Two IP addresses based in London have managed to hijack more than 300,000 internet routers, according to security researchers in Wales. A paper by ‘Team Cymru’ said that the massive hack had been carried out on targets around the world. This type of hack is relatively rare, in that it was aimed at routers instead of computers. But in essence it was similar to other botnet hacks, in that the aim was to direct traffic from legitimate sites to spoof versions which look the same, but can be dangerous or deliberately fraudulent.
Researchers at the security firm Team Cymru have discovered a massive network of router exploits that has effectively hijacked the internet for more than a quarter of a million computers. The exploit works by redirecting computers to different DNS servers, allowing the network to misdirect web traffic from its victims. There’s no evidence of spoofing campaigns yet, but the team is still investigating. “What we’ve seen so far is a little mysterious,” said Steve Santorelli, a researcher at Cymru. “300,000 machines going to different DNS servers.” Even stranger, it all seems to be coordinated by two IP addresses located in London, both registered to a hosting company called 3NT Solutions.