How your modem could let hackers attack others
LAST week a Taiwan-based computer hardware manufacturer was found to have put hundreds of thousands of customers' personal information at risk because the routers made for home networks failed to have adequate security features.
The US Federal Trade Commission launched the action and successfully argued that ASUSTek Computer Inc misled customers by promoting their router as containing numerous security features the company claimed could "protect computers from any unauthorised access, hacking, and virus attacks" and "protect (the) local network against attacks from hackers".
The FTC demonstrated hackers could exploit the router's web-based control panel without consumers knowing. This is a big wake-up call for Australian distributors of routers and modems.
Unbeknown to most consumers, a large number of modems and routers come with factory default passwords that are almost never considered by consumers in terms of updating and protecting.
Access to a home modem or router is akin to getting the keys to the front door. Once a hacker gets access, any device connected is vulnerable, and home routers are often used by hackers to launch further attacks on others.
Information security expert Brian Krebs revealed the infamous LizardStresser attack service "powered mostly by thousands of hacked home internet routers".
This particular attack involved a Distributed Denial of Service (DDoS) where websites are targeted and bombarded with internet traffic - crippling their function.
You could imagine the chaos if they were targeted towards banks, telcos and government agencies.
The group behind the attacks "hijacked" home routers. In other words, everyday home computer users were unwillingly part of the attack.
Fortunately British police managed to arrest eight people in August last year in connection with the attack. Their motive appeared less about making money and more about causing general chaos.
How do you know if your home modem or router is enabling a DDoS attack?
Some have reported a slowing of internet speed. Web pages take forever to load. Emails don't send like they should. Others have experienced a complete lack of connectivity.
DDoS attacks rely on a virus that lays in wait to be executed. Some hardware now is promoting a feature called "DDoS blocker" but market statistics on the availability of this feature are hard to come by.
If you're unsure about the security of your home modem or router, call your internet service provider if you are using theirs.
If you've decided that you prefer to take things into your own hands and buy your own, check out the manufacturer, go to their ISP and configure it with a new password frequently.
Of course make sure you are running anti-virus at least weekly. The golden rule here is that it is the latest updated version of your anti-virus - there are only 25 million new viruses created every quarter.
Dr David Lacey is a Senior Research Fellow at the University of the Sunshine Coast and Director of Identity Care Australia and New Zealand.