DS Forums

 
 

TalkTalk and Post Office routers hit by cyber-attack


Reply
Thread Tools Search this Thread
Old 02-12-2016, 06:59
noise747
Forum Member
 
Join Date: Dec 2007
Location: Herefordshire
Posts: 22,785

Other providers routers have been hit as well,

Here is some more info

At the moment I am using my old plusnet router as i am having problems with my TP
link, Sagecom seems to be ok at the moment.


so keep a eye out peoples.
noise747 is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 02-12-2016, 09:26
mick r
Forum Member
 
Join Date: Jan 2009
Posts: 507
Other providers routers have been hit as well,

Here is some more info

At the moment I am using my old plusnet router as i am having problems with my TP
link, Sagecom seems to be ok at the moment.


so keep a eye out peoples.
talk talk are getting worse by the day and they have just put up there prices .

http://downdetector.co.uk/problems/talktalk
mick r is offline   Reply With Quote
Old 02-12-2016, 12:17
neo_wales
Forum Member
 
Join Date: Oct 2006
Location: South Wales/Gran Canaria
Posts: 8,294
No problems here, usual rock solid connection, put this attack in perspective

http://www.bbc.co.uk/news/technology-38130352

Seems to be hitting linux based systems?
neo_wales is offline   Reply With Quote
Old 02-12-2016, 13:14
mick r
Forum Member
 
Join Date: Jan 2009
Posts: 507
I have windows 10 and talk talk , yesterday internet and PC was slow and its a little faster today but still not what is should be .
mick r is offline   Reply With Quote
Old 02-12-2016, 16:40
anthony david
Forum Member
 
Join Date: Dec 2012
Posts: 3,455
TalkTalk says it only affects the D-Link DSL-3780 router, which they say few people have, not the more common Huawei HG533. Not sure if they look the same but the one on the BBC page looks the same as my Huawei. The model number can be found on the sticker on the routers base.
anthony david is offline   Reply With Quote
Old 03-12-2016, 07:24
mick r
Forum Member
 
Join Date: Jan 2009
Posts: 507
TalkTalk says it only affects the D-Link DSL-3780 router, which they say few people have, not the more common Huawei HG533. Not sure if they look the same but the one on the BBC page looks the same as my Huawei. The model number can be found on the sticker on the routers base.
Some papers say up to 360,000 TalkTalk customers have been hacked.

http://www.dailymail.co.uk/news/arti...l-routers.html
mick r is offline   Reply With Quote
Old 03-12-2016, 10:05
anthony david
Forum Member
 
Join Date: Dec 2012
Posts: 3,455
Some papers say up to 360,000 TalkTalk customers have been hacked.

http://www.dailymail.co.uk/news/arti...l-routers.html
The Mail is hardly a source of accurate information on any topic, amazed it didn't blame the BBC, it does for everything else. Most affected routers seem to have been in Germany, a solution has been found.

https://community.talktalk.co.uk/t5/...k/td-p/1985412
anthony david is offline   Reply With Quote
Old 03-12-2016, 10:24
moox
Forum Member
 
Join Date: Oct 2004
Posts: 14,633
I guess that the money TT didn't spend on securing their website from trivial attacks, wasn't spent on securing their routers either.

A bigger bonus for Dido?
moox is offline   Reply With Quote
Old 03-12-2016, 15:46
anthony david
Forum Member
 
Join Date: Dec 2012
Posts: 3,455
I guess that the money TT didn't spend on securing their website from trivial attacks, wasn't spent on securing their routers either.

A bigger bonus for Dido?
Hardly any TalkTalk routers were affected, it was the Post Office service that had the greatest number of hits and even that was nothing compared with Deutsche Telekom as I'm sure you know. The hackers will target other routers soon resulting in other services going down, hopefully BT and co will fix the problem as quickly as PO and TT did.

If you think your IT provider is safe you are living in a fools paradise, none are, anywhere.

http://www.reuters.com/article/us-de...-idUSKBN13O0X4
anthony david is offline   Reply With Quote
Old 03-12-2016, 15:55
moox
Forum Member
 
Join Date: Oct 2004
Posts: 14,633
Hardly any TalkTalk routers were affected, it was the Post Office service that had the greatest number of hits and even that was nothing compared with Deutsche Telekom as I'm sure you know. The hackers will target other routers soon resulting in other services going down, hopefully BT and co will fix the problem as quickly as PO and TT did.

If you think your IT provider is safe you are living in a fools paradise, none are, anywhere.

http://www.reuters.com/article/us-de...-idUSKBN13O0X4
The Post Office is a rebadged TalkTalk service. Same routers, practically identical firmware in all likelihood. TalkTalk were affected too.

I'm not sure why you're mentioning a German telco when my post clearly mentioned the UK.

The "hackers" can only "target" routers that are actually vulnerable. This does not mean that all ISP supplied equipment is vulnerable, because the changes needed to make them not vulnerable are actually quite easy to implement (and more responsible ISPs, with such things as an actual security budget, will have done so).

This is why TalkTalk got massively hacked a few months back and others did not.
moox is offline   Reply With Quote
Old 03-12-2016, 16:02
anthony david
Forum Member
 
Join Date: Dec 2012
Posts: 3,455
The Post Office is a rebadged TalkTalk service. Same routers, practically identical firmware in all likelihood. TalkTalk were affected too.

I'm not sure why you're mentioning a German telco when my post clearly mentioned the UK.

The "hackers" can only "target" routers that are actually vulnerable. This does not mean that all ISP supplied equipment is vulnerable, because the changes needed to make them not vulnerable are actually quite easy to implement (and more responsible ISPs, with such things as an actual security budget, will have done so).

This is why TalkTalk got massively hacked a few months back and others did not.
Routers are mass produced international devices, the ones used by the PO were not the same as those used by TT but presumably had similar software as no doubt did the german ones. The story has gone now from the news services, I suspect you have a problem with TT, just use someone else if you don't like them but from what I read on this forum they are all troublesome.
anthony david is offline   Reply With Quote
Old 03-12-2016, 18:04
moox
Forum Member
 
Join Date: Oct 2004
Posts: 14,633
Routers are mass produced international devices, the ones used by the PO were not the same as those used by TT but presumably had similar software as no doubt did the german ones. The story has gone now from the news services, I suspect you have a problem with TT, just use someone else if you don't like them but from what I read on this forum they are all troublesome.
When you're a large ISP like TalkTalk, you get the ability to exert greater control and oversight over the quality of the hardware and software. Companies will design their products to your exact needs. You also have control over things like the way TR069 is implemented - and if you had a security team who knew what they were doing, they would have tested and ensured that such interfaces are not accessible from the public internet, i.e. they could only be accessed from a TalkTalk management server (which is itself routinely audited)

Other ISPs seem to have managed this. TalkTalk has not.

I am not a TT customer nor will I ever be one - but that doesn't disqualify me from criticising the fact that they still fail to get the basics right.
moox is offline   Reply With Quote
Old 03-12-2016, 20:01
Wolfie_Smith
Forum Member
 
Join Date: May 2013
Location: Caught Somwehere In Time
Posts: 381
The issue is that TR069/CWMP remote management is enabled by default on all ISP provided routers, which would be fine if they didn't all use the same default username and password to access.

There have been numerous warnings concerning TR069 vulnerabilities over the years.

I always disable TR069/CWMP or any form of remote management on any router I use, and I would never use any ISP provided routers either.
Wolfie_Smith is offline   Reply With Quote
Old 03-12-2016, 20:28
noise747
Forum Member
 
Join Date: Dec 2007
Location: Herefordshire
Posts: 22,785
Just posted to warn people that is all, so people know about it.
noise747 is offline   Reply With Quote
Old 05-12-2016, 19:22
mick r
Forum Member
 
Join Date: Jan 2009
Posts: 507
TalkTalk customers urged to change Wi-Fi passwords. Ken Munro, a security researcher at Pen Test Partners, said passwords had been stolen from the faulty routers, which could give cyber criminals access to all of the information on customers' home networks, including further passwords and financial details. TalkTalk has not updated its website with advice, but said some customers are being advised to change their Wi-Fi passwords.


http://www.bbc.co.uk/news/technology-38208958
mick r is offline   Reply With Quote
Old 05-12-2016, 22:16
laser558
Forum Member
 
Join Date: Feb 2005
Posts: 439
I believe I have one of these affected routers as from last Friday, I was experiencing very slow connections, not to all sites but the likes of Facebook and Yahoo Mail. Suspecting something, I took the router out of action and replaced it with my trusty Belkin. I also changed the DNS settings on the router.
laser558 is offline   Reply With Quote
Old 06-12-2016, 02:36
joshua321
Forum Member
 
Join Date: Oct 2006
Location: London
Posts: 1,436
Do you have to change the wireless network password (wpa key) or just the router login password?

