Where are you pouring us: cybercriminals can use unknown equipment in their homes
Starting on April 6, Internet service providers in Russia will be required to provide management companies of apartment buildings with information about equipment installed in public areas in order to avoid dismantling networks, the State Duma reported. Meanwhile, according to experts, unknown Internet equipment in residential buildings can become a tool for cybercrime. Read more about this threat in the Izvestia article.
Providers and equipment in the entrances
Alexander Yakubovsky, a member of the State Duma Committee on Construction and Housing and Communal Services, told RIA Novosti that from April 6, all equipment installed by providers in public areas in homes must have information about its ownership. If this data is missing, the management company will have to request it from the operators or find the owner on its own.
"If no one responds to this request, if the owner of the networks and equipment is not found, the Criminal Code has the right to dismantle this equipment," Yakubovsky said.
The MP added that the new rule would get rid of "chaotically scattered wires hanging from walls and ceilings." If the provider is denied access to the house to restore order, he will be able to record this fact. According to Yakubovsky, this approach will ensure that the Criminal Code will not be able to damage the providers' networks with impunity.
"We are closely monitoring the situation in this market of services, and we are detecting violations, including when operators are not allowed into homes," the parliamentarian stressed. "In my opinion, we need to tighten administrative responsibility by imposing very serious fines on the Criminal Code for this violation."
How unknown Internet equipment appears in residential buildings
With the high-quality work of the management company, unknown Internet equipment cannot and should not appear, since access to shared networks should be limited and under the protection of the Criminal Code, says Yulia Solovyova, CEO of the Vysota-Service management company, in an interview with Izvestia.
If residents want to connect new Internet service providers, then the installation of networks should take place under the supervision of specialists from the management company and only after approval of the project, which includes a list of all equipment, the interlocutor emphasizes.
Unfortunately, this is not always the case at the moment. As Nikita Novikov, an expert on cybersecurity at Angara Security, explains, unknown Internet equipment in apartment buildings appears due to the lack of proper control from both providers and management companies. When operators were allowed to use common property for free to host their networks, many focused on expanding the infrastructure without paying attention to its organization and maintenance. As a result, a lot of cables and equipment have accumulated in basements and entrances, some of which are not marked, and the owners of some networks have simply lost access to them over time.
— At the same time, sometimes the equipment in the old fund is stored in attics. If it is open, then anyone can access the technology," said Kaspersky ICS CERT expert Vladimir Dashchenko.
In addition, unauthorized connections may appear in apartment buildings, both from local providers operating without proper approvals, and from companies that have left the market, leaving behind unaccounted-for networks.
What is the danger of unknown wires on the walls of the entrance
Unknown Internet equipment in the house is a potential entry point for intruders, Nikita Novikov told Izvestia. The lack of registration and maintenance of the device allows attackers to gain access to it, change settings, and use it to control traffic or attack the local network.
"By connecting to the equipment, attackers can intercept network traffic, gaining access to residents' personal information such as passwords, usernames, and banking information," says Marina Probets, an Internet analyst and expert at Gazinformservice. "The equipment can be used to organize DDoS attacks or as a proxy server to hide its identity. network activity.
According to the expert, it is also possible to create fake Wi-Fi access points to steal information. Intruders can use the installed equipment to monitor residents if it is equipped with cameras or microphones. Finally, uncontrolled networks can cause interference, interfere with the work of providers, or be used to disconnect communications in individual apartments, Nikita Novikov concludes.
At the same time, according to Marina Probets, fraudsters are able to install their fake Internet equipment, disguising it as the equipment of providers. It is difficult to identify it, since outwardly it is often indistinguishable from the present.
—There have been incidents where attackers have installed unauthorized Wi-Fi access points or laid cables, disguising them as provider networks in order to create data leakage channels or deploy hidden proxy servers," Nikita Novikov recalls. — The greatest risk of such attacks exists in buildings with a high concentration of commercial or government structures, where interest in data interception is particularly high.
How to protect yourself from cyber threats with unknown equipment
It is important to carry out regular inspections of equipment in public areas and keep records of those responsible for it, Nikita Novikov recommends. At the same time, it is necessary to ensure the physical security of the equipment by allowing access to it only by authorized specialists. Local area networks must be protected using modern security standards, such as WPA3 for Wi-Fi.
— It is necessary to monitor the condition of the wiring and equipment in order to prevent unauthorized connections, — says the interlocutor of Izvestia. — Residents of an apartment building should be informed about the risks of connecting devices to unfamiliar networks. You should use complex passwords for your devices and update them regularly. It is also recommended to enable two-factor authentication wherever possible, periodically check the list of devices connected to your router and pay attention to unknown ones.
In turn, Marina Probets adds that any suspicious gadgets should be reported to the management company or the Internet service provider.
— Do not connect to open Wi-Fi networks, especially to perform operations with confidential data, — says the expert. — And using VPN services can provide an additional level of protection when working on the Internet.
Переведено сервисом «Яндекс Переводчик»
