The Federal Bureau of Investigation (FBI) is dismantling a “large network of hacked routers and storage devices” that could have enabled a “massive cyberattack,” according to a report in The Wall Street Journal.
The FBI move came after Cisco Systems Inc. and authorities from the United States and the Ukraine warned about the prospect of the gear facilitating an attack that could “knock hundreds of thousands of internet users offline,” according to the report. “The FBI said late Wednesday that it has seized control of the internet domain that was used by the computer network’s ‘command and control’ server to issue instructions to infected devices. The agency said it has begun an effort to clean up the estimated half-million infected devices.”
The fear was that criminals would launch an attack timed to “the final match in soccer’s UEFA Champions League competition taking place Saturday in Kiev.”
There were few details about specific potential targets of such an attack, save for the tie to the Ukraine and fear about hackers going after the power grid. But it’s hard to imagine such a large-scale event taking place without impacting eCommerce operators and financial institutions, even if indirectly. Suspicion centered around Russia being behind the planned cyberattack.
An expert quoted by the Wall Street Journal — Craig Williams, a security researcher with Cisco — said the danger comes from software called VPNFilter, which has infected devices in 54 countries. The software works in such a way that users’ devices are left “unusable,” he said. The malware also can install software that then steals data from the infected device.
The U.S. Department of Homeland Security this week issued a warning about VPNFilter, saying that it has “the potential to cut off internet access for hundreds of thousands of users.”
The FBI’s response to the potential attack came after Cisco, on Wednesday (May 23), said the “hacking campaign … targeted devices from Linksys, MikroTik, NETGEAR, TP-Link and QNAP,” according to a report from Reuters.
“Ukraine’s SBU state security service responded to the report by saying it showed Russia was readying a large-scale cyberattack ahead of the Champions League soccer final, due to be held in Kiev on Saturday,” the report added.
Cyberattacks have become a “fundamental part” of Russian military activity, noted retired Admiral Jim Stavridis, the former supreme allied commander of NATO, at Innovation Project 2017, a program backed by PYMNTS. “Ukraine had portions of their grid taken down in an attack by Russia. We will see more of this,” he said.
According to the Wall Street Journal, the “FBI said that the network of hacked computers was created by a group known as APT 28, or Fancy Bear, which has also been linked to the 2016 hacking of the Democratic National Committee.” Those hackers have been linked to the Russian government by U.S. officials.
As if this latest hacking threat were not enough, a reminder came this week that future security threats surface not only from state-backed criminals trying to harm a national rival, but also from one of the fastest-growing areas in consumer electronics and eCommerce. Researchers announced that they had found a pair of new ways to exploit weaknesses in both the Amazon Echo and Google Home line of products. Hackers could use those methods to eavesdrop on users and even trick them into giving up sensitive personal data, like payments credentials.