zyxel and Speedport routers, connecting them into a botnet which they can command to launch huge DDoS attacks against websites. The vulnerability exploits the TR-069 and TR-064 protocols, which are used by ISPs to manage hundreds of thousands of internet devices remotely.

Eir statement on Monday was: “Eir has identified unauthorised access by a third party on a small number of our broadband modems. This information was discovered as part of our investigations into the potential security vulnerability concerning two of our broadband modems, the Zyxel D1000 and Zyxel P-660HN-T1A devices.”

Botnets are networks of thousands of infected devices that cybercriminals remotely control for concerted hacking or DDoS attacks against designated targets. This could mean that Irish computer users would be, through their hacked routers, unwittingly participating in hacking attacks by cybercriminal gangs against various targets.

Eir is advising their customers to reset their modems, www.eir.ie/modemreset while information about resetting passwords can be accessed at www.eir.ie/modemadvisory.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s