I don't even think my router is supposed to be affected but it's slow so just in case, I reset it, then reset the login password, and disabled uPnP, but the router already connects to the internet before you have time to reset the password, so maybe I got reinfected. Also I didn't change the wireless network password (wpa key) as this is written on the back of the router and it seems a lot of hassle to have to stick something over it.

Is there anything else I should do and do I need uPnP? What about for file sharing?
joshua321 is offline   Reply With Quote
Old 06-12-2016, 07:05
davews
Forum Member
 
Join Date: Dec 2007
Location: Bracknell
Posts: 172
TalkTalk customers urged to change Wi-Fi passwords.
This is an attack via the WAN interface, changing the WiFi password will do absolutely nothing to prevent it. Changing the router admin password from the default is always a good idea (which will stop all sorts of attacks) but in this case it is the interface used by the ISP to upgrade the router firmware that is involved and this will probably have a different password from the normal admin password and may not be accessible by the user.

There is a lot of duff information being put out by the media..
davews is offline   Reply With Quote
Old 06-12-2016, 17:53
moox
Forum Member
 
Join Date: Oct 2004
Posts: 14,633
This is an attack via the WAN interface, changing the WiFi password will do absolutely nothing to prevent it. Changing the router admin password from the default is always a good idea (which will stop all sorts of attacks) but in this case it is the interface used by the ISP to upgrade the router firmware that is involved and this will probably have a different password from the normal admin password and may not be accessible by the user.

There is a lot of duff information being put out by the media..
I'd speculate that you've missed the point a bit.

It's possible thanks to Google and co to trace a wireless SSID to a physical location. If you know the location, you can get into WiFI range of it. If you have the wifi password, because your botnet has grabbed it for you, you can then log onto the network and potentially do things that the account holder would rather you didn't.

It's a very unlikely thing to occur, all things considered, but it is possible.
moox is offline   Reply With Quote
Old 07-12-2016, 16:12
the-master
Forum Member
 
Join Date: May 2007
Posts: 376
Basically anyone who stays with TT after their last hack by kids deserves all they get. Get rid before its to late, bound to be another attach as their IT security still seems under invested and below par.
the-master is offline   Reply With Quote
Old 07-12-2016, 16:57
joshua321
Forum Member
 
Join Date: Oct 2006
Location: London
Posts: 1,436
Basically anyone who stays with TT after their last hack by kids deserves all they get. Get rid before its to late, bound to be another attach as their IT security still seems under invested and below par.
Not fair - we don't all have limitless funds to send Richard Branson into space or finance a diamond-encrusted cock-ring for Rupert Murdoch to use on Jerry Hall; some of us just have to be content with getting Dido a new pony instead
joshua321 is offline   Reply With Quote
Old 07-12-2016, 17:20
TelevisionUser
Forum Member
 
Join Date: May 2004
Location: Storbritannia
Posts: 28,916
TalkTalk customers urged to change Wi-Fi passwords. Ken Munro, a security researcher at Pen Test Partners, said passwords had been stolen from the faulty routers, which could give cyber criminals access to all of the information on customers' home networks, including further passwords and financial details. TalkTalk has not updated its website with advice, but said some customers are being advised to change their Wi-Fi passwords.

http://www.bbc.co.uk/news/technology-38208958
I agree with that advice - reset and change router password. I've told two non-technical people I know what they can do since they are TalkTalk customers.
TelevisionUser is offline   Reply With Quote
Old 07-12-2016, 17:22
TelevisionUser
Forum Member
 
Join Date: May 2004
Location: Storbritannia
Posts: 28,916
Basically anyone who stays with TT after their last hack by kids deserves all they get. Get rid before its to late, bound to be another attach as their IT security still seems under invested and below par.
^ I do have have sympathy with that view but perhaps the best thing to happen would be for them either to hire some clued up IT security specialists or to go under since they are a liability.
TelevisionUser is offline   Reply With Quote
Old 07-12-2016, 19:06
mick r
Forum Member
 
Join Date: Jan 2009
Posts: 507
TalkTalk's handling of the wi-fi password breach is being criticised by several cyber-security experts.


http://www.bbc.co.uk/news/technology-38223805
mick r is offline   Reply With Quote
Old 07-12-2016, 21:37
kevin88
Forum Member
 
Join Date: Aug 2004
Location: County Antrim.
Posts: 257
Never mind change the wireless key. If I was a TalkTalk customer i would ditch their router fast and get a standard off the shelf model from the like of PC World. IMHO ISP supplied routers are not worth the hassle.
kevin88 is offline   Reply With Quote
 
Reply




 
Forum Jump


All times are GMT. The time now is 05:33.