Light Reading

Is Comcast Ready for Big Hack Attack?

Mari Silbey

How well would Comcast cope with another security invasion by computer hackers?

In a calculated attack last week, hacking group NullCrew FTS claims to have exploited a known vulnerability in at least 34 Comcast Corp. (Nasdaq: CMCSA, CMCSK) servers throughout the US, potentially gaining access to subscriber payment information and account settings. Comcast said at the time that it had "no evidence to suggest any personal customer information was obtained in this incident."

Others, however, are not so sanguine about Comcast's ability to stave off security threats to its customers. In fact, at least one security expert is recommending that Comcast subscribers change their passwords to protect their accounts from cyber intruders.

"Of course, Comcast should be telling their customers to change their passwords. Even if there was just a chance of a breach, it's still best practice to change your passwords regularly," said cybersecurity analyst Jack Whitsitt. "Any company that is not yet being open with its customers about what's happening with regard to security events is doing themselves a disservice. What is also concerning is that, at least anecdotally, many people don't remember or realize they have an ISP email address and so, if someone were to use theirs, would they even realize it?"

Whitsitt was referring to the fact that all Comcast customers have a master email account, and that this account is used to manage subscriber settings and payment transactions for all cable services. After gaining access to that account, a hacker could use the master email address to share information and control of the account with other parties.

A reporter for ZDNet, Violet Blue, publicly scolded Comcast in a blog post late Sunday night for not being more aggressive in its response to last week's attack. Blue likened Comcast's response to an attempt by Snapchat to downplay its own battle with hackers just over a month ago.

In addition, Blue pointed out that NullCrew FTS, the group claiming credit for the Comcast attack, also claimed responsibility for a similar assault on BCE Inc. (Bell Canada) (NYSE/Toronto: BCE) two weekends ago. So this may be the start of a hacking campaign against North American broadband service providers.

A Comcast spokesperson insisted, though, that the MSO has matters under control. "We take our customers' privacy and security very seriously," he said in an email response to Light Reading late Monday. "We have aggressively investigated this incident and have found no evidence to suggest any customer information was obtained.”

— Mari Silbey, special to Light Reading

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
User Rank: Light Sabre
2/13/2014 | 1:28:14 AM
Re: Data
Agreed.  Anyone who has followed the details of the recent Target, Neiman Marcus and Michaels hacking is aware of the normal progression...  at first the company minimizes the number of customers that were affected (only in store purchasers and a small number of them at bat) then that number is increased as forensic security goes to work and realizes more about what is going on (well, actually some online customers were affected too and now the total number affected is 3 times the earlier number, but hey its only email addresses and credit cards with no PINs) then more information is discovered and the numbers go up again (sorry that last count was too small, and oh, it looks like the encryption we used wasn't very good so the PINs were probably accessed too).  For Comcast to pretend up front that they know everything is fine when they don't really know anything at all is ridiculous. 

Good post Mari.  People should change their Comcast passwords.  I just did.  Have you paid your Comcast bill online with a credit card?  Pay attention to this story.
User Rank: Lightning
2/11/2014 | 9:24:34 AM
Re: Data

That itself should ring a Bell-That something is very fishy here.

Why is a Company which is usually very Transparent and upfront of its Upgrades,etc ;Staying Silent here?

Definitely merits a closer Look.


User Rank: Lightning
2/11/2014 | 9:22:35 AM
Re: Data

You have illustrated the Conrundrum that the Likes of Comcast has to face here very effectively.

While they do have a fiduciary responsibility towards their Clients to tell them the truth and reality of the situation at hand here they also have to be responsible towards their Owners and Shareholders and not do something which will damage their Brand Image irreperabably.

Its a Difficult Balancing Act to maintain for sure.


User Rank: Light Sabre
2/11/2014 | 7:59:28 AM
Re: Data
It did seem a bit curious when Comcast said no infomation was taken from customer data. On one hand, you would think they would be honest enought to provide the truth of the matter, on the other Comcast wants to protect it's brand and image. It will be no surprise though to eventually find that Comcast was not quite correct in it's assessment of the hack.
User Rank: Light Sabre
2/11/2014 | 7:32:11 AM
The problem is I'm not sure Comcast knows if data was obtained. The NullCrew post didn't contain user data, but it explained how to obtain private data for a period of up to 24 hours. Comcast has been great in discussing network upgrades publicly and openly (like DNSSec) but was pretty quiet about this.
Educational Resources
sponsor supplied content
Educational Resources Archive
From The Founder
The comms industry is rallying to the cause of open, independent interoperability testing.
Flash Poll
Live Streaming Video
CLOUD / MANAGED SERVICES: Prepping Ethernet for the Cloud
Moderator: Ray LeMaistre Panelists: Jeremy Bye, Leonard Sheahan
LRTV Interviews
AT&T's Chiosi on the Potential of Open Source

