Used Routers Fully Loaded With Corporate Secrets for Just $100

Researchers at ESET found that hardware on resale in the market consisted of highly confidential information such as IPsec or VPN credentials, hashed root passwords, and much more.

Second-Hand sales of computing equipment have been in place ever since the introduction of computers and their hardware parts.

Every company relies on its managed service providers or e-waste contractors for the decommissioning procedures.

Unfortunately, this equipment, like corporate routers or any other network managing devices, did not have great decommissioning and wiping procedures, which led to the disclosure of confidential information.

Researchers also mentioned that this highly classified corporate information equipment was resale for just $100 – $150.

Threat actors who plan to attack the infrastructure can get this information for just $100, which they can use for planning an attack.

Another overwhelming fact is that this equipment was sometimes owned by organizations that include cloud computing businesses or data centers, who must be aware of how to wipe this information during decommissioning of the equipment.

According to the report, the information that was revealed during the analysis included,

• Customer data – 22%
• Data of Third-party connections to the network – 33%
• Credentials for connecting to other networks as a trusted party – 44
• Connection details for specific applications – 89%
• Router-to-router authentication keys – 89%
• IPsec or VPN credentials, or hashed root passwords – 100%
• Data to identify the former owner/operator – 100%

The report also mentioned that it was hard for the researchers to contact the companies whose data had been exposed in the analysis.

Most of this data exposure is due to human error, which could lead to a potential data breach.

“Equally concerning was the difficulty the team experienced during the disclosure process when attempting to contact the companies concerned, to disclose that our researchers were in possession of a device with the company’s sensitive network configuration data.” reads the report published by ESET.

ESET used 18 routers for testing and analytic purposes. The list of routers used for analysis by ESET researchers is given below

Manufacturer	Device Type	Number
Cisco Systems	ASA 5500 series	4
Fortinet	FortiGate series	3
Juniper Networks	SRX Series Services Gateway	11

In these routers, accessible were several network configuration data were extracted by the ESET research team. The data is given in proportion to the data extracted.

Network Configuration Data	Number	Percentage
Complete Configuration Data available	9	56.25
Wiped Properly	5	31.25
Hardened	2	12.5
Dead (no recoverable data	1	N/A
Second Device in Mirror pair	1	N/A

Source: ESET

Companies that were identified during the analysis and details of their type of business and revenue are listed below.

Vertical	Reach	Employees	Revenue (US$, M)
Light Manufacturing/supplier	Direct data services, as well as managed MSP services for the region	5-50	5-25
Legal	Nationwide (US) law firm	50-100	5-25
Creative	Products/subassemblies integrated into larger companies’ products	100-500	25-100
Services multiple tiers one, household brand companies	Multinational Technology Company	100-500	25-100
MSP	Manages fintech companies	100-500	25-100
Open-source software	Has over 100 million users, worldwide	100-500	500-1000
Events	Operates trade shows and equipment rentals	1000-5000	25-100
Multinational Technology company	Global data company	10000+	1000+
Telecoms	This was CPE (Customer Premises Equipment) for a transportation company	10000+	1000+

Every organization needs to decommission any computing equipment and have a clean wiping procedure before making the computing equipment available to the resale market.

Network Security Checklist – Download Free E-Book

Also, Read

HiatusRAT Malware Attack Routers to Gain Remote Access & Download Files

Multiple Flaws in Cisco Small Business Routers Allow Remote Attackers to Execute Arbitrary Code

Russia Based Cyclops Blink Malware Targeting ASUS Routers Models

FritzFrog Botnet Targeting SSH server, Data Center Servers, and Routers