Is Your Router Vulnerable to VPNFilter Malware?

Below is a list of routers vulnerable to VPNFilter, malware that can brick your device.

The Justice Department last week urged everyone with a small office home office (SOHO) or NAS device to reboot their gadgets immediately in order to thwart VPNFilter, a new strain of malware that can brick your router.

The FBI seized a domain used to send commands to the infected devices, but it can't hurt to reboot anyway.

As Symantec outlines, VPNFilter is "a multi-staged piece of malware." Stage 1 makes the connection, Stage 2 delivers the goods, and Stage 3 acts as plugins for Stage 2. "These include a packet sniffer for spying on traffic that is routed through the device, including theft of website credentials and monitoring of Modbus SCADA protocols. Another Stage 3 module allows Stage 2 to communicate using Tor."

VPNFilter "is unlike most other IoT threats because it is capable of maintaining a persistent presence on an infected device, even after a reboot," Symantec says.

Still, "rebooting will remove Stage 2 and any Stage 3 elements present on the device, [temporarily removing] the destructive component of VPNFilter. However, if infected, the continuing presence of Stage 1 means that Stages 2 and 3 can be reinstalled by the attackers."

Those who believe they're infected should do a hard reset, which restores factory settings. Look for a small reset button on your device, though this will wipe any credentials you have stored on the device.

Below is a list of routers Symantec identified as vulnerable to VPNFilter. MikroTik tells Symantec that VPNFilter likely proliferated via a bug in MikroTik RouterOS software, which it patched in March 2017. "Upgrading RouterOS software deletes VPNFilter, any other third-party files and patches the vulnerability," Symantec says.

• Linksys E1200
• Linksys E2500
• Linksys WRVS4400N
• Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
• Netgear DGN2200
• Netgear R6400
• Netgear R7000
• Netgear R8000
• Netgear WNR1000
• Netgear WNR2000
• QNAP TS251
• QNAP TS439 Pro
• Other QNAP NAS devices running QTS software
• TP-Link R600VPN

"No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues," according to Cisco Talos, which first reported the bug.

To date, Cisco Talos estimates that at least 500,000 in at least 54 countries have been hit by VPNFilter.

The feds are pinning this attack on Fancy Bear, a hacking group also known as APT28 and Sofacy Group, among other monikers. The group is notorious for attacking governments across the world and stealing confidential files from the Democratic National Committee during the 2016 election.

via PCMag

How Scammers Steal Your Computing Power to Mine Cryptocurrencies

Cryptojacking, an internet scam found on thousands of websites in which nefarious actors mine cryptocurrencies on computers without users’ permission, has been on the rise since the prices of bitcoin and many other cryptocurrencies began spiking last year. The con involves websites stealing computational power from a visitor’s computer to execute the algorithms that are involved in cryptocurrency mining, which requires significant amounts of energy.

While it’s most common in the sketchier corners of the internet, hackers have also been able to inject the cryptojacking software onto websites for Showtime and PolitiFact and on e-commerce platforms. Patrons of a Buenos Aires, Argentina, Starbucks branch discovered in December that its Wi-Fi service was covertly using their computers for mining, and last week disgruntled netizens complained on social media that YouTube ads were also stealing mining power. AdGuard estimates websites can earn up to $326,000 per month from cryptojacking based on traffic to popular websites found to have the mining software.

Cryptocurrencies are digital currencies that exist on a blockchain, an encrypted digital ledger that securely keeps track of the order of transactions between computers. Mining in general requires a computer to solve extremely complex mathematical puzzles in order to produce a piece of data, which serves as a unit of a given cryptocurrency. The mining process needs to be difficult and energy-intensive to make sure that these data sets are scarce enough to serve as a currency. If it were too easy to mine a bitcoin, then the coin would have no value. Cryptojackers are essentially stealing the energy that mining requires.

One of the most popular tools among cryptojackers is a JavaScript plugin called Coinhive, which mines Monero, a privacy-focused cryptocurrency launched in 2014. Although not as valuable as bitcoin, a single Monero is worth roughly $300. And it’s easy to mine on a personal computer, unlike bitcoin, whose mining process usually requires large server farms. A portion of the processing power that a computer allots to a website with the Coinhive plugin goes toward the mining process. The creators of the tool then get a 22 percent cut of the mined Monero.

Coinhive and other in-browser miners are often employed in a deceptive manner. AdGuard released data in December showing that four of the most popular streaming and video-conversion sites (Streamango, RapidVideo, Openload, and OnlineVideoConverter), which collectively receive about 992 million monthly visits, take users’ processing power for mining without informing them.

Cryptojackers are essentially stealing the energy that cryptomining requires.

