Telkom has refuted user concerns that the South African Internet Exchange (SAIX) database, containing Internet usernames and passwords, was hacked.
Telkom group executive for corporate communication Lulu Letlape says: "Preliminary investigations have indicated there is no evidence of hacking with regards to the SAIX database."
Letlape says access to the database is strictly controlled in terms of specific security policies. "The database is also in a secure managed hosting environment."
User concerns stem from a dramatic increase in data usage over the beginning of this month. Telkom customer Johan Badenhorst stated that, in four days, his ADSL bandwidth usage increased by as much as 400%. "Last month, I used in total less than 3GB."
However, Telkom says users` password information remains safe.
"The database, on which the SAIX information (usernames, passwords and contact details) is stored, is only accessible via a Web front-end. Only Hyper Text Transfer Protocol Secure Sockets (https) connections are permitted to the Web front-end for access to the database. For further protection, the Web front-end is behind a Secure Sockets Layer (SSL), reverse proxy appliance."
Closer to home
Mike Silber, regulatory advisor for the Internet Service Providers` Association, says the problem is probably closer to home. "It is possible to hack SAIX, although not probable. It is more likely a local router attack."
He says software programs can be downloaded to ascertain the default username and password, which comes with the newly-purchased ADSL hardware. "Hackers then just ping routers until they find one that has those default settings."
He says attackers then create a multiple logon setting for the router to steal the available bandwidth.
According to Silber, there is a small chance the SAIX database could be accessed. "SAIX has gone far to avoid and prevent a brute force attack. And, while we may not love them, Telkom is generally good about security."
Told you before
Last month, Telkom issued a fraud warning, urging customers to be aware of an increase in rogue dialling and bandwidth theft.
Thokozani Mvelase, acting executive of Telkom`s asset and revenue protection services, explained: "Bandwidth theft takes place when a fraudster gains access to the customer`s ISP account.
"This not only affects the client`s ability to continue accessing e-mail or the Internet, but often necessitates the purchase of additional bandwidth."
If a customer does not change and personalise the default username and password on the ADSL router, they will be held liable, he noted.
Telkom has a fraud management system in place that assists clients to detect bandwidth theft incidences. According to Telkom, the system monitors all clients` calling behaviour. "This will raise an alarm should the calling profile change."
The company also urged victims of bandwidth theft to report the crime to the South African Police Service (SAPS), which will then contact the relevant ISP for detailed records to assist in the investigation.
Badenhorst says he has not yet contacted the SAPS. "I did not keep the default router information, and I have again changed my password. I will keep monitoring the bandwidth usage to see if it happens again."
Related stories:
Telkom issues fraud warning
Ex-Telkom official up for fraud
Telkom staff in cheque scam
Share