Story image

DSL lines vulnerable to attack

18 Nov 2009

For just $1000 a corporate spy can buy equipment to hack into a business’s DSL connection and access – even change – highly confidential information.That’s according to Carl Purvis from Security-Assessment.com, a company that’s affiliated with Datacraft. It has released a media statement today claiming the scale of network vulnerability is “enormous”, with 1.1 million DSL connections in New Zealand potentially at risk. “Purvis believes this vulnerability should be of particular concern to the thousands of New Zealand companies that communicate daily data via corporate networks that utilise DSL as an access mechanism. These companies include banks, government departments and retailers as well as many of the country’s largest organisations,” the statement reads.Security-Assessment general manager Doug Browne says the company is the first in the world to discover the security risk to DSL lines, and he believes they are acting responsibly by releasing the information to the media. He wouldn’t say if the company had taken its information to Telecom, the owner of the DSL infrastructure in New Zealand.“We’ve disclosed to communities the research we have, I can’t tell you if we’ve directly dealt with Telecom or not.”In the course of his research Purvis used a DSLAM and “home-built kit, a mini server platform” to hack into six different home and business connections. The media release claims this attack can be carried out by a malicious users parked outside a premise. Although Purvis didn’t try this, he believes it could be done by breaking into a juncture box.Purvis describes the security risk as a “man in the middle” attack, where the spy physically attaches his or her own network infrastructure to a company’s DSL line. The attack then mimics the user’s ISP, forcing the user’s personal DSL modem to pass all traffic through an inspection tool running on a portable server platform.“A malicious attacker could, for example, connect to a branch office of a large company, gain access to its customer database and use the information within that database to contact the customers with competing product offerings.”Purvis says that at this stage there are no effective security controls which can be implemented en masse to reduce the risk from this attack.

Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
HPE launches 'right mix' hybrid cloud assessment tool
HPE has launched an ‘industry-first assessment software’ to help businesses work out the right mix of hybrid cloud for their needs.
ADLINK and Charles announce multi-access pole-mounted edge AI solution
The new solution is a compact low profile pole or wall mountable unit based on an integration of ADLINK’s latest AI Edge Server MECS-7210 and Charles’ SC102 Micro Edge Enclosure.