Vigilante Hacker(s?) Commandeer 10,000+ Home Routers to Provide Security Assistance
I am vengeance! I am the night! I am ... pretty sure you should change your password regularly, btw.
We’ve all enjoyed a laugh at the expense of those with poor cyber security skills over lists of bad passwords, but how many of us have actually done anything about the frustrating reality of bad Internet safety practices? Well, someone couldn’t take it anymore, and they decided to turn faulty security into a learning opportunity.
Enter Wifatch. Wifatch is a mysterious piece of “malware” that infects routers through Telnet ports—often weakly secured with default security credentials—that could be open to malicious attack. Instead, Wifatch takes that opportunity to set up shop, close the door behind it, and then prompts users to change their Telnet passwords if they’re actually going to use the port.
It also has code dedicated to removing software that has invaded the device with less altruistic intentions. Wifatch seeks out and removes “well-known families of malware targeting embedded devices,” according to Symantec’s research on it—and they think it’s running on “tens of thousands of devices.”
Of course, not everyone is happy with the Batman of cyber-security swooping in and taking things upon itself vigilante-style. The code carries a comment to anyone trying to investigate it that advises them to look inward before they cast any stones:
To any NSA and FBI agents reading my email: please consider whether defending the US Constitution against all enemies, foreign or domestic, requires you to follow Snowden’s example.
But the software itself is technically violating people’s rights simply by setting up its peer-to-peer network and infecting devices across the “Internet of Things” (like web-connected household appliances), even if it’s for a good cause. Or, to put it in more relatable terms: I’m with cyber-Batman on this one, but Lucius is like:
—Please make note of The Mary Sue’s general comment policy.—
Have a tip we should know? [email protected]