Russian router hacks: Here’s how you can protect your data

Credit: Matt Rourke

Credit: Matt Rourke

The United States and Great Britain issued a joint statement Monday warning that Russian government-sponsored "cyber actors" are planting malware on internet routers and other devices.

According to the warning, Russian-backed operatives are targeting internet service providers, “government and private-sector organizations,” and providers of “critical infrastructure.”

According to the warning, law enforcement authorities have seen such activity since 2015. The “cyber actors” authorities have received information about have been exploiting large numbers of routers – including residential routers -- around the world. Routers direct traffic across the internet.

"The activity highlighted today is part of a repeated pattern of disruptive and harmful malicious cyber action carried out by the Russian government," FBI deputy assistant director Howard Marshall said in a statement online.

The warning said the hackers identify vulnerable devices to break into and mine information and can even control traffic that goes through the router. The campaign is worldwide, the statement said.

“The current state of U.S. network devices — coupled with a Russian government campaign to exploit these devices — threatens the safety, security, and economic well-being of the United States,” the alert stated.

According to CERT, the systems affected are: Generic Routing Encapsulation (GRE)-enabled devices,, Cisco Smart Install (SMI)-enabled devices and Simple Network Management Protocol (SNMP)-enabled network devices.

So, how do you protect your data?

The warning includes a list of things individuals and businesses can do to protect data.

For individuals:

Change all default passwords.

Make sure network devices are up-to-date.

Make sure you are using firmware from a trusted source.

For internet service providers and manufacturers:

Review network device

Do not support out-of-date, unencrypted, or unauthenticated protocols and services.

Flag as suspicious and investigate SMI traffic arriving from outside the network boundary.

Click here to read the statement from the United States Computer Emergency Readiness Team.

About the Author