Light Reading
Concerned about Comcast's precautions, experts recommend that subscribers change their account passwords after last week's apparent hacker attack on MSO.

Is Comcast Ready for Big Hack Attack?

Mari Silbey
2/11/2014
50%
50%

How well would Comcast cope with another security invasion by computer hackers?

In a calculated attack last week, hacking group NullCrew FTS claims to have exploited a known vulnerability in at least 34 Comcast Corp. (Nasdaq: CMCSA, CMCSK) servers throughout the US, potentially gaining access to subscriber payment information and account settings. Comcast said at the time that it had "no evidence to suggest any personal customer information was obtained in this incident."

Others, however, are not so sanguine about Comcast's ability to stave off security threats to its customers. In fact, at least one security expert is recommending that Comcast subscribers change their passwords to protect their accounts from cyber intruders.

"Of course, Comcast should be telling their customers to change their passwords. Even if there was just a chance of a breach, it's still best practice to change your passwords regularly," said cybersecurity analyst Jack Whitsitt. "Any company that is not yet being open with its customers about what's happening with regard to security events is doing themselves a disservice. What is also concerning is that, at least anecdotally, many people don't remember or realize they have an ISP email address and so, if someone were to use theirs, would they even realize it?"

Whitsitt was referring to the fact that all Comcast customers have a master email account, and that this account is used to manage subscriber settings and payment transactions for all cable services. After gaining access to that account, a hacker could use the master email address to share information and control of the account with other parties.

A reporter for ZDNet, Violet Blue, publicly scolded Comcast in a blog post late Sunday night for not being more aggressive in its response to last week's attack. Blue likened Comcast's response to an attempt by Snapchat to downplay its own battle with hackers just over a month ago.

In addition, Blue pointed out that NullCrew FTS, the group claiming credit for the Comcast attack, also claimed responsibility for a similar assault on BCE Inc. (Bell Canada) (NYSE/Toronto: BCE) two weekends ago. So this may be the start of a hacking campaign against North American broadband service providers.

A Comcast spokesperson insisted, though, that the MSO has matters under control. "We take our customers' privacy and security very seriously," he said in an email response to Light Reading late Monday. "We have aggressively investigated this incident and have found no evidence to suggest any customer information was obtained.

— Mari Silbey, special to Light Reading

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
gconnery
50%
50%
gconnery,
User Rank: Light Sabre
2/13/2014 | 1:28:14 AM
Re: Data
Agreed.  Anyone who has followed the details of the recent Target, Neiman Marcus and Michaels hacking is aware of the normal progression...  at first the company minimizes the number of customers that were affected (only in store purchasers and a small number of them at bat) then that number is increased as forensic security goes to work and realizes more about what is going on (well, actually some online customers were affected too and now the total number affected is 3 times the earlier number, but hey its only email addresses and credit cards with no PINs) then more information is discovered and the numbers go up again (sorry that last count was too small, and oh, it looks like the encryption we used wasn't very good so the PINs were probably accessed too).  For Comcast to pretend up front that they know everything is fine when they don't really know anything at all is ridiculous. 


Good post Mari.  People should change their Comcast passwords.  I just did.  Have you paid your Comcast bill online with a credit card?  Pay attention to this story.
Ashu001
100%
0%
Ashu001,
User Rank: Lightning
2/11/2014 | 9:24:34 AM
Re: Data
KBode,

That itself should ring a Bell-That something is very fishy here.

Why is a Company which is usually very Transparent and upfront of its Upgrades,etc ;Staying Silent here?

Definitely merits a closer Look.

Regards

Ashish.
Ashu001
50%
50%
Ashu001,
User Rank: Lightning
2/11/2014 | 9:22:35 AM
Re: Data
kq4ym,

You have illustrated the Conrundrum that the Likes of Comcast has to face here very effectively.

While they do have a fiduciary responsibility towards their Clients to tell them the truth and reality of the situation at hand here they also have to be responsible towards their Owners and Shareholders and not do something which will damage their Brand Image irreperabably.

Its a Difficult Balancing Act to maintain for sure.

Regards

Ashish.
kq4ym
100%
0%
kq4ym,
User Rank: Light Sabre
2/11/2014 | 7:59:28 AM
Re: Data
It did seem a bit curious when Comcast said no infomation was taken from customer data. On one hand, you would think they would be honest enought to provide the truth of the matter, on the other Comcast wants to protect it's brand and image. It will be no surprise though to eventually find that Comcast was not quite correct in it's assessment of the hack.
KBode
50%
50%
KBode,
User Rank: Light Sabre
2/11/2014 | 7:32:11 AM
Data
The problem is I'm not sure Comcast knows if data was obtained. The NullCrew post didn't contain user data, but it explained how to obtain private data for a period of up to 24 hours. Comcast has been great in discussing network upgrades publicly and openly (like DNSSec) but was pretty quiet about this.
Educational Resources
sponsor supplied content
Educational Resources Archive
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Custom TV
Distributed Access Architectures – 2

10|21|14   |   8:51:00 AM   |   (0) comments


ARRIS CTO Network Solutions Tom Cloonan discusses why many if not most MSOs will continue with integrated CCAP, while addressing why some are also looking at two futuristic, distributed access architectures: Remote PHY and Remote CCAP.
LRTV Custom TV
Distributed Access Architectures – 1

