Possible ADSL Account Hijacking

I

Indod

New Member
Joined
Aug 19, 2005
Messages
9
Reaction score
0
I'm not too sure if this has been bought up in the past, however I would just like to bring this to everyone's attention.

I had my ADSL router hacked and my username and password stolen, then used without my knowledge to upload / download gigs of data. Being the sucker I am, I suspected it was a user on my network so I just topped up my account - however by the second top up - I was getting a bit concerned and after a chat to my ISP and a mate - I was able to find out that in fact my account was being used by another ass who robbed me blind.

Although I consider myself some what of a knowledgeable IT person, I didn't even think of my username and password being susceptible to hackers.

The out of the box security offered on most routers / modems are not adequate to combat this type of cracking, even if you LAN is safe and secure behind a hardware based firewall - your modem still is open up for the entire world to peek inside. I suggest people upgrade their modems firmware, change the default admin password, and see if your modem supports any form of ACL, to prevent this happening.

A note to ISP's I think its your responsibility to inform your clients of the possibilities of these attacks - as there appears to be little in the way of compensation if you fall victim to this. Take steps to proactively educated your clients on the dangers of being exposed on the www. Anybody from the ISPA reading this?

Has this happened to any one else lately.

Regards,
A little more secured ADSL user.
 
Does a car dealer warn you of the risk of being hijacked when you buy a new car? Personal security is, and will always be, your own responsibility.
 
Indod said:
The out of the box security offered on most routers / modems are not adequate to combat this type of cracking, even if you LAN is safe and secure behind a hardware based firewall - your modem still is open up for the entire world to peek inside. I suggest people upgrade their modems firmware, change the default admin password, and see if your modem supports any form of ACL, to prevent this happening.
Click to expand...

Sorry to hear about your problems; it really sucks getting ripped off by jerks. You are hardly the first though. You are right that most of the default settings on routers are fairly useless: in particular disabling WAN to LAN as a filter rule would take care of at least some of the problems (but most routers do not do this by default, or at least not for the two I have used).
 
Last edited:
Glipsie said:
Does a car dealer warn you of the risk of being hijacked when you buy a new car? Personal security is, and will always be, your own responsibility.
Click to expand...
You’re probably not serious with a comment like this. If you want to be sarcastic at least say something sensible.
 
My advice is... if telkom set it up, look for the documentation and set passwords and access accordingly - don't assume that they do anything more for their money than absolutely necessary.
 
Indod - I was ripped off too with my Axxess account, my security settings were set to default as well, and it took me a week or two to realise where the bandwidth was going. I live in CPT and tracked one of the user sessions IP's to Pretoria. So Mr Punk Ass in Pretoria - I know where you live. I hope you have a terrible life! And Glipsie - your comments are worthless.

Anyone else had an issue lately, particularly with Axxess accounts?
 
"Although I consider myself some what of a knowledgeable IT person, I didn't even think of my username and password being susceptible to hackers."

its not called hacking.

if you're ignorant, or just plain uninformed on the matter of changing your default router passwd then i believe u got what u deserved. exploiting stupidity isn't a crime.
 
Coffee_Mug said:
if you're ignorant, or just plain uninformed on the matter of changing your default router passwd then i believe u got what u deserved. exploiting stupidity isn't a crime.
Click to expand...
That's why I'm trying to create an awareness with my post. For ignorant, uninformed stupid, plebs such as myself. You're not from Pretoria are you?

soup said:
and tracked one of the user sessions IP's to Pretoria.
Click to expand...
 
youradsl said:
You’re probably not serious with a comment like this. If you want to be sarcastic at least say something sensible.
Click to expand...
And why would you say that? There are many postings on this very topic. Every other day someone gets hacked, then they start looking for someone to blame.

I'm really sorry that there are people that feel they need to rip you off. But such is life. Otherwise we wouldn't be living behind windows with metal bars on them.

The responsibility for securing your machines/devices should not lie with your service provider. If you can't setup your router properly yourself pay someone to do it for you.
 
soup said:
I live in CPT and tracked one of the user sessions IP's to Pretoria. So Mr Punk Ass in Pretoria - I know where you live.
Click to expand...
If you've tracked the dude down, why haven't you taken him/her to court. If people start to get arrested for stealing bandwidth then people might actually stop doing it.


Off topic. I wonder how many countries actually have a bandwidth stealing problem? Could be an interesting argument for uncapped ....
 
Glipsie said:
Does a car dealer warn you of the risk of being hijacked when you buy a new car? Personal security is, and will always be, your own responsibility.
Click to expand...


That was uncalled for .. lack of finesse in business .. you are one person I hope not to deal with in future.
 
Coffee_Mug said:
"Although I consider myself some what of a knowledgeable IT person, I didn't even think of my username and password being susceptible to hackers."

its not called hacking.

if you're ignorant, or just plain uninformed on the matter of changing your default router passwd then i believe u got what u deserved. exploiting stupidity isn't a crime.
Click to expand...

Got what he deserved? lmao . what a dumb comment. People like you should not be allowed here.
 
