Megacable: a bit of a warning (somewhat technical)

[DonaldW]

Very kind of you to share - thank you! You know this is coincidental but I discovered the same thing with the Telmex I was using in Gto just a couple of weeks ago.

Here is why this is a serious issue: By knowing or scanning the IP address of your router from anywhere in the world, your router panel log in screen can be accessed remotely. With no built in security features for these routers like the so-called "big boys" have, e.g. where repeated attempts at guessing passwords are not thwarted. e.g. by slowing down or stopping after multiple fails, this leaves your equipment open to be accessed from anywhere in the world. And with no major password guessing attempts even detectable by these low-end devices, this leaves them vulnerable to be hacked by the most elementary of automated password guessing tools, available online for anyone to download, incidentally.

The easiest hack to be used is one that is commonly installed on workstations via compromised websites, where the computer DNS servers are altered to point away from those at the ISP, to some rogue ones controlled by the hacker. By altering the named DNS servers in your router, the hacker can route every lookup of every URL by every machine in your home, changing that lookup service from the ISPs to a spiffed DNS server they own. The first thing they can do with this hack is receive a list of every URL you enter into your browser, plus any one you click on from another webpage.

OK, so they know everywhere you go now, so what's the big deal, some might ask. First thing they watch for is when you go to "yourBankName.com". They then construct a website that looks exactly like your bank page. Now they set up a redirect on their spoofing DNS server that re-directs you to their fake copy of your bank's web page when you go to "yourBankName.com". Now you key in your bank account credentials while looking at their spoofed exact copy of your bank screen, and in a couple of seconds, they have your bank log-in credentials.

Now surely I don't have to explain what can be done with those.

Good catch there David Victor, and certainly something that needs to be brought to the attention of these companies. This setup would never be allowed in the US and should be considered a severe security breech.

Incidentally to those worried now, using a secure VPN uses the secure DNS servers of the VPN company and not the local ISP (which we see now can be hacked by the most rank amateur and from anywhere in the world) so consider this using both cable and DSL connections in Mexico. This is one of the reasons they always recommend using a secure VPN when traveling, particularly when doing financial transactions online and even more strongly suggested from publicly available wi-fi connections.

DNS Server: On the Internet, every piece of data is routed to an IP address within the underlying architecture. From a human perspective, we deal in names instead of numbers. In other words, it's a lot easier for us to remember www.google.com than 63.96.4.55. but in reality it is only the first few milliseconds after you enter www.google.com into your browser that your computer goes to its named DNS server which is a database that gives your computer the number 63.96.4.55 for google.com, and the number is used from that point onward.

By hijacking a DNS server, a hacker can redirect your computer's internals to any new IP address they wish, frequently IP addressed controlled by them and thus how the reroute is accomplished from your bank to the image they present to capture your login credentials.