Will Dormann, a vulnerability analyst at the CERT/CC wrote: “My guess is that having the device installed gives the attacker a permanent foothold on each network, where it can perform *further* attacks at the discretion of the attacker. e.g. directly attack a system inside of the hard candy shell of a network-level firewall or NAT”
A Reddit user has claimed to be victim of an scam that involved physically hooking up a piece of hardware to their Wi-Fi router.
The Reddit router owner, under the name Wardoghk, came home to find the device attached and was told by his roommate that it came from a “friend of a friend through Facebook”, who had it shipped over days earlier.
The roommate was told the piece of kit would run ads for other people when they’d visit the roommate’s Facebook page once hooked up to the router, and the roommate would receive a monthly direct deposit as a result.
“Found Hooked Up to my Router”
Wardoghk said they were going to purchase an SD reader “to see what’s going on” and later updated with an initial image of the files installed on the offending hardware, in a thread commented on over 1,300 times and widely followed by cybersecurity professionals.
“I have no way of knowing what data was taken as it is not stored on the device. Only thing left to do is grill my roommate for information regarding the person/company that gave them this and decide if I have enough to go to the police.”
Will Dormann, a vulnerability analyst at the CERT/CC wrote that HTTPS provided some protection against man in the middle attacks, but that the device likely gave the attacker the ability to “directly attack a system inside of the hard candy shell of a network-level firewall or NAT [Network Address Translation].”
My guess is that having the device installed gives the attacker a permanent foothold on each network, where it can perform *further* attacks at the discretion of the attacker. e.g. directly attack a system inside of the hard candy shell of a network-level firewall or NAT.
— Will Dormann (@wdormann) September 27, 2018
“Roommate said it came from a friend of a friend through Facebook and was shipped to the house (but the packing slip has since been thrown away). [Roommate] said they were tasked with bringing in more people to the scheme with the promise of more money. Roommate is dumb.”
Reddit Router Thread: What is It?
Cybersecurity experts contacted by Computer Business Review were reluctant to comment on the precise details of the apparent scam without access to the actual hardware, but SecureData’s Etienne Greeff told us: “There is a long history of inserts in the industry; what is interesting here is the combination of social engineering and inserts…in a sense this doesn’t appear to be that advanced given how large it is. We have seen inserts in banks but this is the first I’ve come across in the consumer sector.”
I have no doubt this device actually does what the creator say it does – provide a way to purchase advertisements without the actual purchaser being known to Facebook, and using a network of "real" accounts to "like" and spread those advertisements and posts.
— BAN.AI (@unknown61960624) September 27, 2018
RentYourAccount.com: Reddit Router Suspect?
Another user linked to a post from three years ago detailing details of a possible party behind the scam. The victim in that case was offered by the company responsible, rentyouraccount.com, to supposedly run ads through a Facebook account and would need the account password to do so.
They then offered to send the user a Raspberry Pi to connect to their Wi-Fi router, and in return would send £30 for the first month and $100 for each month after.
“This is almost 100% guaranteed to be malicious,” the user said. “Get that the hell off your network and start changing all your passwords, preferably from a device that’s never touched your home network if at all possible.”
“Run virus scans on all the computers in the house, or better yet, reinstall Windows/factory reset everything that’s ever touched your network. God knows what this device has actually been doing on your network.
“Plugging that SD card into your computer could be risky as well, be very wary.”