Light Reading

Is Comcast Ready for Big Hack Attack?

Mari Silbey
2/11/2014
50%
50%
Repost This

How well would Comcast cope with another security invasion by computer hackers?

In a calculated attack last week, hacking group NullCrew FTS claims to have exploited a known vulnerability in at least 34 Comcast Corp. (Nasdaq: CMCSA, CMCSK) servers throughout the US, potentially gaining access to subscriber payment information and account settings. Comcast said at the time that it had "no evidence to suggest any personal customer information was obtained in this incident."

Others, however, are not so sanguine about Comcast's ability to stave off security threats to its customers. In fact, at least one security expert is recommending that Comcast subscribers change their passwords to protect their accounts from cyber intruders.

"Of course, Comcast should be telling their customers to change their passwords. Even if there was just a chance of a breach, it's still best practice to change your passwords regularly," said cybersecurity analyst Jack Whitsitt. "Any company that is not yet being open with its customers about what's happening with regard to security events is doing themselves a disservice. What is also concerning is that, at least anecdotally, many people don't remember or realize they have an ISP email address and so, if someone were to use theirs, would they even realize it?"

Whitsitt was referring to the fact that all Comcast customers have a master email account, and that this account is used to manage subscriber settings and payment transactions for all cable services. After gaining access to that account, a hacker could use the master email address to share information and control of the account with other parties.

A reporter for ZDNet, Violet Blue, publicly scolded Comcast in a blog post late Sunday night for not being more aggressive in its response to last week's attack. Blue likened Comcast's response to an attempt by Snapchat to downplay its own battle with hackers just over a month ago.

In addition, Blue pointed out that NullCrew FTS, the group claiming credit for the Comcast attack, also claimed responsibility for a similar assault on BCE Inc. (Bell Canada) (NYSE/Toronto: BCE) two weekends ago. So this may be the start of a hacking campaign against North American broadband service providers.

A Comcast spokesperson insisted, though, that the MSO has matters under control. "We take our customers' privacy and security very seriously," he said in an email response to Light Reading late Monday. "We have aggressively investigated this incident and have found no evidence to suggest any customer information was obtained.”

— Mari Silbey, special to Light Reading

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
gconnery
50%
50%
gconnery,
User Rank: Light Sabre
2/13/2014 | 1:28:14 AM
Re: Data
Agreed.  Anyone who has followed the details of the recent Target, Neiman Marcus and Michaels hacking is aware of the normal progression...  at first the company minimizes the number of customers that were affected (only in store purchasers and a small number of them at bat) then that number is increased as forensic security goes to work and realizes more about what is going on (well, actually some online customers were affected too and now the total number affected is 3 times the earlier number, but hey its only email addresses and credit cards with no PINs) then more information is discovered and the numbers go up again (sorry that last count was too small, and oh, it looks like the encryption we used wasn't very good so the PINs were probably accessed too).  For Comcast to pretend up front that they know everything is fine when they don't really know anything at all is ridiculous. 


Good post Mari.  People should change their Comcast passwords.  I just did.  Have you paid your Comcast bill online with a credit card?  Pay attention to this story.
Ashu001
100%
0%
Ashu001,
User Rank: Lightning
2/11/2014 | 9:24:34 AM
Re: Data
KBode,

That itself should ring a Bell-That something is very fishy here.

Why is a Company which is usually very Transparent and upfront of its Upgrades,etc ;Staying Silent here?

Definitely merits a closer Look.

Regards

Ashish.
Ashu001
50%
50%
Ashu001,
User Rank: Lightning
2/11/2014 | 9:22:35 AM
Re: Data
kq4ym,

You have illustrated the Conrundrum that the Likes of Comcast has to face here very effectively.

While they do have a fiduciary responsibility towards their Clients to tell them the truth and reality of the situation at hand here they also have to be responsible towards their Owners and Shareholders and not do something which will damage their Brand Image irreperabably.

Its a Difficult Balancing Act to maintain for sure.

Regards

Ashish.
kq4ym
100%
0%
kq4ym,
User Rank: Light Sabre
2/11/2014 | 7:59:28 AM
Re: Data
It did seem a bit curious when Comcast said no infomation was taken from customer data. On one hand, you would think they would be honest enought to provide the truth of the matter, on the other Comcast wants to protect it's brand and image. It will be no surprise though to eventually find that Comcast was not quite correct in it's assessment of the hack.
KBode
50%
50%
KBode,
User Rank: Light Sabre
2/11/2014 | 7:32:11 AM
Data
The problem is I'm not sure Comcast knows if data was obtained. The NullCrew post didn't contain user data, but it explained how to obtain private data for a period of up to 24 hours. Comcast has been great in discussing network upgrades publicly and openly (like DNSSec) but was pretty quiet about this.
Flash Poll
LRTV Documentaries
Cable Eyes Big Technology Shifts

4|16|14   |   03:02   |   (4) comments


US cable engineers are facing a lot of heavy lifting in the coming years, notes Light Reading Cable/Video Practice Leader Alan Breznick.
LRTV Custom TV
Maximizing Customer Experience & Assuring Service Delivery in an IP World

4|15|14   |   4:57   |   (0) comments


Steven Shalita, VP of Marketing, NetScout Systems, Inc., discusses the challenges cable/MSO operators face in assuring the delivery of new IP-based services. Key points include the value of proactively managing performance, and using rich analytics and operational intelligence to better understand service and usage trends, make smarter business decisions and ...
LRTV Documentaries
Bye-Bye DVD: Consumers Embrace Digital Video

4|10|14   |   04:17   |   (7) comments


Veteran video analyst Colin Dixon, founder and principal analyst of nScreenMedia, says research shows 56% are using digital video already.
LRTV Documentaries
Video: TW Cable Puts Multicast Gateways to the Test

4|8|14   |   04:13   |   (1) comment


Tom Gonder, a chief architect at Time Warner Cable, explains how its trial of multicast gateways is impacting IP-based video plans.
LRTV Custom TV
Managing & Monetizing Big Data in Operator Environments

4|7|14   |     |   (1) comment


At Mobile World Congress, Gigamon's Director of Service Provider Solutions, Andy Huckridge, and Heavy Reading Analyst Sarah Wallace discuss the 'big data' issues facing carriers and operators today.
LRTV Huawei Video Resource Center
Data Center Energy – Build Your Data Center in a Modular Way

4|7|14   |   2:13   |   (0) comments


Dr. Fang Liangzhou, VP Network Energy Product Line, shared his thoughts about the challenges for data centers during CeBIT 2014.
LRTV Huawei Video Resource Center
Agile Network Solution – An Overview of Huawei's Agile Network Solution

4|7|14   |   2:31   |   (0) comments


Ajay Gupta, Director of Product Marketing, Networking Product Line, gives an overview of the Agile Network Solutions during CeBIT 2014.
LRTV Huawei Video Resource Center
Huawei’s eLTE Voice Trunking, Video and Data Applied for Railways

4|7|14   |   1:38   |   (0) comments


Gottfried Winter is the Sales Director at Funkwerk, a German specialist in GSM-r terminals and a long-time partner of Huawei. At CeBIT 2014, Winter talks to Light Reading about this partnership and the integration of enhanced voice trunking, video and data functions.
LRTV Huawei Video Resource Center
LeaseWeb Speaks Highly of Huawei's Datacenter Products

4|7|14   |   1:37   |   (0) comments


Rene Olde Olthof, Operations Director LeaseWeb, talks about the next data center transformation during CeBIT 2014.
LRTV Documentaries
Comcast: Reshaping the Cable Network Architecture

4|3|14   |   07:11   |   (8) comments


Shamim Akhtar, Comcast's architect and senior director of network strategy, explains why the cable company is moving to a more distributed network architecture.
LRTV Custom TV
VMware CEO Pat Gelsinger at Mobile World Congress

4|1|14   |   3:41   |   (0) comments


VMware CEO Pat Gelsinger speaks to Heavy Reading about the value of virtualization spanning from the data center to service provider networks to mobile devices.
LRTV Huawei Video Resource Center
Analysts' Impressions of Huawei SoftCOM at ONS 2014

4|1|14   |   1:11   |   (0) comments


After visiting the Huawei booth at ONS, Lee Doyle of Doyle Research gives his appraisal of Huawei's SoftCOM solution.
Hot Topics
BlackBerry Invests in Healthcare IT Startup
Sarah Reedy, Senior Editor, 4/15/2014
Volvo: AT&T HSPA+ Can Drive My Car
Sarah Reedy, Senior Editor, 4/16/2014
T-Mobile Petitions Operators to Kill Overages
Sarah Reedy, Senior Editor, 4/14/2014
Cisco & VMware Are Apple & Google of SDN
Mitch Wagner, West Coast Bureau Chief, Light Reading, 4/14/2014
Mobile Apps Susceptible to Heartbleed, Too
Sarah Reedy, Senior Editor, 4/14/2014
Like Us on Facebook
Twitter Feed