MARY LOUISE KELLY, HOST:
Can you name every device in your home that connects to the internet? Computers, smartphones, of course, but also think TVs, smart speakers, doorbell cameras, your thermostat, maybe your fridge, my garage door opener - all those devices connect to the internet through your internet router. And the FBI is warning that if you use an old or out-of-date router, it could expose you. It could expose all of your devices to cyberattacks. Last week, the FBI announced it had disrupted a global hacking operation linked to Russia's military intelligence agency, the GRU. So how to keep your home internet connection safe - let's put that to Dmitri Alperovitch. He is cofounder of the cybersecurity firm CrowdStrike. He's now chairman of the Silverado Policy Accelerator, a geopolitical think tank. Dmitri, welcome back to ALL THINGS CONSIDERED.
DMITRI ALPEROVITCH: It's great to be with you.
KELLY: OK, so this hacking group, known as Fancy Bear, but people may also have heard them referred to as Forest Blizzards. These are different names for one group. What were they doing to try to exploit vulnerable routers?
ALPEROVITCH: So this group has gone after these devices before back in 2018 in a hack campaign, and the FBI now says it's going after them again. And particularly, two brands of these devices, TP-Link, which is a Chinese firm, and MikroTik, which is a Latvian firm, which is not very popular here in the United States but is very widely used in Eastern Europe and particularly in Ukraine.
And what you can do once you take over this router is essentially intercept communications that are going through from your devices, from your phone, from your laptop to different websites. And if you're intercepting that, you can actually break the encryption and steal passwords, steal other credentials that you can then use to log in into those websites as an attacker.
KELLY: Do we know if this hacking operation that the FBI just announced it disrupted - do we know - were they going after the U.S. government, U.S. government employees, or were they potentially going after everyday internet users like me, like all of us in the U.S.?
ALPEROVITCH: Well, this is what's really interesting about this operation, is they cast a really wide net. Usually, with these operations, they find a particular target. Let's say it's a person working for Ukrainian military, and they go after them for reasons that are self-explanatory. Here, they basically said, let's find every vulnerable router of these two brands of routers around the world, and then we'll sift through the data and see if any of them are useful.
KELLY: Safe to assume this is not the only group trying to exploit vulnerable routers.
ALPEROVITCH: Correct. And both criminal groups and intelligence agencies have gone after this. So this is a really big vulnerability that people need to be aware of. If you have a router that's vulnerable, if you don't have them on auto update settings to make sure that it gets security updates automatically as soon as they come out, it's a huge issue because all of the passwords to your banking sites, to your credit cards, to your email service can be intercepted and then be used by attackers to steal your identity and steal your finances.
KELLY: So what should we do? Walk me through the steps to make sure that we do not become victims of this.
ALPEROVITCH: Well, first of all, if you're using one of these brands, TP-Link, the FCC, the Federal Communications Commission, has actually come out and said you should not be using that because that is a company that is believed by U.S. government to have links to the Chinese government. And aside from any vulnerabilities it may have, there's a supply chain issue of using an adversarial company that manufactures these devices.
KELLY: Right. The FCC is actually saying it wants to ban the sale of new routers built outside the U.S., right?
ALPEROVITCH: Correct. It doesn't want them coming into the country because of that concern.
KELLY: OK.
ALPEROVITCH: But even if it's a U.S.-made router or, you know, a European-made router, you still want to make sure it's continuously updated. So go into settings for that router, make sure it's on auto update mode so that any moment that a new version comes out of the software for that router that fixes some vulnerability, it automatically updates itself. And you should do that for all your devices, whether it's your iPhone or Android phone or your laptop. Make sure that you are updating it continuously.
KELLY: So updates turned on. I mean, in the interest of wanting people to be safe and secure but also not wanting to be alarmist about this, do we know how successful this recent hacking operation was?
ALPEROVITCH: Well, we know that they've compromised thousands of devices. We don't know where those devices have been located. Reports indicate they are in over 120 countries. Some of them probably in countries of interest to the Russian intelligence services, probably in Ukraine, which is their obviously top priority right now given the war. But we don't know if they've gotten anyone valuable and if, as a result of compromising these devices, they've stolen passwords to any critical infrastructure.
But it's a huge issue even for U.S. government because so many U.S. government employees are now working from home, and if they have a vulnerable router, you know, as they're logging into their government email accounts and other websites, those credentials can be intercepted by an attacker.
KELLY: Dmitri Alperovitch, when did you last upgrade your router?
ALPEROVITCH: It's an auto update, so it updates automatically.
KELLY: (Laughter) OK. You pass. That is cybersecurity expert Dmitri Alperovitch with the think tank Silverado Policy Accelerator. Thank you.
ALPEROVITCH: Thanks so much.
ALPEROVITCH: (SOUNDBITE OF MUSIC) Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.
