Cyber threat of the week
Happy Election Day. Here’s your cyber threat of the week. What’s a growing trend among hackers looking to get into firms whose networks are well defended? Hijacking their IT infrastructure and processes to deploy malware. In one case uncovered in the last three months, hackers developed a fake upgrade to a U.S. based telecommunications company’s ...
Happy Election Day. Here's your cyber threat of the week.
Happy Election Day. Here’s your cyber threat of the week.
What’s a growing trend among hackers looking to get into firms whose networks are well defended? Hijacking their IT infrastructure and processes to deploy malware.
In one case uncovered in the last three months, hackers developed a fake upgrade to a U.S. based telecommunications company’s Internet routers. That upgrade actually contained malware; once the firm’s IT staff distributed the upgrade, that malware was pushed to the computers that connected to the company’s networks.
"We had an adversary group that was inside of a company — they had been there for a while — and we discovered that they had identified the part of the company that did router upgrades," said Richard Bejtlich, chief security officer at the cyber security firm Mandiant.
"What these guys had done is gotten a copy of the image [of the router’s software design], they had decompiled it, they had then added malicious features into that router image and pre-positioned it where the IT [administrators] for the company would then copy it out to the [firm’s] routers," where they would be free to roam throughout the firm’s network.
How did hackers steal the router plans?
"You can get them in two places. One is you can get them from the enterprise itself — they have their repository of images ready to go — or if you have a Cisco connection online, you can download it yourself. While it’s sort of a niche affair, there are people who specialize in ripping apart Cisco [router] images," said Bejtlich.
Defending against this is relatively simple, he said.
"If you validated the signature" associated with the router upgrade to find out whether it is legit, "I guarantee you’d catch it," said Bejtlich.
While this hack caught was caught just before the company’s IT administrators were about to distribute the upgrade, Bejtlich said that other companies are probably not as lucky.
John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.
More from Foreign Policy

Saudi-Iranian Détente Is a Wake-Up Call for America
The peace plan is a big deal—and it’s no accident that China brokered it.

The U.S.-Israel Relationship No Longer Makes Sense
If Israel and its supporters want the country to continue receiving U.S. largesse, they will need to come up with a new narrative.

Putin Is Trapped in the Sunk-Cost Fallacy of War
Moscow is grasping for meaning in a meaningless invasion.

How China’s Saudi-Iran Deal Can Serve U.S. Interests
And why there’s less to Beijing’s diplomatic breakthrough than meets the eye.