Japan Police Warn, Home Internet Routers Ripe for Hijacking by Cybercriminals
In the fall of 2022, Metropolitan Police Department (MPD) investigators visited the Tokyo apartment of an office worker in his 30s. They had traced a cyberattack on a major company in the capital to a wireless internet router in the man’s home. The officers from the Public Security Bureau’s cyberattack response center showed him the access records and began asking questions.
The man, however, had no idea what was going on.
The only time he used the internet at home was for web searches and online games, so he was shocked to have police show up at his door and frantically denied any wrongdoing. Still suspicious, the investigators checked the router, and found a surprise.
The machine was a regular household Wi-Fi router. However, it had two features enabled that the man was unaware of: a virtual private network (VPN) to connect securely to an outside system, and DDNS (Dynamic DNS), a function that allows stable access to the same connection point even when one’s IP address changes.
After speaking with the man, the MPD Public Security Bureau determined that someone had gained unauthorized access to his router and changed the settings, and concluded that the culprits had likely used it as a “stepping stone” to launch a cyberattack on the company.
Beware of unfamiliar accounts
According to the Public Security Bureau, there have been a stream of cyberattacks using similar home router exploits since around 2020, targeting companies with cutting-edge technology. It’s not just that having a router hijacked is difficult to defend against by changing passwords and IDs; without changing the settings or returning the router to factory defaults, there is a risk that bad actors can keep using the router forever.
People use VPNs to access their company’s systems when not in the office. DDNS, meanwhile, is often used to control so-called “Internet of Things” (IoT) devices like air conditioners and pet cameras from outside home. Both functions are seeing more users, as more began working from home during the coronavirus pandemic and using internet-linked home appliances.
However, according to investigators and other sources, many users do not understand these functions or are unaware of router settings, and so don’t know when a modification is made. The aforementioned Tokyo man was quoted as saying, “I’ve only heard of VPN, and I don’t know what DDNS is. I’ve never changed the (router) settings.”
But the configuration change had allowed the attacker to freely use the man’s network connection to launch a cyberattack. And investigators believe that the attackers were hoping to use the man and his compromised router as cover even if their assault on the target company’s servers was traced.
So, what should users be aware of?
The MPD and manufacturers urge users to change their router passwords, update the firmware, and regularly check the settings. Referring to router manuals and manufacturers’ websites, they can check to see if a VPN is running and if DDNS has been enabled unnecessarily. For those who often use these functions, pay attention to whether any unfamiliar accounts have been added. If you find anything unusual, reinitialize the router or delete any unknown accounts.
A senior Public Security Bureau official said, “If a router is compromised, it can be mistaken for the source of a cyberattack. And that can lead to a police investigation and getting subjected to questioning and searches. We hope that users will take what measures they can on their own.”