Light Reading
Concerned about Comcast's precautions, experts recommend that subscribers change their account passwords after last week's apparent hacker attack on MSO.

Is Comcast Ready for Big Hack Attack?

Mari Silbey
2/11/2014
50%
50%

How well would Comcast cope with another security invasion by computer hackers?

In a calculated attack last week, hacking group NullCrew FTS claims to have exploited a known vulnerability in at least 34 Comcast Corp. (Nasdaq: CMCSA, CMCSK) servers throughout the US, potentially gaining access to subscriber payment information and account settings. Comcast said at the time that it had "no evidence to suggest any personal customer information was obtained in this incident."

Others, however, are not so sanguine about Comcast's ability to stave off security threats to its customers. In fact, at least one security expert is recommending that Comcast subscribers change their passwords to protect their accounts from cyber intruders.

"Of course, Comcast should be telling their customers to change their passwords. Even if there was just a chance of a breach, it's still best practice to change your passwords regularly," said cybersecurity analyst Jack Whitsitt. "Any company that is not yet being open with its customers about what's happening with regard to security events is doing themselves a disservice. What is also concerning is that, at least anecdotally, many people don't remember or realize they have an ISP email address and so, if someone were to use theirs, would they even realize it?"

Whitsitt was referring to the fact that all Comcast customers have a master email account, and that this account is used to manage subscriber settings and payment transactions for all cable services. After gaining access to that account, a hacker could use the master email address to share information and control of the account with other parties.

A reporter for ZDNet, Violet Blue, publicly scolded Comcast in a blog post late Sunday night for not being more aggressive in its response to last week's attack. Blue likened Comcast's response to an attempt by Snapchat to downplay its own battle with hackers just over a month ago.

In addition, Blue pointed out that NullCrew FTS, the group claiming credit for the Comcast attack, also claimed responsibility for a similar assault on BCE Inc. (Bell Canada) (NYSE/Toronto: BCE) two weekends ago. So this may be the start of a hacking campaign against North American broadband service providers.

A Comcast spokesperson insisted, though, that the MSO has matters under control. "We take our customers' privacy and security very seriously," he said in an email response to Light Reading late Monday. "We have aggressively investigated this incident and have found no evidence to suggest any customer information was obtained.”

— Mari Silbey, special to Light Reading

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
gconnery
50%
50%
gconnery,
User Rank: Light Sabre
2/13/2014 | 1:28:14 AM
Re: Data
Agreed.  Anyone who has followed the details of the recent Target, Neiman Marcus and Michaels hacking is aware of the normal progression...  at first the company minimizes the number of customers that were affected (only in store purchasers and a small number of them at bat) then that number is increased as forensic security goes to work and realizes more about what is going on (well, actually some online customers were affected too and now the total number affected is 3 times the earlier number, but hey its only email addresses and credit cards with no PINs) then more information is discovered and the numbers go up again (sorry that last count was too small, and oh, it looks like the encryption we used wasn't very good so the PINs were probably accessed too).  For Comcast to pretend up front that they know everything is fine when they don't really know anything at all is ridiculous. 


Good post Mari.  People should change their Comcast passwords.  I just did.  Have you paid your Comcast bill online with a credit card?  Pay attention to this story.
Ashu001
100%
0%
Ashu001,
User Rank: Lightning
2/11/2014 | 9:24:34 AM
Re: Data
KBode,

That itself should ring a Bell-That something is very fishy here.

Why is a Company which is usually very Transparent and upfront of its Upgrades,etc ;Staying Silent here?

Definitely merits a closer Look.

Regards

Ashish.
Ashu001
50%
50%
Ashu001,
User Rank: Lightning
2/11/2014 | 9:22:35 AM
Re: Data
kq4ym,

You have illustrated the Conrundrum that the Likes of Comcast has to face here very effectively.

While they do have a fiduciary responsibility towards their Clients to tell them the truth and reality of the situation at hand here they also have to be responsible towards their Owners and Shareholders and not do something which will damage their Brand Image irreperabably.

Its a Difficult Balancing Act to maintain for sure.

Regards

Ashish.
kq4ym
100%
0%
kq4ym,
User Rank: Light Sabre
2/11/2014 | 7:59:28 AM
Re: Data
It did seem a bit curious when Comcast said no infomation was taken from customer data. On one hand, you would think they would be honest enought to provide the truth of the matter, on the other Comcast wants to protect it's brand and image. It will be no surprise though to eventually find that Comcast was not quite correct in it's assessment of the hack.
KBode
50%
50%
KBode,
User Rank: Light Sabre
2/11/2014 | 7:32:11 AM
Data
The problem is I'm not sure Comcast knows if data was obtained. The NullCrew post didn't contain user data, but it explained how to obtain private data for a period of up to 24 hours. Comcast has been great in discussing network upgrades publicly and openly (like DNSSec) but was pretty quiet about this.
Educational Resources
sponsor supplied content
Educational Resources Archive
Flash Poll
Wagner’s Ring
Data Centers Drive Telcos Into the Future

8|28|14   |   2:20   |   (2) comments


Data centers are at the heart of key trends driving telecom -- network virtualization, the drive for increased agility, and the need to compete with OTT providers.
LRTV Custom TV
Why SPs Should Consider Cisco's EPN

