Mirai variant turns TalkTalk routers into zombie botnet agents Hundreds of Mirai-infected home routers across the UK are currently acting as DDoS bots. The vast majority (99 per cent) of these 2,398 Mirai-infected devices are TalkTalk routers, according to security researchers at DDoS mitigation firm Imperva Incapsula. “The botnet devices’ geolocation is very uncommon for DDoS botnets …
... can't these statements be scored for quality? I'll kick off, we can refine the criteria later:
"Along with other ISPs" ---- minus 10 points for trying to say that it isn't mainly your organisation's problem
"in the UK and abroad" --- minus 5 points for making it look like an international issue
"we continue to take steps" --- minus 20 points for meaningless, unquantified cliché
"a small number of customers" --- minus 30 points for calling >2000 small
"we have made good progress" --- minus 10 points for referring to unquantified progress
"we continue to deploy additional network-level controls" --- minus 20 again as per 'continue to take steps" and another 10 for repetition.
"to further protect our customers" --- minus 50 points for pretending that's a priority.
And another -40 for not even hazarding a guess at the date when the issue will be closed.
That's -195 by my count. Improvements to the scoring system welcome, just dashed this off whilst scoffing a sandwich.
If I may...
'"a small number of customers" --- minus 30 points for calling >2000 small'
I think what they mean is "a number of small customers" as in little, unimportant nodes that keep paying us for the privilege of being on such a well-known botnet.
"Hello, Talk Talk customer support"
Yes, me old router is acting up
"One moment, sir... Ah, here we go then... and you're all setup on the botnot now! Have a nice day!"
Wait, that's not good for me, I don't want to be on the botnet.
"I'm sorry, we are experiencing a large number of calls today, your call is important to us, so please stay on the line to prove what a fucking tosser you are. Thank you!"
Oh bugger.
Just about. For an experiment I plugged in an old adsl modem into a Windows XP machine using ppoe on XP to handle the net connection. I dont get any incoming hack attacks even though XP firewall is up and logging everything , but I can only access the bbc.co.uk, Google websites or sites with google search on. I cant connect to any ubuntu archives when using the minimal iso's (30-60MB), I cant connect to any gov.uk websites not even GCHQ. If I use an old Belkin which gets its time from a belkin server I can surf unrestricted and if I use a Dlink DSL3780 I can surf unrestricted, but take note, the dsl-3780 CFG file is an unencrypted XML file and it uses IPv6 for the TalkTalk tv & film service, and provides 3 unsecured wifi access points, ideal for bonding with your neighbours wifi to boost your download speed or for any old Tom Dick or Harry, to gain access to your network! Yet noone seem's interested, not GCHQ (yes I even called GCHQ), not the police not TalkTalk.
Why is this? Trying to set people up who upset the order perhaps?
"Even the most slothful should now be prodded to move."
A part of the problem is that they also have new customers who have signed up with them since (and despite) the big breach. I know a small (but not small enough) number - and, sadly, I think it would be a waste of time bringing things like this and the router password issue to their attention; it'll just go in one ear, sent through the £££ filter (i.e. their main reason for signing up with TalkTalk was the price) and straight back out the other ear.
I have checked a couple and they were not touched by this, so I can only guess that specific IP ranges were hit before blocks were put into place. Of course, it could also be that the network was so poor in some areas that this hack attempt flooded the network and protected the equipment. In the area I live in their basic DSL service can fall over a few times a day, so it is a possibility.
My InLaw has the "Fibre" DSL through them now but we use the equipment in a modem only configuration and the passwords are changed from default.
People stay with them for the price. £26 a month for Phone (unlimited anytime) + Fibre + Mobile (basic freebie, but it's probably worth £4-£5 as a stand-alone package) is not bad. The best package that we could get close to that without jumping through tons of hoops was SSE, and for some reason they refused to do a install at his address.
If you learnt nothing from the first four breaches it is "be open with your customers and tell them early" unfortunately the advice is still "if you have a connectivity problem simply reset your router".
http://help2.talktalk.co.uk/dsl3780-router-connectivity-issues
As before, no proactive advice whatsoever - Yes I'm a customer - no I have not received any proactive communication.
Dido, your customers are reading about the severity in the papers and on the BBC, an email - if only to say "you do not have an affected router" would not go amiss. for those with affected routers then what you are actually doing.
How long before such a thing exists... it seems like there are enough vulnerable wifi connected devices to make this technically possible? And at that point, aren't TalkTalk, etc all guilty of subverting the governments attempt to monitor all communications? Dido could be facing terrorism charges!! ;)
But more realistically, if you _were_ a would be terrorist, wouldn't you make sure you had TalkTalk provided internet & router in order to have plausible deniability if you ever got questioned over visiting (say) beheading/bomb-making websites?
I have talktalk router at home, tried a port scan on mxtoolbox to my public IP and its not showing anything open. Really I should change from TalkTalk but I think my contract restarted when I upgraded my fibre to the faster option last year (before the data leak). I originally got it for the youview box and having a few included sky channels but the thing drives me and any guests at my house up the wall as its so slow.
Press the channel you want and 5 seconds later it goes to the channel only to hop back because all the impatient button presses on the remote are cached in the buffer. ;) Also I think the box has a dodgy dry joint in the HDMI socket as its keeps going all pixelated like I have bad reception and I have found that wiggling the HDMI lead in the socket fixes it for a while. Being able to scroll back in the guide for catchup is useful though or is if you have the patience.
Internet is alright otherwise, good and fast.
Meh
They also have a backdoor always open. And TT are happy to oblige. 4 hacks in a row and she is still CEO. Oh wait, she is part of the establishment.
That makes TT even more shittier and repugnant when they always say " a small number of customers". And of course the oft repeated " We are working hard to,,,,," whatever. And still insisting the routers are safe !
Cant anyone bring in a public interest litigation or class action against such arrogant CEOs who always get away scott free? Falling on the sword? That is so last century.
"Along with other ISPs in the UK and abroad, we continue to take steps to review the potential impacts of the Mirai worm. A small number of customer routers are affected by this issue. We have made good progress repairing these, and replacing them when necessary, and we continue to deploy additional network-level controls to further protect our customers."
Smells of PR bull stuff to me.
You continue to take steps to review the impacts, what steps are you taking?
2000 customers certainly isn't a huge amount but it's still quite big. How many of these 2000 have been resolved?
What additional network-level controls are to implementing and why weren't they already in place?
Talk Talk the company that just keeps on giving.
I'm just with a customer who has a red power light and we rang talk talk customer service who immediatrly said they'd replace the router (there's even an option on the menu "have you had the red light on your router for more than 30 seconds?". The Philippines tech wouldn't tell me what was wrong until pushed, when he admitted it was 'a virus'
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
