The FBI's Latest Warning on Connected Routers

The FBI announced on May 25th that a new, dangerous threat to cyber security could be residing on thousands of home an business based wireless routers.

"Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide," the FBI said in a warning released on Friday. The malware, called 'VPNFilter' can do things like scoop up users' personal data and cripple website service.

Western security authorities are warning that Russian hackers may have infected routers in an attempt to gain unauthorized access to personal and corporate information, and that consumer need to be proactive in their efforts to protect themselves. Specifically, the FBI wants all owners of routers to reboot them, which will disrupt the malware's ability to  communicate with other machines under its control. Details on how to properly reboot your router can be found here.

Research released last week from Talos Security Group, a CISCO company, suggests that potentially 500,000 routes may be infected. Cisco Talos listed the definitively affected routers as the Linksys E1200, E2500 and WRVS4400N; the Netgear DGN2200, R6400, R7000, R8000, WNR1000 and WNR2000; and the TP-Link TL-R600VPN SafeStream VPN router. MicroTik Cloud Core routers, mainly used by enterprises, may be affected if they run versions 1016, 1036 or 1072 of the MicroTik RouterOS. The research firm also found that two QNAP networked-attached-storage (NAS) drives, the TS-251 and TS-439 Pro, were also affected by VPNFilter.

The FBI wants everyone with a small business or home office (SOHO) router to reboot so they can track the communications. By seizing control of the domain the mothership, the FBI says it can track the different layers of the malware. But the folks from Talos are warning that is could just be the beginning, and even if you don't see your router make and model on their list, you should reboot anyway. "Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected," Cisco Talos researchers wrote in a blog posting.

Due to the severity of the event, Talo decided to publish its finding early, even thought their research and investigation is ongoing. "Publishing early means that we don't yet have all the answers - we may not even have all the questions. We will update our findings as we continue our investigation" the blog goes on to say.




Is Free Public Wi-Fi Safe?

If you work remotely or travel a lot for your job, you probably take advantage of free public Wi-Fi often. Unfortunately, that probably means you’re regularly opening up your devices and your data to serious security threats. And if you’re a heavy user of cloud services, which often store your data on a remote server rather than your computer, Wi-Fi security is even more crucial.

Most people these days have password-protected networks at home, so it’s unlikely that anybody is able to snoop on your data as it passes between your device and your router. But when you’re surfing the Web via a free public Wi-Fi at a cafe, library or airport, you should be suspicious of everyone, says technology consultant Leo Notenboom of “It’s trivially easy for any of them to be watching your unencrypted information flying by.”

Here’s what you need to know to stay safe next time you’re surfing on a free public Wi-Fi connection.

Free Public Wi-Fi Tip No. 1: Turn on your firewall.
The cafe might use firewall software to protect your computer from outside attacks, but that doesn’t protect you from other people surfing around the same Wi-Fi network inside the cafe. Be sure your computer’s firewall is turned on.

Free Public Wi-Fi Tip No. 2: Protect your smartphone or tablet.
If your smartphone or tablet connects to Wi-Fi networks, require it to ask your permission before joining any network. A lot of people never change the default network name, so if you logged on to your friend’s “linksys” network, your device will remember that and could automatically join any network of the same name in the future -- unless you tell it to ask your permission first.

Free Public Wi-Fi Tip No. 3: Use strong encryption.

Encryption works by disguising data that your computer wirelessly sends to a router. Without it, that person sitting near you at the cafe could use special software to intercept and see all the data that travels back and forth between your device and the router. And that means everything: emails, passwords and things you search for. That’s why it’s imperative, says Notenboom, to use encrypted sites when possible.

How do you know when a site offers encryption? Instead of “http” at the beginning of the address, you’ll see “https.” You’ll also see a little padlock icon in your browser window, usually on the bottom right.

What else should you consider encrypting?

  • Your email. If you use a locally installed email program such as Outlook or Entourage, you can protect your mail and passwords by using something called SSL (secure sockets layer) on each of your accounts. This encrypts all your data when you send and receive email. Not all email providers allow the use of SSL, though, so check your provider’s help page.
  • Your Facebook and Twitter pages. Facebook and Twitter recently began offering encrypted sessions; just go into your account settings and find the option that says “Always use https.”
  • Your Google search. If you think the keywords you’re searching could be embarrassing or you prefer to keep your privacy, try the secure version of Google search. Instead of going to, do all of your searching at
  • Everything. Consider a VPN service. VPN stands for virtual private network and encrypts everything you send and receive. You can download free mobile VPN software from such a site as Hotspot Shield and everything -- instant messages, passwords, emails and websites -- will be virtually impenetrable to prying eyes whenever you’re using a free public Wi-Fi connection. Or if your employer offers its own VPN, always connect to it through your computer or mobile device.

“That guy in the corner of Starbucks with his laptop -- do you trust him with your private data?” asks Notenboom. Follow these Wi-Fi safety tips, and you won’t ever have to ever wonder.

Keep Your Data Safe When Telecommuting

Thanks to the Web, more and more people are working remotely -- from home or anywhere. But not commuting anymore doesn't mean you don't have the same security issues that your corporate-office counterparts do. Here's how to protect your data, devices and computer without an IT department:

1. Back up your data in the cloud.
It’s easy to lose all your work: One computer virus or hard-disk-drive meltdown, and your important files may vanish forever. That’s why, when working from home, backup is crucial. Instead of depending on bulky hardware, try the many cloud services on the Web. They back up new content every night while you sleep, keeping your files safe and allowing you access from any computer at any time.

