A Backdoor into Your Network

MINOLTA DIGITAL CAMERAA friend of mine just got hacked. He operates a CPA firm and somebody broke into his server. They deleted a bunch of records and made a mess of things. He has no idea of who did this or why. Maybe it was somebody who is mad at him or somebody who was hoping to destroy their own records to avoid an IRS audit. Or perhaps it was somebody hoping to grab matching social security numbers and addresses.

But he knows how they did it. He has an old telephone key system at his office, and that key system has a phone connected into his old data server. This always provided him a path to call into the server remotely to get access to files. But he hasn’t used that connection for years and forgot all about it. And of course, his password on the old server connection was something very easy to crack.

And this prompts me to warn all of my clients to think about what sort of old equipment and networks you are operating. It’s very likely that some of you still have connections into servers in your central office or headend that can be accessed by telephone. And certainly you have customers who have this situation.

It’s mandatory these days to build firewalls and other protections around our servers. These sorts of protections will keep out most hackers from your network. But I know that many of you still have backdoors that bypass such protection. These are backdoors that you use from time to time, or maybe, like my friend, they are something you have completely forgotten about.

And while we are talking about old connections, telephone back doors are not the only thing to worry about. In the telecom industry we installed a lot of gear over the years that was connected via serial ports. You probably remember those ‘ancient’ 9-pin plugs that was used to provide access to routers and various pieces of telecom gear, mostly on customer CPE. Just as there are still plenty of older phone connections into routers, there are still plenty of these serial port connections still running.

A security professional at Rapid7 ran a scan last year on the Internet and within a few days had found over 100,000 devices that were still connected to a network using serial ports. And these networks are connected to the world. The devices he found were on all sort of devices like traffic lights, fuel pumps, telecom gear, heating and cooling systems – the kind of systems that a hacker could wreak serious havoc with. And he thinks the 100,000 devices he found are just the tip of the iceberg.

Hacking serial ports is really easy to do. Just like my friend’s phone line connection, it is likely that devices connected by serial ports are not protected behind firewalls and are open to easy access.

So it is time to take a look around your network, including at your customers’ sites and take a critical look at how things are connected. It might be time to finally get rid of back door phone lines, serial ports or any other older technology that is not secure enough. We all have the philosophy in this industry that if it ain’t broke don’t fix it. But as my friend found out, that is really not good enough reason to not take a look at your network from time to time. It was very lucky for my friend that he had a backup of his data and didn’t lose a lot of tax records. But he did expose his client’s information to somebody unknown and so there is no telling what that might mean.

Leave a Reply