By Christophe Bing
WASHINGTON (Reuters) – An unidentified hacker group launched a massive cyberattack on a telecommunications company in the U.S. heartland late last year, knocking out hundreds of thousands of Internet routers, according to a published study THURSDAY.
Security analysts at Lumen Technologies’ Black Lotus Labs discovered the attack in recent months and reported on it in a blog post.
The October incident, which was not disclosed at the time, knocked more than 600,000 Internet routers offline. Independent experts said it was one of the most serious cyberattacks ever launched against the U.S. telecommunications industry.
Researchers said hackers installed malware that disrupted Internet access from Oct. 25 to 27 in many Midwestern states. Analysts discovered the malware, which continued to circulate on the Internet months later thanks to some file links that the hackers had left visible.
The report does not name the company attacked. Lumen also did not attribute the hack to any particular country or known group. Researchers said saboteurs used common methods that made them harder to identify.
Internet routers were disabled when a malicious firmware update sent to the company’s customers removed elements of the routers’ operational code, rendering them unusable. Exactly how the firmware update was pushed to users was unclear.
“We believe with high confidence that the malicious firmware update was a deliberate act intended to cause an outage,” Lumen’s report said. “Destructive attacks of this nature are very concerning, particularly in this case.”
A comparison of the details and descriptions of events in the Lumen report with Internet outages on the dates of the attack pointed to a single entity: Arkansas-based Internet service provider Windstream.
A Windstream spokesperson declined to comment, as did the FBI. The National Security Agency and Homeland Security Department referred requests for information to the FBI.
Researchers described the potential consequences of the attack as serious.
“A significant portion of this ISP’s service area covers rural or underserved communities; locations where residents may have lost access to emergency services, farms may have lost critical information through monitoring remote from crops during harvest, and health care providers cut off from telehealth or patient records,” the researchers wrote.
There are few public signs of the incident. On the social media platform Reddit, self-identified Windstream customers posted complaints about a strange outage that began around October 25, the date Lumen reported.
Users on Reddit described how their routers were not connecting to their Internet Service Provider and therefore could not access the Internet. Users said Windstream was asking them to return their disabled routers for new devices because remote repair didn’t seem possible.
It was unclear whether the FBI, which is responsible for investigating U.S. cybercrime, had been informed of the hack. But private companies often choose not to disclose such incidents.
(Reporting by Christopher Bing; Editing by Cynthia Osterman)
yahoo