To observe the effects of cryptojacking for myself, I went on publicwww.com, a search engine for source code, and found a list of websites that use Coinhive. Most of them appeared, based on their URLs, to feature either porn or pirated movies. I then visited five of the sites on separate Chrome windows at the same time, veering away from the NSFW content and toward websites for universities in Indonesia and Mexico. Only one site, the notorious Kiwi Farms forum, gave me the option to turn the miner on or off. Within 15 minutes, my laptop was hot to the touch, and the internal fan began whirring like a commercial airliner at takeoff. My cursor could no longer keep up with my finger’s trackpad movements, and the text that appeared on the screen was a good five words behind what I was typing on my keyboard. I opened the activity monitor, which showed a huge increase in processing:

Yet, returning my computer to its regular functions didn’t require any help from my anti-virus software or trips to the Genius Bar. Simply exiting out of the offending websites did the trick.

My experience with cryptojacking was more annoying than destructive. But this is not to condone the practice—it does rely on deceit and can cause crashes and make your computer vulnerable to other malicious codes. There are also more invasive forms of the scam, like miners disguised as legitimate Android apps that users unknowingly download. “This is a theft of power and time from people,” said Tarah Wheeler, a cybersecurity policy fellow at the New America Foundation. (New America is a partner with Slate and Arizona State University in Future Tense.)

However, the creators of Coinhive say they didn’t intend for it to be malicious. Their websiteadvises, “While it’s possible to run the miner without informing your users, we strongly advise against it. You know this. Long term goodwill of your users is much more important than any short term profits.”

I emailed the Coinhive team to ask if they knew whether anyone was using their miner legitimately, as all the coverage of their software I had seen had been in the context of the cryptojacking. They pointed me to a German image board called pr0gramm, which has been allowing users to access premium accounts with extra features in exchange for running the miner on a separate page. The team further claimed that some porn sites have been giving viewers the option to disable invasive pop-up ads by mining Monero. “Cryptomining in the browser is a very new concept and we (the web) still have to figure out how to use it properly. We have high hopes that a more ‘legitimate’ use of the miner will eventually prevail,” they wrote in the email.

At best, the outsourcing concept behind Coinhive could hold potential as a new way for websites to earn revenue. Users caught Pirate Bay, one of the most established internet hubs for sharing movies and other files, using Coinhive on some of its websites without prior notice in 2017. The site’s administrators explained in a blog post, “We really want to get rid of all the ads. But we also need enough money to keep the site running.”

While many weren’t pleased, some users actually seemed open to the idea of contributing spare processing power if it meant the end of pesky, and often crude, ads. Perhaps if Pirate Bay had presented cryptomining as a bargain beforehand, its users wouldn’t have been so irritated. As Wheeler, the cybersecurity policy fellow, said, “Cryptocurrency mining when you have the consent of the people that are visiting a site is like borrowing a cup of sugar from the neighbors. Cryptocurrency mining when you don’t have consent is like sneaking in and stealing the sugar.”

Almost everyone I conferred with about this monetization scheme mentioned SETI@home, a project at the University of California, Berkeley, that uses a radio telescope to listen for unnatural signals that could be evidence of extraterrestrial life. Whereas previous iterations of the project required a supercomputer to analyze all the data, researchers in 1999 released a software program to the general public that allowed people to donate their computers’ processing power while not in use. More than 4 million people have participated, and the collective effort of their idle computers has turbocharged the search. SETI represents what current efforts to outsource cryptomining could aspire to be. “[SETI] actually asked people if they could use the computers. … The research community has already found a way to do this with permission,” said Yvo Desmedt, professor of computer science at the University of Texas, Dallas.

However, there are many hurdles to jump before this vision can come to fruition. For the majority of people who are not familiar with the mechanics of plugins like Coinhive, the prospect of a website co-opting their computers to mine cryptocurrency may seem invasive. Bill Maurer, director of the Institute for Money, Technology and Financial Inclusion at the University of California, Irvine, said, “It depends on a pretty sophisticated consumer … you need to have a certain level of geekiness.”

And this revenue model also, of course, relies on the viability of cryptocurrencies, which have seen an overall slump in prices in 2018. Extreme volatility and high transaction costs have often precluded bitcoin owners from using it for purchasing—the online payment platform Stripe recently announced that it would no longer accept bitcoin as payment. The possibility of a large-scale hack or bubble burst bringing the whole currency system down may also prevent companies from implementing a cryptomining model. Nicole Becher, a fellow at New America’s Cybersecurity Initiative, surmised, “In the advertising world, you have to be able to sell this to a C-level [senior management] and say, ‘This is actually a new, viable to make money, so you can actually make payroll and actually become profitable.’ It’s all cool and nerdy, but at the end of the day, doesn’t it really come down to that?” 

