Hacker Says Telus Accounts Still Vulnerable

by Jordan Richardson on February 29, 2012

A hacking attack that took place in November and targeted Telus Internet customers in British Columbia is back on the front burner amid suggestions by the hacker that the security flaw still exists.

The initial attack affected approximately 6,000 Telus customers in B.C., but the hacker says that he may have impacted tens of thousands of customers in a “demonstration” to illustrate just how vulnerable the provider’s security is.

The hacker cut off wireless Internet service for customers starting on November 25, breaching security through the Siemens SE567 routers used by the majority of Telus customers. Customers couldn’t log on and saw an articulate message that said “The RCMP are corrupt. Signed, LOLGGNoRe.”

LOLGGNoRe appeared on an online message forum thread that was started by a disgruntled Telus customer, admitting to the hack. “Telus has abused their customers for far too long, opening unpatchable (save for new hardware) holes, while at the same time blocking basic functionality of a network connection (in the name of security. HA!), and in general, not being even close to network neutral,” he wrote before adding “Do not try to find me, you will fail.”

As is usually the case among members of the so-called hacktivist community, the hacker seems to think that abusing customers and innocent people is a way to strike at the company and/or organization he or she takes issue with. Locking innocent people out of their accounts in an effort to make a political point seems a backward way to go about it. Instead of knocking down the powerful, these sorts of attacks target the innocent.

A YouTube video apparently posted by the hacker finds a young man wearing one of those hip Guy Fawkes masks popularized by Anonymous. Posted under the account HephaestusAetnaeus (named presumably for an Olympian god in the Marvel Comics universe), the video was uploaded on February 27 and features an extensive statement read aloud by the masked man. He goes on to explain that the security flaw that enabled the hack in the first place was still in place, noting that “the level of information accessable (sic) by the attacker is so critical that the flaw should have been detected long before these routers were put on the market.”

After the initial hack, Telus downplayed it. They have finally admitted to it, but are playing it off as little more than a nuisance or an act of “vandalism.”

The RCMP have found the hacker, finding his real name on an online gaming site (one of many used by LOLGGNoRe). The police believe that he is the same hacker responsible for a 2011 attack on a carpool site that saw the site’s database destroyed and some 18,000 passwords stolen. No charges have been laid in either attack.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Jordan Richardson. www.digitcom.ca. Follow TheTelecomBlog.com by: RSSTwitterFacebook, or YouTube.

{ 2 comments… read them below or add one }

tsc.ca March 2, 2012 at 4:43 am

This is a good article, better than the CBC coverage. However, I would like to know, what is the flaw? How was it supposedly fixed by Telus?

Jordan Richardson March 3, 2012 at 8:57 pm

That would be a mystery at this point, at least specifically. According to the hacker, it’s a flaw with the routers that was in place before they were even shipped out to customers. It’s hard to say for certain if Telus has actually fixed the flaw, so I can’t answer that question either.

Previous post:

Next post: