Understand your needs
Improve our services
Deliver personalised content
Save your preferences
Analyse visitor interactions
Your consent is voluntary – you can always change you cookie settings here.
Every year, hackers can cause millions in damages to individuals and business alike. Fortunately for the average internet user, not every hacker out there is malicious. There’s at least one hacker who’s fighting the good fight and breaking into systems to make them more secure.
Oct 23, 2018 · 1 min read
Back in April, a zero-day vulnerability was reported for MikroTik browsers that allowed hackers to break in by downloading and decrypting users’ credentials (here’s a report on the vulnerability). Fortunately for MikroTik users, the company was praised across the cybersecurity community for releasing a patch in record time, sealing the vulnerability. Unfortunately for MikroTik users, most haven’t raised a finger to patch their routers.
As a result, these routers have been targeted by a wide array of hackers, each with their own goals. Some of them have been stealing users’ credentials. Others have conscripted the routers into their botnets to launch DDoS attacks. Yet others have turned the routers into crypto-currency miners, stealing computing power to make the hackers wealthier.
Enter Alexey, a Russian-speaking grey-hat hacker who’s been using completely illegal methods (exploiting the MikroTik vulnerability, in fact) in order to help make his victims more secure. He has boasted about his exploits in a Russian-language blog post and left notes inside routers he’s targeted.
For most of the routers he’s affected (and he claims to have affected over 100,000), his modus operandi is the same: he breaks in, removes the malware left there by previous hackers, patches the vulnerability, leaves a comment, and closes the port that accesses the vulnerability as he leaves. Here's a quote of his from ZDNet:
“I added firewall rules that blocked access to the router from outside the local network,” Alexey said. “In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions.”
Apparently, most of the people affected by his work were outraged rather than being grateful.
There are important lessons to be learned from Alexey’s controversial work: