The revelation, in an article posted Friday by KrebsOnSecurity, is the latest evidence documenting a big uptick in the hacking of Internet routers. Over the past 18 months, researchers have uncovered several other large-scale attacks on routing devices, including those made by Asus, Linksys, and many other manufacturers. Routers are often ripe targets because users fail to change default passwords, and the devices often contain security vulnerabilities that can easily be exploited by attackers halfway around the globe.
Those compromising routers for financial gain appear to be members of the Lizard Squad, a group that operates an online attack service that promises to take down any site a paying customer has requested. KrebsOnSecurity namesake Brian Krebs cited security researchers assisting law enforcement officials investigating the group. The researchers asked to remain anonymous. According to Krebs, the for-hire denial-of-service service is powered by a network of compromised devices that mostly include home routers from around the world that are protected by little more than default usernames and passwords. Krebs wrote: