FBI Issues Dangerous Streaming Hack Warning For Hundreds Of Millions

The Federal Bureau of Investigation has issued a public service advisory containing a critical security warning for all streamers: hackers could be using your devices to steal passwords and data and to carry out cyberattacks. The risk of compromise from budget devices is very real, as the latest news regarding Android tablets shipping with a firmware-installed backdoor demonstrated, but it’s not only streamers looking to save a few dollars that need to be alert. Here’s what you need to know about FBI alert number I-031226-PSA.

MORE FROM FORBESGoogle Confirms High-Risk Update For 3.5 Billion Chrome UsersBy Davey Winder

FBI Alert I-031226-PSA: Evading Residential Proxy Networks

Although it is all too easy to point and laugh at the FBI when its director, Kash Patel, has just had his personal Gmail account hacked by Iranian threat actors and published for all to see, that would be a mistake. When it comes to cybersecurity matters, the FBI remains a credible source for public service advisories and attack mitigation guidance. This is very apparent with the publication of I-031226-PSA, an advisory that issues a critical security warning to people who stream content. And that, dear reader, is pretty much every single one of us in this age of streaming TV and social media. The threat involved, that of residential proxy networks, is both very real and very dangerous. And not just to you, but the people who could be on the receiving end of the attacks they can enable. “Cyber threat actors use residential proxies to facilitate illicit activities,” the FBI said, “while obfuscating their true identities and locations by routing internet traffic through home and small business internet networks.”

The ongoing threats are, quite frankly, as dangerous as they are diverse. The FBI included a long list of these as part of the public service advisory, and it’s worth repeating just three of them here:

Account takeovers: “If a victim’s bank account credentials are leaked on the dark web, criminals could obtain a residential proxy IP address in the same city as the victim and log in to the compromised bank account,” the FBI stated. By doing so, the bank is less likely to spot the suspicious activity and stop it.

Phishing and identity theft: Residential proxies can be used to “host phishing infrastructure or log in to accounts using stolen credentials without triggering geolocation-based alerts,” the FBI warned.

Brute force attacks: Residential proxies allow cyber attackers to “rapidly rotate between a large number of IPs, bypassing rate limits and lockout mechanisms,” the FBI confirmed, which is very serious given how commonplace such attacks are today.

MORE FROM FORBES‘Hack Yourself’ Apple Attack Steals Mac PasswordsBy Davey Winder

FBI Defines Residential Proxy Networks, Provides Mitigation Recommendations For Streamers

The FBI definition of a residential proxy is as good as any I have seen, describing it as being “an intermediary server between individuals and websites they visit to make their connections appear to originate elsewhere.” What they do is route a user request through a different device, often a TV streaming device, smartphone or router, for example. “Once an internet-connected device is compromised,” the FBI explained, “the device’s IP address can be used by threat actors to mask their online illegal activity, making the consumer appear responsible.”

Understanding how your device can become compromised in this way is key to understanding how to mitigate the threat. You might download an app that unwittingly uses such a proxy, your router or streaming device might be compromised by a hacker, or you could download malware with a payload that includes using a proxy network.

To mitigate the risk, the FBI said, people should avoid using streaming devices offering free or cheap access to paid-for services, be cautious of downloading free VPN applications, not download pirated movies or software, only use trusted app stores and always keep device firmware and platform operating systems up to date with security patches and revisions.