Federal Network Agency stops rip-off by router hacking

In January, the regulator once again prevented billing of huge fees that hackers had caused on PBXs in several cases.
According to the Federal Network Agency, this month it has repeatedly intervened after the hacking of routers or telephone systems. She has banned in several cases, the accounting or debt collection, said the regulator on Friday. In part, pay-out bans were issued and the users of the affected connections were thus spared "up to six-figure damages".

In short periods of time, cybercriminals "generated a large number of connections to foreign numbers and satellite numbers via call-by-call," explains the Federal Network Agency . In one case, over 600,000 connection minutes were triggered to over 1,500 foreign destinations at the expense of various end customers. These compounds alone would have caused a total damage of over 200,000 euros.

Harmful minutes of conversation

By the beginning of 2019, attackers had also initiated unnoticed over 5000 connections to about 200 international call numbers within ten hours via the connection of a city administration. In total, almost 59,000 minutes of call were generated with damage of several thousand euros.

Elsewhere, connection costs of 24,000 euros were incurred by dialing only four foreign identifiers via call-by-call on the first weekend of January. Another provider had the provider for the hacked dialing of international numbers within 24 hours over 10,000 euros charged.

"It could be everyone"

"In all cases, the Federal Network Agency has prevented by their decision that the affected consumers and end customers have to pay the costs incurred," said Federal Network Agency President Jochen Homann. "The network operators are protected by the additional disbursement ban." This should ensure that no unfair connection fees are paid between the providers involved. It is important that "the network operators inform us at an early stage and freeze cash flows until the official decision".

The hacking of router and telephone systems can "anyone hit," writes the Federal Network Agency. "Victims are individual consumers, self-employed, companies or authorities." In order to protect the connection devices from attacks, it is advisable to protect them with "individual and secure passwords". Those who do not make calls abroad or do not need special numbers should set up their own technology locks or have them blocked by their provider on the network side.

"Update your devices"

"Update the software of your devices regularly and immediately after release of the manufacturer," advises the regulatory authority. Last but not least, consumers should always check their bills for abnormalities. The network agency has published a list of precautionary measures .

Large hacks of cheap "plastic routers" have long been part of the horror scenarios of the Chaos Computer Club . The CCC was therefore disappointed by the recently adopted router directive of the Federal Office for Information Security (BSI), as this fails too weak. Great media attention and damage had caused a cybergangster in 2016, which triggered DDoS attacks via a Mirai botnet. When trying to bring more devices over a remote maintenance port under his control, went over one million Speedport router of Deutsche Telekom in the knee .

Post a comment