10|6|15   |   06:27   |   (0) comments

AT&T Distinguished Network Architect Margaret T. Chiosi talks to Light Reading's Carol Wilson about the potential for open source technology to liberate communications service providers.
LRTV Interviews
Network Security in a Gigabit World

10|6|15   |   05:52   |   (0) comments

Masergy's James Harrison talks about some of the network security and data center issues network operators need to consider as they expand their broadband services portfolios.
LRTV Documentaries
Telefónica: In Search of Virtual Simplicity

10|5|15   |   07:30   |   (0) comments

Francisco-Javier Ramon Salguero, head of Telefónica's NFV initiative, admits virtualization initially means greater complexity, but with the right abstraction layer, it is possible to create a services-driven network architecture. He explains how Telefónica's current trials and initiatives are aimed at doing that, and what his company and other carriers need to ...
LRTV Interviews
Gigabit Europe Takeaways

10|5|15   |   03:47   |   (0) comments

Participants from the inaugural Gigabit Europe event in Munich share their key takeaways from the conference.
Women in Comms Introduction Videos
Intel Urges Women to Take Advantage of Their Seat at the Table

10|5|15   |   4:27   |   (1) comment

Have inclusive and constructive conversations, attach a bigger meaning to your work and get involved in the cause, Intel's Monique Hayward advises women in comms.
LRTV Interviews
BT Updates on Plans

10|2|15   |   03:16   |   (2) comments

Peter Bell, CIO at Openreach, the access network division at UK incumbent BT, provides an update on the operator's trials and how Openreach is planning to deploy the broadband technology in its street cabinets.
Telecom Innovators Video Showcase
Sonus Shakes Up SD-WAN

10|2|15   |   7:22   |   (0) comments

Sonus CTO Kevin Riley sat down with Light Reading to discuss the trajectory of the company, its SDN ambitions and why Sonus is taking a market-disruptive approve to SD-WAN.
LRTV Interviews
CityFibre's Gigabit Vision

10|1|15   |   03:18   |   (1) comment

Mark Collins, director of Strategy & Public Affairs at competitive UK city network operator CityFibre, talks about his company's plans to help build Gigabit Cities.
Telecom Innovators Video Showcase
Automate, Scale & Create With Juniper's vCPE Solution

10|1|15   |   6:34   |   (0) comments

Join Kireeti Kompella, Juniper Networks CTO, and Steve Saunders, Light Reading Founder and CEO, as they discuss Juniper Networks' approach to NFV showcased with a turnkey vCPE solution, which demonstrates how service providers can use automation to rapidly deploy services.
LRTV Interviews
Gigabit Europe: Day 1 Takeaways

9|29|15   |   05:47   |   (5) comments

Light Reading's Ray Le Maistre and Iain Morris sup a beer and discuss some of the key takeaways from the first day of Gigabit Europe 2015.
LRTV Interviews
Gigabit in Europe

9|29|15   |   04:24   |   (0) comments

At the Gigabit Europe 2015 event in Munich, Heavy Reading's Graham Finnie talks about the availability of gigabit broadband in Europe.
Women in Comms Introduction Videos
AT&T's Band of Women

9|28|15   |   4:36   |   (0) comments

Brooks McCorcle, the president of AT&T's partner solutions divisions and a mathematician by trade, shares stats on AT&T's diversity and advice on how to create your own band of women at work.
Upcoming Live Events
October 14-15, 2015, New Orleans Ernest N. Morial Convention Center, New Orleans, LA
November 5, 2015, Hilton Santa Clara, Santa Clara, CA
November 17, 2015, Santa Clara, California
December 1, 2015, The Westin Times Square, New York City
December 2, 2015, The Westin Times Square, New York City
All Upcoming Live Events
Communication service providers realize that an ICT transformation is critical to their long-term survival, but most haven't yet committed to making it happen.
Hot Topics
Verizon's Go90 Is Live – Will Anyone Watch?
Mari Silbey, Senior Editor, Cable/Video, 10/1/2015
Eurobites: Dunroamin'
Paul Rainford, Assistant Editor, Europe, 10/2/2015
Sprint to Cut Up to $2.5B in 6 Months
Sarah Thomas, Editorial Operations Director, 10/2/2015
McKinsey: Women Less Likely to Advance at Work
Sarah Thomas, Editorial Operations Director, 10/1/2015
TiVo Takes Aim With Bolt
Mari Silbey, Senior Editor, Cable/Video, 9/30/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
With so many new and exciting communications technologies now under development, it's easy to get caught up in the industry's escalating hype cycle. That's why the ...
Last week saw a big day in the 15-year history of Light Reading when Editor-in-Chief Ray Le Maistre and I were invited to interview the Deputy Chairman and Rotating ...
Cats with Phones
Hold My Calls, Indefinitely Click Here