10|21|14   |   9:01   |   (0) comments


SCTE Sr. Director of Engineering Dean Stoneback discusses the pros and cons of distributed access architecture (DAA) and its various forms, which range from basic Remote PHY to full CMTS functionality in the node.
LRTV Custom TV
The WiFi Road to Riches – 2

10|21|14   |   3:58   |   (0) comments


ARRIS Senior Solution Architect Eli Baruch talks about how MSOs can enable public and community WiFi through 1) outdoor access points, 2) businesses seeking to offer WiFi to customers, and 3) residential WiFi gateway extensions.
LRTV Custom TV
The WiFi Road to Riches – 1

10|21|14   |   10:15   |   (0) comments


SCTE Director of Advanced Technologies Steve Harris discusses WiFi deployments, drivers, challenges and advances, including 802.11ac, carrier-grade WiFi, community WiFi, Hotspot 2.0, Passpoint, WiFi-First and voice-over-WiFi.
LRTV Custom TV
Advantech Accelerates 100G Traffic Handling

10|17|14   |   7:56   |   (0) comments


Paul Stevens from Advantech explains why handling 100GbE needs a whole new platform design approach and how Advantech is addressing the needs of equipment providers and carriers to give them the flexibility and performance they will need for SDN and NFV deployment.
LRTV Huawei Video Resource Center
Holland's Imtech Traffic & Infra Discusses Huawei's ICT Solution and Services

10|16|14   |   4:49   |   (0) comments


Dimitry Theebe is from the business unit at Imtech Traffic & Infra which delivers communications solutions for transportations. His partnershp with Huawei began about a years ago. In this video, Theebe speaks more about this partnership and what he hopes to accomplish with Huawei.
LRTV Huawei Video Resource Center
Huawei's Comprehensive Storage Solutions Vital for SVR

10|16|14   |   6:16   |   (0) comments


SVR Information Technology provides cloud services for academic and special sectors. With Huawei's support, SVR and Yildiz Technical University has established Turkey's largest and most advanced High Performance Computing system. CSO Ismail Cem Aslan talks about what he hopes Huawei's OceanStor storage system will bring for him.
LRTV Huawei Video Resource Center
Mexico's Servitron's Impression of Huawei at CCW 2014

10|16|14   |   6:35   |   (0) comments


Servitron is a network operator in Mexico that has been in the trunking industry for the past 20 years. Its COO, Ing. Ragnar Trillo O., explains at Critical Communications World 2014 that his company has been interested in the long-term evolution of LTE technology and its adoption for TETRA.
LRTV Huawei Video Resource Center
Building a Better Dubai

10|16|14   |   2:06   |   (0) comments


Abdulla Ahmed Al Falasi is the director of commercial affairs, a telecommunications coordinator for the government of Dubai. Their areas of service span across multiple industries, including police, safety, shopping malls and more. In this video, Abdulla talks about his department's work with Huawei.
LRTV Huawei Video Resource Center
Huawei Lights Up Malaysia Partner Maju Nusa

10|16|14   |   1:59   |   (0) comments


Malaysia's Maju Nusa is an enterprise partner to Huawei in networking, route switches and telco equipment. At this year's Critical Communications World in Singapore, CTO Pushpender Singh talks about what Huawei's eLTE solutions mean to his company and for Malaysia.
LRTV Custom TV
Evolving From HFC to FTTH Networks

10|15|14   |   2:19   |   (0) comments


Cisco's Todd McCrum delves into the future of cable's HFC plant, examining how DOCSIS 3.1 and advanced video compression will extend its life and how the IP video transition will usher in GPON and EPON over FTTH.
LRTV Custom TV
Exploring the Future of Cable Access

10|15|14   |   6:23   |   (0) comments


Cisco's Brett Wingo looks at where cable access architectures are heading, discussing the impact of DOCSIS 3.1, CCAP, Remote PHY, SDN, virtualization of cable networks and related technologies.
Upcoming Live Events
October 29, 2014, New York City
November 6, 2014, Santa Clara
November 11, 2014, Atlanta, GA
December 2, 2014, New York City
December 3, 2014, New York City
December 9-10, 2014, Reykjavik, Iceland
June 9-10, 2015, Chicago, IL
Infographics
WhoIsHostingThis.com presents six of the world's most extreme WiFi hotspots, enabling the most epic selfies you can imagine.
Hot Topics
HBO Will Go OTT in 2015
Mari Silbey, Independent Technology Editor, 10/15/2014
Google: Carriers & Cloud Providers Need to Cooperate
Mitch Wagner, West Coast Bureau Chief, Light Reading, 10/16/2014
iPad Air 2 Lets Users Switch Carriers Any Time
Mitch Wagner, West Coast Bureau Chief, Light Reading, 10/17/2014
Could Data Be the New 'Currency'?
Ray Le Maistre, Editor-in-chief, 10/16/2014
CBS Takes OTT Plunge
Mari Silbey, Independent Technology Editor, 10/16/2014
Like Us on Facebook
Twitter Feed