Analysis of the Internet outage on Internet subscribers in Yemen
مشتركي الانترنت في اليمن و مشاكل الانقطاع على مشتركي الانترنت في اليمن
In this article, we will analyze the breakdown of the Internet on Internet subscribers in Yemen due to international cyber attacks.
The Public Telecommunications Corporation in Sana’a said that the national internet network has been subjected to international uproar that has taken many countries around the world including Yemen, causing the cancellation of ADSL modems settings for some subscribers, and therefore the devices are no longer ready to receive the service.
We will describe scenarios of hacker attacks and their purposes, and from the inquiry of some participants and from our experience in the field of information security, we will explain the details of the electronic attacks that occurred.
How the modems were accessed in Yemen
Access to modems is very easy for hackers. When a specific country is targeted, for example, screening tools are used to scan IP addresses to cover all possible scenarios in the country.
Such as the range of IPE addresses in Yemen 184.108.40.206 In order to examine the scope of the examination is from 220.127.116.11 to 18.104.22.168 This was one example. Here the hackers got access to the addresses of certain countries, but what after knowing the range of certain addresses and what comes the second step by the hackers to do the damage done to the Internet subscribers?
How modems have been compromised and access to their settings
There are two ways of the hacking scenario we will start with something expected Hua reason but may say certainly
The first method of attack
A new vulnerability for D-Link modems called Unauthenticated Remote DNS Change on 2017-06-18
This vulnerability has been deployed, including two ways to exploit Exploit has been published as the work of this gap will change the settings of the DNS remotely without access to user powers as the vulnerability of the vulnerability enables the hackers to do the following in your network:
- Changing the DNS settings and manipulating the sites you visit, which takes you to fake pages of real sites you visit, for example, when you visit the site, you will find a fake page of the site in the real domain of Facebook and other manipulation aimed at the user in fraud or any other goal of the hackers.
- Replace ads with special ads that hackers place for profit or evil purposes.
- Data transfer control, for example, may tamper with downloading updates to your Windows system or anti-virus for any purpose that hackers are trying to penetrate.
- Display dangerous things such as pornographic objects or malware files infecting your computer.
This is expected and certain because DNS has been manipulated and the gap is synchronized and modern with the attacks that have occurred as statistics indicate that the attacks across the gaps in Yemen have increased in the last week which confirms the targeting of Yemen through gaps of this kind.
Possible scenario: via default passwords and Remote Access
We will talk about this danger in order to take preventive protection from any other attacks where the difference between what was mentioned previously and what we will talk on the first way without knowing the password of the user and the second way by knowing the user password and there are easy tools that can be used hackers.
The hacker checks the IP address ranges, as mentioned above, but here it is added that guess the username and password admin admin where most modems do not change their default passwords by the user and here can implement any modifications such as DNS and others.
What is the preventive measure?
First you need to change the default password admin and close the Remote Access property.
Upgrade any settings or system based on the modem that has a vulnerability that is downloaded from the modem manufacturer’s website.
If the settings are changed, follow the instructions for setting the settings from Yemen Net in the link below.