Police at home ... Your home router is the source of cyberattacks! Countermeasures are

"A cyberattack is taking place from your home,"

one day a Metropolitan Police Department investigator came to your home and pressed you.
I have no idea.

Why is this so?

The cause was a "home router" placed in a corner of the room.

(Digitally Undeceived Reporting Team / Metropolitan Police Department Officer Ryohei Kageyama)

Suddenly, an investigator arrives at home...

"Can you show me the communication equipment in your house?"

said an investigator from the Tokyo Metropolitan Police Department who suddenly came to the room of a male office worker in his 30s who lived in an apartment in Tokyo last year.

To the startled man, investigators gave him a specific date and time and asked him to check the router's communication records.

The Metropolitan Police Department was investigating unauthorized access to a major company and discovered that the router in the man's room was one of the sources of the attack.

The man explained, "I don't know anything." He had no contact with the company that was attacked and was later found to have nothing to do with the incident.

Traces of attack on the router

What happened?

The router used by the man was a very common one for home use. Upon closer inspection, the Metropolitan Police Department found traces of its use in cyberattacks. A feature called "VPN" was enabled and an unknown user was registered.

VPN stands for "Virtual Private Network," which in Japanese means virtual leased line.

Originally, it is a function to ensure high security by creating a virtual leased line when using the Internet away from home.

In addition, even if the IP address corresponding to the address on the Internet changes, a function called "DDNS" that does not have to be set again each time was also enabled.

Men had never used these features. In the subsequent investigation by the Metropolitan Police Department, the criminal group broke into the router by creating a defect in the program and changed the settings without permission. It turned out that it was highly likely that it was abused as a line used for cyberattacks.

Home routers suffer from "stepping stones" one after another

According to the Tokyo Metropolitan Police Department, since 2020, there have been a number of cases of home routers being abused as sources of cyberattacks suffered by major domestic manufacturers and telecommunications companies.

Neither owner has anything to do with the incident. It is highly likely that overseas criminal groups used it as a "stepping stone" for the attack.

Example of setting screen (*Not related to this incident)

In the case where the VPN function was abused, the username contained characters such as "admin", which means administrator in English. Even if the owner sees the username, it seems that the aim was to mislead people into thinking that it was official, making it difficult to discover.

Why are home routers misused for cyberattacks? Senior investigators cite two reasons.

Isumi Masaki of the Cyber Attack Countermeasures Center of the Tokyo Metropolitan Police Department, said, "Home routers are difficult to investigate because they only keep a record of connections for a short period of time, and it is difficult for companies to notice them as suspicious when accessing them from Japan instead of
overseas, so it is thought that they are being abused."

Suspicion of buying and selling without permission

In addition to these VPN configuration changes, there are also suspicions that the functions of home routers are being abused by criminal groups.

Professor Katsunari Yoshioka of Yokohama National University, who specializes in cybersecurity, is paying attention to a function called "proxy service."

"Proxy" in "proxy service" means "proxy" and is a function that mediates the user's connection to the Internet.

By passing through here, you can hide the IP address corresponding to the address on the Internet and use the Internet, so there are cases where it is also abused for cyber attacks.

According to Professor Yoshioka, it is possible that the criminal group is abusing the hijacked routers and illegally buying and selling them as proxy services.

A message confirmed by Professor Yoshioka's survey calling for the purchase of a license to use the "proxy service".

Selling phrases such as "highly functional", "inexpensive", and "10% off now" are lined up.

Internet sites are thriving about these deals, including many hijacked home routers.

Professor Katsunari Yoshioka of Yokohama National University
: "It is possible that the criminal group purchased the proxy service granted to home routers and used it as a 'stepping stone' for cyberattacks on companies."

How to protect your router

How can you protect your home router from such damage? The Metropolitan Police Department is calling for thorough implementation of basic measures.

Change the password from the default simple one.
Update to the latest firmware.

On top of that, assuming that the router has already been invaded, new measures are also being promoted.
Periodically check the router settings screen. Check if unknown users are registered. If there is a setting that you do not recognize, initialize it.
In addition, the Digital Life Promotion Association, of which router manufacturers are members, wants you to consider replacing it with a new model as one of the measures. The new model has enhanced security, such as setting a complex password from the beginning and preventing external changes to the VPN function settings.

Don't be complicit in cyberattacks without knowing it.

The security of the router in the house needs to be reviewed.

NHK News Post

#デジタルでだまされない
interview team is looking for your opinions on how not to be fooled by your experiences.