8|27|14   |   5:40   |   (0) comments


Sultan Dawood from Cisco discusses Cisco's EPN, which enables SPs to build agile and programmable networks delivering new network virtualized services using Cisco's Evolved Services Platform (ESP).
LRTV Huawei Video Resource Center
Huawei’s Showcase @ Big Telecom Event 2014

8|26|14   |   2.56   |   (0) comments


SoftCOM is Huawei's framework for telecom business and network transformation. Haofei Liu, Solution Marketing Manager, Carrier Business Group, Huawei, showcases Huawei's SoftCOM architecture in this video.
LRTV Huawei Video Resource Center
Huawei @ BTE 2014: Director of Integrated Solutions on SoftCOM & NFV Monetization

8|26|14   |   4.43   |   (0) comments


Libin Dai, Director of Integrated Solutions, Carrier Business Group, discusses Huawei's SoftCOM and NFV monetization. Huawei believes that NFV monetization should be service-driven rather than network-driven, and that operators should have network transformation, service transformation and a compatible and collaborative ecosystem in place in order to deploy NFV.
LRTV Huawei Video Resource Center
Huawei @ BTE 2014: Director of US NFV Lab on CloudEdge & the Future of NFV

8|26|14   |   4.06   |   (0) comments


Sean Chen, Director of US NFV Lab at Huawei, discusses Huawei's new approach to NFV in open collaboration. Huawei believes that through Proof of Concept tests, it could help operators learn and communicate with the industry more effectively. Sean believes that successful implementation of NFV should have its values reaching to end users and discusses how Huawei's ...
LRTV Huawei Video Resource Center
Huawei's Highlights @ Big Telecom Event 2014

8|26|14   |   3.34   |   (0) comments


At the Big Telecom Event in Chicago Huawei showcases its high-level strategy, the SoftCOM architecture, which helps operators reduce the cost of ownership of their network infrastructure and generate additional revenue in the ICT service environment. Huawei showcases over 30 pilot programs from across the globe, focusing on the industry-leading commercial ...
LRTV Custom TV
VeEX – Live from the Show

8|21|14   |   5:58   |   (0) comments


An overview of VeEX Test and Measurement solutions including TX300S multi-service test set with VeExpress cloud-based management system, UX400 universal modular platform supporting 100G testing, and the redesigned RXT modular platform.
LRTV Custom TV
Transitioning CE 2.0 Networks Into the SDN & NFV Era With Telco Systems

8|19|14   |   5:19   |   (0) comments


Telco Systems' Ariel Efrati (CEO) and Moshe Shimon (VP of Product Management) discuss virtualization and how the company's new Open Metro Edge solution utilizes the SDN and NFV concepts to accelerate and orchestrate service delivery through its innovative product portfolio and software applications.
LRTV Custom TV
NFV Myths: Is NFV Still Several Years Away?

8|11|14   |   1:13   |   (0) comments


Some say that NFV (network functions virtualization) is still several years away from being implemented on mobile operator networks. This isn't the case. Operators can get started on their paths to NFV now, as this short video from Skyfire shows.
LRTV Custom TV
A New Security Paradigm in SDN/NFV

7|28|14   |   02:54   |   (0) comments


Paul Shaneck, Global Director Network Solutions for Symantec, discusses the evolving virtualized network, explaining how Symantec is leading the security discussion as it relates to SDN and NFV, and helping to ensure the network is protected and compliant.
LRTV Documentaries
Sprint's Network Evolution

7|24|14   |   14:59   |   (0) comments


Sprint's Jay Bluhm gives a keynote speech at the Big Telecom Event (BTE) about Sprint's network and services evolution strategy, including Spark.
LRTV Documentaries
BTE Keynote: The Software-Defined Operator

7|24|14   |   18:43   |   (1) comment


Deutsche Telekom's Axel Clauberg explains the concept of the software-defined operator to the Big Telecom Event (BTE) crowd.
Upcoming Live Events!!
September 16, 2014, Santa Clara, CA
September 16, 2014, Santa Clara, CA
September 23, 2014, Denver, CO
October 29, 2014, New York City
November 6, 2014, Santa Clara
November 11, 2014, Atlanta, GA
December 9-10, 2014, Reykjavik, Iceland
June 9-10, 2015, Chicago, IL
Infographics
A survey conducted by Vasona Networks suggests that 72% of mobile users expect good performance all the time, and they'll blame the network operator when it's not up to par.
Today's Cartoon
Hot Topics
Rogers, Shaw Take Aim at Netflix
Mari Silbey, Independent Technology Editor, 8/26/2014
Utilities to Pump $11.2B Into Smart Grid – Study
Jason Meyers, Senior Editor, Utility Communications/IoT, 8/26/2014
Verizon Launches QR Code Security Solution
Carol Wilson, Editor-at-large, 8/26/2014
Nokia's Maps Land on Samsung Devices
Sarah Reedy, Senior Editor, 8/29/2014
Verizon to Launch HD VoLTE in 'Coming Weeks'
Sarah Reedy, Senior Editor, 8/26/2014
Like Us on Facebook
Twitter Feed