The NSA is Hacking Consumer-Level Routers

Speaking at the European Parliament, Jacob Appelbaum has disclosed a program called "Quantum Insertion" where the NSA is compromising consumer-level routers in homes and using them to redirect traffic to "FoxAcid" servers. As he describes it, FoxAcid is a system that detects the activity of targets and the system inserts itself as a service you are trying to connect to. It then masquerades itself as the service the target is trying to connect to while gathering and profiling the targets system for vulnerabilities in their browser or client software. It then can attack the target in a purely automated fashion and compromise the computer of the target with no human intervention.

The Quantum Insertion program allows the NSA to hit targets abroad. Because the FoxAcid system relies on a "race condition" on the internet, the fake page data has to beat the real page data in order for it to be loaded onto the targets PC. If the NSA is not physically between those servers, it cannot under normal conditions intercept the targets request and push a fake page from FoxAcid fast enough to beat the real data. Quantum Insertion resolves this problem by compromising consumer-level routers and using them to redirect traffic to and from the target.

You can hear about the system here:

This revelation has a lot of serious implications. It could mean that there are backdoors in consumer routers. At best, they are using a system to crawl the internet and find consumer routers that are still using their default passwords and allowing manipulation from the internet, and compromising those. At worst, consumer routers are backdoored via firmware from the manufacturer and many of the worlds home networks are vulnerable to attack. With an increasing number of home routers being issued by Internet Service Providers, many of which we know have worked with the NSA in the past, it is alarming to say the least.

Some defenses from this kind of attack include:

Change your router password away from the default, and use a hard password with a lot of entropy. How to create a strong password (You should do this anyway)

Do not allow your router settings to be accessed via the internet.

Keep your router firmware up to date to get the latest security updates. 

If you suspect your router may have been compromised, flash the firmware.

Use open-source router firmware like DD-WRT or Tomato. You can have more confidence that these are not compromised.

Build your own router, and use an advanced Linux or BSD operating system that is intended for routing like pfSense.

Learn why Viking VPN is the Fastest VPN Service Provider.

< last
next >