"Backup used to be cost-prohibitive," says Phil Montero, founder and CEO of an online resource called You Can Work From Anywhere. But these days, many online services charge as little as $50 per year, depending on your needs. Mozy even offers certain amounts of backup for free. If you’re only backing up documents, Google Docs is another good bet.

2. Protect your computer and critical files.
If your employer issues you a PC or laptop to use at home, they'll often install security software or a Web-based security service to block viruses or bar hackers. But if you are self-employed, the burden of protecting your computer and data from the increasing array of online security threats falls squarely on your shoulders.

When choosing a cloud-based security service, be sure it protects your computer with antivirus, spyware and firewall programs. It should also constantly updates to protect you against evolving threats.

You should also limit your family members’ access to your work computer. "You have to be sure that the really critical stuff isn't made accessible to someone who shouldn't have access to it," says Jack M. Nilles, founder of JALA International, a global telecommuting consulting company. "That includes the kids getting on your computer and downloading something [harmful]."

Finally, keep passwords and ID numbers private so they don’t fall into the wrong hands.

3. Seamlessly collaborate with others.
Whether you work on your home computer once a week or full time, if you need to share files with colleagues, synchronization tools can help ensure you (or your team) are working on the correct or latest version of a document. The “old” way to do this was to copy the files from your home computer onto an external hard drive, CD or thumb drive and install them on your work computer. But this process sets you up for accidentally writing over the most recent files -- and what if this external backup device you were depending on is destroyed or lost?

Cloud services enable you to sync automatically to ensure speedy backups. Or try Microsoft’s FolderShare, which allows you to synchronize files with colleagues over the Web.

There's no doubt to the benefits of Web to the home office worker. That said, you want to be smart about security issues. To really cover your bases, in addition to backing up and securing your data, Niles also says it's important to get a clear protocol from your company or clients: "We recommend that telecommuters working for a company have a formal agreement specifically stating who is responsible for what." This way, you can always fall back on the agreed-upon security plan for your best-quality work away from your IT department.

3 Sneaky New Online Scams to Avoid

Most of us can recognize a shady email or Facebook post when we see one. I mean, how many of us actually know a Nigerian prince, right?

But hackers are pulling fresh tricks to dupe us into parting with our money or privacy. In the past four months alone, instances of malware on mobile phones have doubled, making smartphones a hotbed for wrongdoers. And according to the Federal Trade Commission, 9 million Americans lose their identity to hackers every year.

Don’t want to become a stat? Here are the three new online scams and how to avoid them:

Online Scam: Your Dating Match Is Actually a Fraud.

The scenario: You’re in search of cuties on Internet dating sites when you meet a handsome U.S. Army serviceman stationed in Iraq. The guy is friendly and open about the war and his post-battle dreams. Best of all, he has a hot mug. What starts as a mere flirtation grows into a deep, personal relationship … in which your new man is comfortable enough to ask you to lend him some money.

How it works: That guy may not be an actual serviceman, but a scammer hoping to work his way from you heart to your wallet. The Army Criminal Investigation Command (CID) has been notified of this scam hundreds of times in the past six months. The CID says the scammers assume the identity of real-life soldiers, coupling their names and ranks with photos of other soldiers found online. Sometimes, the scammers paint the Army as a downtrodden entity, in which soldiers need pay for Internet connections, leave papers, medical treatment, special laptops, international telephones or a flight home from Iraq or Afghanistan.

How to steer clear: Army CID spokesperson Chris Grey says that the Army has plenty of support programs for soldiers overseas and that an actual soldier would not be making such monetary requests. The CID warns women to be suspicious of the following:

  • Anyone claiming to be a soldier, proposing marriage and asking for financial help early in a new relationship -- especially if it’s someone you haven’t met in person.
  • A new soldier boyfriend claiming that the Army won’t allow him to access his bank accounts or credit cards.
  • Suspect postal addresses. Soldiers serving overseas usually have an APO or FPO mailing address. Don’t send money to a third party or company.

If you think you’re talking with someone who is impersonating a soldier, report the incident to the Internet Crime Complaint Center and the Federal Trade Commission.

Online Scam: A Simple Celeb Search Brings You Viruses.

The scenario: You search online for your favorite celebs, whether it’s to get the latest dirt or find out just how they maintain their bikini bods. Harmless, right? Until your screen freezes and your computer gets slow.

How it works: This latest online scam plants viruses on PCs when gossip seekers search for stars online. Heidi Klum is currently the most dicey celebrity to search on the Web. Searches of “free downloads,” “videos” or “screensavers” coupled with her name stand a 1-in-10 chance of installing malware on otherwise clean PCs.

How to steer clear: Install an antivirus and antispyware program on your computer and devices. Limit widespread Google searches for sexy celeb pics. Instead, search within a well-known Hollywood blog, like or

Online Scam: Your New Favorite App Isn’t an App at All.

The scenario: You just discovered a new addictive game on your phone or downloaded a beautiful wallpaper. Best of all, it’s free! But then you get your phone bill and … whoosh! There goes $1,000. How did this happen?!

How it works: What you really downloaded was a dangerous program in disguise that sends unauthorized texts from your phone and racks up your phone bill. Equally common is a program with which hackers steal your personal information, compromising your identity. Last year, an estimated 4.6 million Android users downloaded a seemingly innocent Star Wars and My Little Pony branded wallpapers to their phones, which collected and sent user data, like subscriber identification and phone numbers, to a site in China.

How to steer clear: Always download your apps from a trusted source, like the iTunes store or the Android Marketplace. Apple and Google have a tough process for accepting new apps, and they police their stores for malware problems.

Have you ever fallen for an online scam? Share your story in our message board below.