Aardvark Daily 20 June 2002
Here is the email sent to me by John Burns (at my suggestion) and which describes what
he did, why he did it, and how hundreds of DSL users remain vulnerable to hackers.
I have had a Jetstream account for a very short while. The speed was great and the always on aspect of it appealed to me. I have a Nokia M1122 router, the routers are great, they are always on, unless manually switched off and therefore generally keep their IP address almost statically. What you may not realise is that even if your computer is not turned on, if the router is, hackers may have access to your modem. I found this out, unfortunately from the receiving end. After looking through logs on my modem, I found that the configuration settings had been changed, or more so extra mapped ports or 'pinholes' had been added, these pinholes were to overseas servers. Someone was using my router as a stepping stone for the transfer of data. This may have been because of anonymity as my modem would show as the place the international data was coming to, and not the person who was receiving the data via my modem. I looked into this problem and found that there were a number of security issues plagueing adsl modems. In my case, it was a case of a small, undetailed manual and my urgency to get connected to the internet. After all, once you're connected and downloading data, the modem is set up...right?? Almost every modem you can buy, nokia, dynalink, 3com, etc come with either no administration password, or a default password set. In some cases the manuals do not tell you how to change the password, and in other cases they do not tell you that there are many ways to access the modem with separate passwords for each method. Almost all modems have a web based configuration mode, if not set up correctly, any external user can connect to your ip address (this is in email headers, mirc whois's, ftp logs, http logs, etc) and acess your modems configuration by using the default password. They can view your settings, including user names, passwords and logs, even to the extent of restarting your modem. The possible uses of an incorrectly set up modem for a hacker are endless, they can bascially connect to anywhere and make it appear to be you. A lot of people use the same passwords for email, online banking, inland revenue, etc. I decided to walk the thin line of the law and search for internet users who had insecure modems, then secondly inform them of the problem. I did this by searching for insecure modems, then when I did, logged their login name. From this login name I attempted to convert it to a valid email address so I could email the people at the coal face of the problem. Each user was individually emailed with a message telling them of the problem, and how to fix it. Some probably chose to treat it as a hoax, others returned by email asking for more information, some fixed the problem and sent me emails of praise, while others swore privacy infringement and contacted the police and their lawyers....All because I was trying to help them. I have people trying to claim damages, even though I was trying to prevent them from incurring costs at all. My oh my its a mixed up world we live in. Fortunately due to the early election, the laws on Criminal Hacking have not yet been passed, all users have not suffered any losses and in terms of privacy, only myself and the people involved know of their individual case. Had this law been passed, I probably would have still done the unmentionable but then given the stats and figures to the individual isps concerned. There are 2 ways that this problem can arise and both ways must be tested for from an external internet connection. You first need to find out your IP address get this from www.whatismyip.com or somewhere similar. Your IP address is a series of 4 numbers separated by 3 dots Have a friend from another internet connection try to connect to http://youripaddress - If they are asked for a password, you need to change the settings to not allow external administration connections, or if this is not possible, forward port 80 on the modem to port 9999 or similar at ip 127.0.0.1 - this will mean that a user cannot access the administration mode externally. Now, have your friend go to their start menu in windows, select run, then type in 'telnet youripaddress' and press enter, this feature cannot be turned off in most modems, but the password to access it can be changed - do this immediately if it is the default password I am not going to supply any default passwords here, you should know if the password is a default one or not, if so, change it. If you were one of the 500 odd people who received an email from me, please do not be scared by the problem, but make sure you follow the steps and change the passwords and settings to fix the problem. Aardvark Adds: If you are a DSL user and are unsure as to whether the above might apply to your setup, make sure you turn off your modem when you are not using it. Don't leave it turned on, even if the computer itself is turned off. Contact your ISP or a suitably experienced expert to check that your passwords are properly set and that nobody else can change settings without your permission.Now Have Your Say
Home | Today's Headlines | Contact | New Sites | Job Centre