We learned on August 7th that Comcast was hacked through an elaborate yet simple scheme. Five people are in custody while officials search for another 18 with suspected involvement.
The hack methods were outlined in a professional manner by Montgomery County DA Risa Ferman in which she described 'Operation Out of Service.' The scheme provided access personal accounts of Comcast customers to 'change the terms of their cable service' for a fee. Accounts of Comcast customers were illegally accessed.
The briefing explained how the criminals were caught. An employee of Comcast was asked while in a beauty salon, if she would like a discount on her bill. Being an employee, she found it suspicious and reported it. It was because of her, that an investigation was issued.
Access to Comcast data was accomplished through a contractor of Comcast - a company known as ACI in Hatboro, PA. Discovered in a telecom room, was a server attached to the ACI network which allowed for remote access from the outside. A remote terminal was placed between Comcast and ACI's network through a FREE application called LogMeIn. Other and more simple methods involve using a $40 hub to sniff network data - a criminal with physical access can perform this type of attack.
But there is a bigger story to all of this.
What everyone is failing to address is the responsibility of Comcast to protect their networks from this type of serious security breach. Forget the criminals for now. They were obviously able to pull this off. Whether it was due to holes in the infrastructure, a lack of auditing and monitoring, or the risk of contractors, they were able to execute the scheme.
This is not a mom and pop shop we are talking about, but rather the largest provider of cable TV and internet service provider. Security policies in this type of business are critical to protect customer's private information. The criminals, having access to personal accounts, means they had access to more than just account balances.
The computers which were accessed were billing computers – a gold mine for hackers. How many Social Security numbers were obtained? How many credit card numbers were obtained? We will probably never know, but this is how identity theft occurs. A corporate network is compromised from the outside whether from key-loggers or the methods used here – and the information is sold to others.
Online Identity theft has spiked 300% in the last 2 years. Hackers continue to penetrate corporate networks, dump data out on the internet, or sell the information to overseas black market organizations. It is fortunate this scheme was detected and stopped, but the fear in the industry are those not detected.
I would expect Comcast, like other corporations who have been attacked to release a statement. However nothing is mentioned on the Comcast website, or on their Press Room Page. What corrective action will Comcast implement to prevent this from happening again?
If you are a Comcast customer, it would be advisable to keep an eye on your credit card statements. Watch for a small charge. Criminals do this to "test the waters" and validate the card is legitimate before the big hit. It is unknown if any user data was stolen until a statement is released, but this type of access gained to the attackers opens up the door for a significant breach of customer’s personal information and the full scope may not be known for some time.