this post was submitted on 17 Feb 2024
432 points (98.0% liked)
Technology
59299 readers
4990 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
An important detail to mention is that every router involved were very old Ubiquiti EdgeRouters which were EOL’d like a year or two ago and they had remote administration enabled and were still using the default admin user and password.
I was running an edge router x until a few months ago. It was the cheapest set up to deploy a unifi wireless access point for my apartment. I was worried until I read:
Change you default passwords friends. Given that the edge router is not the most noob friendly device to set up, I'm curious how the user base of these devices is not changing the PW.
Aka people who just plugged it in and left it as long as it works. These are not the kind of people who would have done anything if informed that they had an issue. On one hand I don't like the idea of governments fixing private property, but they were never going to be fixed by the owner.
Well the government wasn’t “fixing private property”, as much as they were “expelling hostile foreign nationals from private property that were being utilized for malicious purposes”. They only acted in the case that one of these devices was an active participant in a botnet.
I know the government touching your stuff is an icky thought, I agree. But the only alternative in this case is you being held personally liable for your devices being used to commit cyber crime by a hostile government entity, which is a much worse thought.
Like if you own a gun and it’s stolen and you don’t report it, and a crime is committed with it, you can be charged with a crime in many states. It wouldn't be the biggest leap for something like that to apply here, if not now then in the future. I think the government fixing the problem for us and leaving us alone about it is just about the best outcome we could ask for.