One more thing

You depend on Slate for sharp, distinctive coverage of the latest developments in politics and culture. Now we need to ask for your support.

Our work is more urgent than ever and is reaching more readers—but online advertising revenues don’t fully cover our costs, and we don’t have print subscribers to help keep us afloat. So we need your help. If you think Slate’s work matters, become a Slate Plus member. You’ll get exclusive members-only content and a suite of great benefits—and you’ll help secure Slate’s future.

How to speed up Wi-Fi

Here's how you can speed up slow Wi-Fi, and it doesn't necessarily involve buying any new kit. Our expert tips should boost your Wi-Fi.

Routers have their work cut out these days: every new gadget wants to get its internet connection via Wi-Fi. With smart home kit becoming more popular, including light bulbs, thermostats and security cameras, it’s not uncommon for your internet connection to slow down and put a stop to your Netflix binge session.

You might not have to spend any money to fix this: there are ways to speed up Wi-Fi for free. However, if slow broadband or an old router is the culprit, you might need to consider upgrading your package and hardware. Check out our recommendations for the best routers to buy.

But first, try these tips.

1. Move your router

We’ve seen it countless times: routers chucked underneath sofas or hidden in the corner. Sure, it’s understandable that you don’t want an ugly box ruining your immaculate lounge, but if you want good Wi-Fi you need to give your router some breathing space.

The best place for it is in the middle of your home. For most people that’s impossible because your phone line or cable box sits on a wall at the front of your property. However, if you can, get an telephone extension cable and relocate the router so it’s roughly in the centre and as high off the floor as you can.

This will give it the best chance of delivering strong, fast Wi-Fi to all areas.

2. Banish interference

Wi-Fi can be flaky at the best of times, but you’re making it worse if you put cordless phones, microwaves, baby monitors and Bluetooth devices near it. Even some fairly lights will interfere with the signal and reduce speeds to a sluggish pace not seen since dial-up modems from 1999.

So keep the area around the router clear of other electronic devices, or face the consequences.

3. Use the fastest settings

Routers aren’t the most user-friendly things. You shouldn’t be expected to understand the difference between Wi-Fi standards and frequencies, but only the best routers will automatically give you the fastest-possible speeds without some manual intervention.

Essentially, the vast majority of Wi-Fi devices right now use the 802.11n standard but, confusingly, there are two frequencies it can use. If your router is ‘dual-band’ it can deliver Wi-Fi on 2.4GHz and 5GHz.

Since 2.4GHz is more common, yours and all your neighbours’ gadgets are probably fighting it out to share the available channels.

If your phone, tablet, laptop or other device is capable of connecting on 5GHz, switch to that instead. As long as you’re relatively close to your router, you’ll get a faster more reliable connection.

Some routers broadcast two separate Wi-Fi networks so it’s easy to see which is which, but others (notably BT Home Hubs) combine them – you have to log in to the router to set it to show the two bands.

4. Upgrade the antennae

Some routers have aerials which can be unscrewed. If yours is like this you might be able to buy larger versions which have a higher gain. That means a faster, stronger Wi-Fi signal.

A cheaper method – which also helps if you can’t physically reposition your router – is to make a reflector that sits behind the router and bounces the signal back the other way.

Students at Dartmouth College successfully proved that a simple tin-foil reflector can effectively boost Wi-Fi coverage in the direction of the reflector. It also has a side benefit of limiting coverage behind it, so you don’t end up broadcasting into the road outside, or into your neighbours’ houses.

5. Reboot your router once in a while

It’s the computer expert’s standard reply, but have you tried turning it off and on again? This old trick cures a multitude of problems and you might just find that fast Wi-Fi is restored after a reboot.

One thing a reboot does is to kick every device off the network and force it to reconnect. It’s also worth setting a password that isn’t the default just in case anyone is leeching off your connection. With most modern routers secure out of the box, that’s pretty unlikely, but it’s always worth checking.

6. Upgrade your router

If you have an old model, it could well be time to buy something better. Wi-Fi technology has come a long way in the last few years and there are several options.

One is to replace the router with a newer model which uses 802.11ac (preferably get one that supports MU-MIMO for the best futureproofing).

They don't all look like the mad Asus model above but will improve coverage as well as speed. Unfortunately, not a whole lot of devices apart from high-end phones, laptops and tablets support 802.11ac yet so will end up using the slower 802.11n standard, which all current routers support.

A better option could be to invest in a set of powerline adapters with built-in Wi-Fi, although this is appropriate only if you have a certain corner of your home – even a single room – which is currently a Wi-Fi black spot.

More expensive, but also more effective, is to invest in a mesh Wi-Fi system. These kits contain multiple routers which talk to each other and spread consistently fast Wi-Fi across even the biggest homes.

via techadvisor.co.uk