Lumen’s Black Lotus Labs detected the event; the post answers all of your concerns.

The source document from Black Lotus details the behavior of the malware used to brick the equipment. It does NOT make any statements or claims that the targeted devices were being used in botnet activity, which is the accusation made by Mr. Perens in his post. 

On Mon, Jun 3, 2024 at 9:27 AM Howard, Lee <LeeHoward@hilcostreambank.com> wrote:

In the second paragraph, he cites his source: https://blog.lumen.com/the-pumpkin-eclipse/

 

Lumen’s Black Lotus Labs detected the event; the post answers all of your concerns. Further, they remark that this was an especially sophisticated infection, that hid its tracks well.

 

Lee

 

From: NANOG <nanog-bounces+leehoward=hilcostreambank.com@nanog.org> On Behalf Of Tom Beecher
Sent: Sunday, June 2, 2024 4:23 PM
To: Dave Taht <dave.taht@gmail.com>
Cc: NANOG <nanog@nanog.org>
Subject: Re: 600,000 routers bricked

 

This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.

 

That post from Mr. Perens about this is honestly really shitty. 

 

1. Is he right that Lumen has to shoulder blame for not keeping CPE updated with exploit free software? Certainly. 

2. Making a claim that all 600k of these routers were being used as botnet zombies without any supporting evidence is really poor form. 

3. Even if we assert that 50% of these devices were exploited for botnet activity, that means 50% WEREN'T.  We shouldn't be applauding 300k people/businesses that just had their internet connectivity yeeted away from them through zero fault or their own. 

4. "I've never heard of these router manufactures" is exceptionally ignorant. ActionTec has been around since the early 90s. Sagemcom wasn't someone I've heard of before , but so what. 

 

Yes, CPE provided by ISPs can be a problem. But applauding asshats who bricked all this stuff as some noble event that should be "applauded" as he says is really, really stupid. It's not going to meaningfully move the needle with how ISPs handle this stuff, and all it did was inconvenience a LOT of end users.