Do you have a wireless router? Many people do, and if you’re one of them you’ll want to pay special attention to this post.

According to this post on Ars Technica, a whopping 300,000 wireless routers have been hacked, and not just for fun; the attackers have been using a modification of what is formally known as a pharming attack. This kind of attack is normally run against two specific targets: The first are Domain Name System (DNS) servers that are used to reconcile the web address a user types in with the numerical address the computer understands, and the second are ‘Host’ files on your PC that do the same thing.

In the wireless-router attack, attackers are able to remotely access the router and redirect legitimately and correctly entered web addresses (such as www.bankofamerica.com) to a fraudulent website, even though the correct address was entered. You won’t realize you have gone to the wrong website since the fraudulent one is almost an exact copy, so you’ll still enter your username and password, and then the hackers have it. We will talk about things like numerical web addresses and remote servers and whatnot later in the semester, but I have included an interesting and informative video below to give an idea about how this type of attack works.

While redirecting users to malicious sites based off of accurately entered web addresses is nothing new, but it was not that common a practice. With this attack, they are stepping up their game in a big way, and to make it even more concerning, an attack of this type is very difficult for a user to notice. There would be some subtle issues like the HTTPS before the full address, but if you’re not paying attention it’s an easy thing to overlook.

The attacks, from what I can tell, haven’t yet happened in the U.S., and they haven’t attacked Linksys routers, the most widely used here in the U.S. by far, but my guess is that they are using the routers in other countries as a test run before they try something really big. For now, if you’re router looks like the one below (or is made by Cisco/Linksys) you should be generally OK.

According to the Ars Technica article, you can tell if you’ve been hacked as the DNS settings in your router, accessed by typing a specific numerical address specified by the manufacturer into a browser bar, have been changed to 5.45.75.11 and 5.45.76.36. Again, it won’t be any of you, but it’s a possibility to be aware of in the future.