Case Western Reserve University community members are advised to take action to address a security threat to home internet routers. A recent advisory from the Federal Bureau of Investigation (FBI) has identified an extremely large number of home and small office routers that have been compromised by state-sponsored hacking groups.
Given the scale of the problem, the FBI is advising all owners of small internet routers to restart their devices to interrupt the communications of compromised devices.
CWRU networking and infrastructure equipment, information and information systems are not affected. The university community is being asked to take action in order to keep systems and data safe while working from home and on users’ personal equipment.
University Technology ([U]Tech) recommends taking the following actions:
- Restart your home router right away by turning it off, waiting 20 seconds and turning it back on.
- For those who feel comfortable doing so, change the router administrator password from the default and disable remote administration from outside the home network.
- If the router matches the model of known vulnerable routers, investigate completely resetting the router to factory settings and getting a software update from the manufacturer. The list includes many popular Linksys, Netgear, TP-Link models and QNAP NAS devices and can be found at bleepingcomputer.com/news/security/reboot-your-router-to-remove-vpnfilter-why-its-not-enough/.
- Contact the internet provider for any additional assistance with your router.
For a more technical discussion of the issue and discussion of cyber spying tradecraft, read this Cisco advisory: blog.talosintelligence.com/2018/05/VPNFilter.html.