04:46 GMT07 May 2021
Listen Live
    Get short URL

    The US Federal Bureau of Investigation has warned hackers may have compromised hundreds of thousands of routers and other home network devices the world over with malware. Perhaps predictably, the Russians are said to be behind the ploy - but past experience suggests the true source may lie closer to home.

    In an official statement, the FBI said the virus — ‘VPNFilter' — was being used to launch attacks on infrastructure and render electronic devices useless. Anyone possessing a router is strongly urged by the Bureau to reset their device — the malware works in three stages, and rebooting the router prevents the implementation of the latter two stages.

    "Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware," the Bureau suggested.

    Ransomware attacks global IT systems
    © Sputnik / Kirill Kallinikov
    Ransomware attacks global IT systems
    The US Department of Justice said infected routers would still try to download stages two and three once back online, but rebooting would still slow attempts to reinfect devices. A factory reset would wipe the malware entirely, but also delete all user settings.

    ‘Advanced State Actors'

    The vulnerability was first made public May 23 by networking hardware developer Cisco — the company claimed it'd been spreading since 2016, although over the prior fortnight the number of attacks had "ramped up."

    "VPNFilter is an expansive, robust, highly capable, and dangerous threat [targeting] devices challenging to defend. The destructive capability particularly concerns us. This shows the actor is willing to burn users' devices to cover their tracks. If it suited their goals, this command could be executed on a broad scale, potentially rendering hundreds of thousands of devices unusable, disabling internet access worldwide or in a focused region where it suited the actor's purposes," the firm said in a blog post.

    Cisco didn't speculate as to the source of ‘VPNFilter', but made oblique references to such malicious provisions being used by "advanced nation-state actors" conducting "cyber operations."

    Similarly, the FBI didn't point fingers at a particular group or nation as being behind the hostile strategy. However, media reporting on the topic has almost universally blamed Russian hackers — whether acting with state sponsorship or not — without attribution.

    While the meme of omnipotent Russian hackers has been a recurrent one in the Western mainstream, supporting evidence has been scant. Conversely however, evidence of Western intelligence agencies employing sophisticated hacking techniques, and creating malicious software to attack citizens, is ample.

    Homegrown Viruses

    For instance, as part of its ‘Vault 7' series of exposures, whistleblower organisation WikiLeaks revealed how US Central Intelligence Agency contractor Raytheon Blackbird Technologies helped the CIA's Remote Development Branch (RDB) to collect ideas for developing their own advanced malware projects — and how the CIA's UMBRAGE malware development teams also borrowed codes from publicly available malware samples to build the Agency's own spyware tools.

    A computer screen shows a WikiLeaks logo (File)
    © AP Photo / Yves Logghe
    A computer screen shows a WikiLeaks logo (File)
    For instance, Raytheon staff suggested using; a variant of the HTTPBrowser Remote Access Tool (RAT), designed to capture keystrokes from targeted systems; ‘Regin', malware designed for surveillance and data collection which is said to be more sophisticated than both Stuxnet and Duqu, and is believed to have been developed by the US National Security Agency; Trojan ‘Gamker', which uses simple decryption to infiltrate a system then injects itself into a different process.

    The Vault 7 exposures also documented a series of virus implants apparently concocted by the CIA itself, much of which was targeted at consumer tech. For instance, ELSA tracked the geo-location of targeted PCs and laptops running Microsoft Windows, while Pandemic allowed the Agency to turn Windows file servers into covert attack machines capable of silently infecting other computers inside a targeted network, and Athena even allowed the CIA to full control over infected Windows PCs remotely — it worked against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.

    This April 13, 2016 file photo shows the seal of the Central Intelligence Agency at CIA headquarters in Langley, Virginia.
    © AP Photo / Carolyn Kaster
    This April 13, 2016 file photo shows the seal of the Central Intelligence Agency at CIA headquarters in Langley, Virginia.
    Similarly, Scribbles allowed US spies to embed 'web beacons' into confidential documents, allowing them to track insiders and potential whistleblowers, Grasshopper provided a framework for the easy creation of custom malware for breaking into Microsoft Windows, and bypassing antivirus protection, and Dark Matter provided hacking exploits for targeting iPhones and Mac computers.

    Finally, and perhaps most notoriously of all, the Weeping Angel spying tool allowed the agency to infiltrate smart televisions, transforming them into covert microphones. 



    'Vault 7': Wikileaks Starts New Series of Leaks on CIA
    New Wikileaks 'Vault-7' Batch Reveals Top Secret CIA Virus Control System HIVE
    Wikileaks Reveals CIA Developed Means to Counter Most Prominent Anti-Viruses
    WikiLeaks Releases Files on CIA Spying Geo-Location Malware for WiFi Devices
    viruses, anti-virus, hacking allegations, malware, hacking, Cisco Talos cyberthreat intelligence team, Central Intelligence Agency (CIA), Federal Bureau of Investigation (FBI), Cisco, Europe, US
    Community standardsDiscussion