Mysterious Hack Destroyed 600,000 Internet Routers

source:  |  image:


If you have a crypto wallet containing a fortune but forgot the password, all may not be lost. This week, a pair of researchers revealed how they cracked an 11-year-old password to a crypto wallet containing roughly $3 million in bitcoins. With a lot of skill and a bit of luck, the researchers uncovered a flaw in how a previous version of the RoboForm password manager generates passwords that allowed them to accurately figure out the missing login and access the buried treasure.

Police in Western countries are using a new tactic to go after cybercriminals who remain physically out of reach of US law enforcement: trolling. The recent takedowns of ransomware groups like LockBit go beyond the traditional disruption of online infrastructure to include messages on seized websites meant to mess with the minds of criminal hackers. Experts say these trollish tactics help sow distrust between cybercriminals—who already have ample reason to distrust one another.

A graduate student at the University of Minnesota has been charged under the Espionage Act for photographing a shipyard in Virginia where the US Navy assembles nuclear submarines and other vessels whose components are classified. What makes the case novel, however, is that he allegedly took the photos with a drone, making his prosecution likely the first of its kind in the US.

It was a big week for cops taking down botnets (as you’ll read more about below). This week, the US announced that it had disrupted what may be the “largest botnet ever,” according to FBI director Christopher Wray. The botnet, called 911 S5, included some 19 million hijacked IP addresses around the world, which authorities say were used to carry out billions of dollars in Covid-19 relief fraud, make bomb threats, traffic in child sexual abuse material, and more.

But that’s not all. Each week, we round up the security news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Mysterious Hack Destroyed 600,000 Internet Routers

More than a half-million internet routers were disabled last year in a malware attack carried out by an unknown threat actor targeting a US internet service provider. Launched in late October, the attack—one of the largest ever against the sector—reportedly disrupted internet across several Midwestern states. The attack was first disclosed this week by the security firm Black Lotus Labs, which did not identify the specific company affected. However, Ars Technica reports that the incident appears to have impacted a ISP called Windstream, which provides internet service to 18 states in the US Midwest and South.

Black Lotus Labs researchers say the attacker used off-the-shelf Chalubo malware to gain access to the routers, and that their firmware was eventually overwritten, effectively bricking the devices. The disruption resulted in a flood of complaints on a forum about the damaged routers. “The routers now just sit there with a steady red light on the front,” a user wrote on the DSLReports forum. “They won’t even respond to a RESET.”