Skip to main content

Security researchers left mystified by large-scale worldwide router hijack

Security researchers are struggling to fathom why hackers have taken control of 300,000 routers across the globe in what is thought to be one of the largest such networks ever discovered.

Related: EE hurries to patch security risk that could leak customer details to hackers

Researchers from Team Cymru discovered the network that spans various different countries and researcher Steve Santorelli admitted it was “mysterious” as no attempt to use the network for malicious ends has yet been made.

"It's a definite evolution in technology - going after the Internet gateway, not the end machine," Mr Santorelli told the BBC in an email. "We see these leaps in concepts every few years in cybercrime."

The first victims of the scam were discovered in January 2014 in Eastern Europe and after digging further the researchers found that most of the routers are in Vietnam with the remainder in Europe as well as another couple of territories.

Hackers established the network of routers by exploiting loopholes in each router’s core software that then allowed the router’s internal instructions to be altered in such a way that the ISP no longer helps users access common websites.

By taking advantage of this attackers are able to redirect people anywhere online that they please, place their own adverts into pages or maliciously attack search engine results. Instead of doing this, queries were simply re-routed through a pair of IP addresses that are overseen by a south London hosting company.

The routers are made by a number of different manufacturers and Santorelli added that the attack bears the same hallmarks as an attack on home routers in Poland that resulted in an attempt to pilfer online banking login details.

Related: White hat hackers steal data from London Wi-Fi users in “evil twin” attack

Team Cymru has already told the authorities about its discovery as well as informing ISPs that have a number of compromised customers in order to try and stop it spreading.