this post was submitted on 17 Feb 2024
433 points (98.0% liked)

Technology

59104 readers
4223 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] EncryptKeeper 81 points 8 months ago* (last edited 8 months ago) (2 children)

An important detail to mention is that every router involved were very old Ubiquiti EdgeRouters which were EOL’d like a year or two ago and they had remote administration enabled and were still using the default admin user and password.

[–] Copernican 18 points 8 months ago

I was running an edge router x until a few months ago. It was the cheapest set up to deploy a unifi wireless access point for my apartment. I was worried until I read:

It affected routers running Ubiquiti's EdgeOS, but only those that had not changed their default administrative password. Access to the routers allowed the hacking group to "conceal and otherwise enable a variety of crimes," the DOJ claims, including spearphishing and credential harvesting in the US and abroad.

Change you default passwords friends. Given that the edge router is not the most noob friendly device to set up, I'm curious how the user base of these devices is not changing the PW.

[–] [email protected] 9 points 8 months ago (1 children)

Aka people who just plugged it in and left it as long as it works. These are not the kind of people who would have done anything if informed that they had an issue. On one hand I don't like the idea of governments fixing private property, but they were never going to be fixed by the owner.

[–] EncryptKeeper 4 points 8 months ago

Well the government wasn’t “fixing private property”, as much as they were “expelling hostile foreign nationals from private property that were being utilized for malicious purposes”. They only acted in the case that one of these devices was an active participant in a botnet.

I know the government touching your stuff is an icky thought, I agree. But the only alternative in this case is you being held personally liable for your devices being used to commit cyber crime by a hostile government entity, which is a much worse thought.

Like if you own a gun and it’s stolen and you don’t report it, and a crime is committed with it, you can be charged with a crime in many states. It wouldn't be the biggest leap for something like that to apply here, if not now then in the future. I think the government fixing the problem for us and leaving us alone about it is just about the best outcome we could ask for.