How hackers use routers to steal banking information

It seems like each day there is news of yet another innovative hacking scheme. Thieves are constantly thinking up new ways to rip you off. One of the most recent methods they have come up with is router hacking.

To understand this, we need to look at some of the things your router does for you. First of all it provides a way for your computer, cell phone, tablet and other devices to talk to web sites and mail servers on the Internet. It also functions as an address book of sorts. You have probably seen an IP address before. It is a series of numbers like Each server on the Internet has a unique IP address. It is sort of like a street address because your computer uses the IP address to find the server.

But your computer does not start with that address. It starts with what you type into the browser. For example, when you want to do some online banking, you may type in "" and pull up the Chase web site. For your computer to find the server that hosts the "" web site, it has to ask your router for the IP address for that name. Your router does not contain an address list for the entire Internet so it turns around and asks your service provider (AT&T, Comcast, Windstream, Entouch, etc) for the IP address for "".

Once your computer is provided the IP address, it can communicate with the Chase banking site and display the web page where you will enter your username and password to access your accounts.

Here is the problem. The hackers can tell your router to query their own server instead of asking your service provider for the IP address for "". When this happens, the hacker's server lies to your computer and sends it to the wrong IP address. When your computer then communicates with this server at the wrong address, that server pretends to actually be "". You even see a web site that looks just like the real Chase banking web site. So you innocently type in your username and password and the thieves have it.

Hackers can use the same ruse to gain access to your Gmail, Yahoo!, facebook or any other online account.

So how do they get into your router?

There are a few ways this can happen, but most often it is via malware downloaded on a computer on your network. There are security vulnerabilities on many of the most popular router models and the malware takes advantage of these to make malicious changes to your router's configuration.

How to protect your router

Of course a new hacking scheme can come out tomorrow so you are never 100% safe from hackers, but here are some things you can do to try to protect yourself. You may need to contact the support for your router manufacturer to get help with some of these tasks:

  • Change the user name used to login to your router. Most routers use "admin". If your router will allow you, change it.
  • Change the default password to login to your router.
  • Update the firmware on your router to the latest version. The firmware is the program that manages your router. Most models allow you to easily check for and install updates. The router manufacturers fix security vulnerabilities as they are found and firmware updates is how you install the fixes.
  • Most routers allow remote administration. This means if you know the username and password, you could login to your router to configure it even if you are not home. Disable this feature.
  • Configure your router to WPA2 security for the wireless network
  • For even more security upgrade to a business class router from Cisco or Sonic Wall.

If you need help with your network or with securing your router, call Preactive IT Solutions at (281) 494-0894.