Another suggestion that may help is if you don't use more than one connection on your account, ask your ISP to disable conncurrent connections. I do this, and leave my PC on day and night, permanently connected. After the 24 hour reset it automatically re-authenticates. This gives potential hackers only a 1-2 second window period per 24 hours where my account isn't active.
 
Glipsie said:
The responsibility for securing your machines/devices should not lie with your service provider. If you can't setup your router properly yourself pay someone to do it for you.
Click to expand...

You see G, the point I'm making is that there is a problem out there, as stated by yourself - and that the ISPs need to step up to the plate and inform their clients of a potential problems with 'out-of-the-box' security with ADSL Modems.

Since you started off with an analogy, I'll put one in as well, when you get issued with a cell phone - does yours SP tell you that your default pin number for your Voice Mail is "1234" or what ever it was - something simple like that. No. This has now changed only because of the complaints the SP's were getting from their clients - you not honestly going to go to a cell phone user and say you must pay someone to setup your phone? No

Of course you can argue that a cell phone is not the same as an ADSL modem, but then again ADSL is not the sole domain of jargon blurting techs.

If the ISPs want to (re)sell the ADSL service to Joe Bloggs on the street, then its up to them to inform them of the potential hazards of 'on-all-the-time' broadband.
 
HellTel said:
Got what he deserved? lmao . what a dumb comment. People like you should not be allowed here.
Click to expand...

people like me? what am i like helltel? the only point i made is that not changing your routers default login/pass is asking for something like that to happen.

i am tired of users logging onto this forum complaining about "oh, my account got hacked!!" boohoo man... who gives, the only person who is to blame is the one on the receiving end.
 
Indod said:
Since you started off with an analogy, I'll put one in as well, when you get issued with a cell phone - does yours SP tell you that your default pin number for your Voice Mail is "1234" or what ever it was - something simple like that. No. This has now changed only because of the complaints the SP's were getting from their clients - you not honestly going to go to a cell phone user and say you must pay someone to setup your phone? No
Click to expand...
Not sure how you're comparing the two services? Doesn't voicemail ask you to set your password the first time you phone? If so, why are you attacking ISP's, shouldn't you be attacking the modem/router manufacturers and asking them to create the same thing?

Indod said:
You see G, the point I'm making is that there is a problem out there, as stated by yourself - and that the ISPs need to step up to the plate and inform their clients of a potential problems with 'out-of-the-box' security with ADSL Modems.
Click to expand...
Indod said:
If the ISPs want to (re)sell the ADSL service to Joe Bloggs on the street, then its up to them to inform them of the potential hazards of 'on-all-the-time' broadband.
Click to expand...
I can see your point of view, but look at it from an ISP's point. If they have to start warning people about the risks of being hacked, it will also mean they have to provide ways of avoiding it. Which means keeping on record every single possible router configuration with step by step guides on how to change passwords. Just more expense for ISPs who can barely afford to run ADSL services in this country as is.
As said above, you should really be going after the modem manufacturers, Marconi probably the most as its users won't generally know much. After all, it is them that created the problem.
Really, if your router asked you to set the admin password the first time you logged in, this thread wouldn't exist

Glipsie
 
Glipsie said:
Not sure how you're comparing the two services? Doesn't voicemail ask you to set your password the first time you phone? If so, why are you attacking ISP's, shouldn't you be attacking the modem/router manufacturers and asking them to create the same thing?
Click to expand...

It does now, but to start off they did'nt - its only becuase other people were able get access into peoples voice mails - that this changed

Glipsie said:
Really, if your router asked you to set the admin password the first time you logged in, this thread wouldn't exist
Click to expand...

Funny you should say that - I upgraded my Billion Routers firmware - and the first thing it asks you to do after loging in for the first time, is to change the password. :)
 
Indod said:
It does now, but to start off they did'nt - its only becuase other people were able get access into peoples voice mails - that this changed
Click to expand...
Hmmkay. But here people went to the source, i.e. Vodacom, MTN et al. Don't think the outcome would've been the same if they all went complaining to nokia?

Indod said:
Funny you should say that - I upgraded my Billion Routers firmware - and the first thing it asks you to do after loging in for the first time, is to change the password. :)
Click to expand...
Step in the right direction. Wish Marconi would do the same ...
 
if u read the manual that came with your router u would be well aware of the consequences. they warn u about it. this is not up to the ISP.

sometimes learning things the hard way is the only way
 
Coffee_Mug said:
if u read the manual that came with your router u would be well aware of the consequences. they warn u about it. this is not up to the ISP.
sometimes learning things the hard way is the only way
Click to expand...

Jeez, coffee_mug, let me guess you have a tech support background - where you sit in your dark hole of an office taking calls from people who complain that their mouse keeps getting stuck or that their PC freezes everytime they hit the "s" key - and now through the anonymity of these forums you can finally vent your anger towards us "users" by blamming us for not knowing the difference betweens hackers and crackers and for not reading point 43.4-a in the fine print of the manuals that says change your password or be damned.

I'm just trying to generate some dialog here, as to where the blame for this lies, not start a "if you dont RTFM then you too stupid to walk upright" flame.

BTW: My modem's manual did'nt mention anywhere about changing the passwords or consequenses of not doing this.

Later dude
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X