Why your router, of all routers?

Why your router, of all routers?

It's clear why spies would target ISPs or their rival governments, but why would Russia want to attack your router? "Two of the main principles that have come through in recent Russian thinking about information warfare — which includes cyber activities as well as exploiting the information that they're collecting through cyber activities — is that nobody is too unimportant to be a target," says Giles. "This is something that's been seen in the front line states quite routinely, with for example Nato soldiers."

Such people may not have seen themselves as targets before, but Giles cites Russian chief of general staff Valeriy Gerasimov as believing that in information warfare there "is no rear area". In other words, we're all on the front line now. "Everybody is because they're looking for vulnerabilities everywhere," Giles says.

While finding embarrassing information to use for leverage is one goal, routers are soft targets that can be used in multiple ways: you can steal data, but you can also redirect traffic, abuse it for a distributed denial-of-service attack, replace pages or elements of a page (as seen with ad fraud), or use the access point to move up the chain to their computer. Indeed, if you hack a home router, you may "get lucky," says Irons, and find someone working from home "who is easier to access than they'd normally be at a more secure location". Even the NSA falls foul of that with home workers and contractors.

Plus, victims are unlikely to notice they've been hacked, allowing the hackers in question to hold onto the compromised router for future use. "When a router has been compromised, it is much more difficult to detect and remediate than say, a laptop infected with malware," says Jérôme Segura, lead malware intelligence analyst at Malwarebytes.

It's not all about you...

While we're all on the front-line in information warfare, it may well be to abuse our routers en-masse. That could be for a huge distributed-denial of service attack using accumulated compromised routers and IoT gadgets to attack a third-party or internet infrastructure, as happened with the Mirai botnet and follow-up attacks, notes Segura.

Plus, the use of UK and US routers can make it difficult to know where the attack actually originated, limiting immediate retaliation. "You can't hack back if the target is a US citizen," Sullivan says. "The home routers can redirect things and make it tough to figure who to attack back, who to hack back."

Russia has also been "practising" cutting off communications in a specific area, Giles noted, pointing to efforts in Crimea to disrupt information. "If Russia is present in home routers… one of the reasons could be to ensure that target governments can't communicate with their target populations."

"I'm going out on a limb," he adds, "but they could be looking at ways of supplying altered information to targeted audiences like they did in the Ukraine, where they intercepted internet communications and replace it with stuff that's being sourced from Russia." He admits that would be harder to do elsewhere where Russia has less immediate control, and adds that the Ukrainians "got wise to it pretty rapidly." However, is says "it would likely be within the realm of their ambition".

Indeed, the technical alert from the UK and US governments notes such a scenario is possible once the hackers have taken control of networking infrastructure: "At this stage, cyber actors are not restricted from modifying or denying traffic to and from the victim. Although there are no reports of this activity, it is technically possible."

That style of attack, intercepting and replacing information on a web page, is one of the most common ways criminals use hacked routers, notes Sullivan — however, it's usually for ad fraud rather than information warfare.