Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":526,"date":"2017-02-24T15:58:00","date_gmt":"2017-02-24T15:58:00","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=526"},"modified":"2019-04-17T11:35:57","modified_gmt":"2019-04-17T11:35:57","slug":"telecom-nz-cancels-60000-passwords-in-spam-attack-then-goes-duck-hunting-with-wmds","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2017\/02\/24\/telecom-nz-cancels-60000-passwords-in-spam-attack-then-goes-duck-hunting-with-wmds\/","title":{"rendered":"Telecom NZ Cancels 60,000 Passwords in Spam Attack, then Goes Duck Hunting with WMDs"},"content":{"rendered":"

$\"Bazooka\"$ <\/p>\n

Facebook, Microsoft, and Apple, oh my! The interwebs have been abuzz this week<\/a> with the hacking of three of the bigger kids<\/a> on the technology field; and while conspiracy theorists continue to push the Chinese military as the bully<\/a> (they\u2019d better be good hackers, \u2018cause they run like girls<\/a>), it seems like just another week at the ol\u2019 IT school of hard knocks. Cyber attacks like the ones perpetrated on Apple are a bit of a \u2018ho hum\u2019 event. Big tech companies work hard to prepare for security breaches, using trained personnel and established policies to ensure that any threat is quickly mitigated, even if it means taking down an entire network during a security event. One would think the same applies to any tech company, certainly the ones which provide, as part of their service, access infrastructure to end users. But apparently, not all telecoms are created equally, certainly not the ones which show little imagination when choosing their names.<\/p>\n

New Zealand has given the world much, not the least of which are kiwis and The Lord of the Rings<\/em> movies. But delicious little fuzzy fruit and expansive mountainous scenery, while all nice and fine, are not newsworthy. One of New Zealand\u2019s telecom providers, however, is. The telecom Telecom (no, that\u2019s not a typo) must have had a date with the beach the day its creators got together to decide upon a name. Mental images come to mind, of executives decked out in water wings and snorkels; after fifteen minutes of disinterested debate, the new CEO shouts \u2018oh, screw it! Let\u2019s just get it over with and call ourselves Telecom! Beach on, bitches!\u201d Thus goes the fantasy, but how Telecom recently dealt with a spam attack upon its network is not a fantasy, and it\u2019s no joke.<\/p>\n

On February 11, several media outlets in New Zealand reported<\/a> that Telecom, one of the largest companies in New Zealand, admitted that its Yahoo XTra service had been hacked by overseas attackers. Identified as the \u201cbiggest attack of its kind to happen in New Zealand,\u201d spam emails were sent to about 87,000 users, asking for personal details, including credit card numbers. According to 3News, \u201cone user even received an email from a friend who died two years ago.\u201d<\/p>\n

According to Chris Quin at Telecom, \u201cessentially a spammer\u2026got into Yahoo [was] distributing a phishing email across a number of contacts in that customer base, and\u2026that is distributing itself through the contact emails of people.\u201d Most disturbing is that recipients didn\u2019t even need to click the link in the email to be compromised. \u201cJust getting the email gives hackers access to the recipient\u2019s contacts, which means spam can then be sent to them as well, regardless of which email provider they’re with,\u201d the 3News story reported. Security expert Martin Crocker pointed out that \u201cIf people have received an email and clicked on a link, their computer could be infected with malware, depending on the security of their machine when they clicked on that link.\u201d<\/p>\n

Now, it should be noted that Yahoo\u2019s being beat up for this security breach, and Telecom is reviewing its agreement with the search engine provider. But what\u2019s most surprising in this story is the manner in which it played out, and the way in which Telecom has addressed the security breach. The spam attack, which was first identified on Saturday, February 9, was a week-long ordeal for Telecom\u2019s customers, and only appears to have been rectified a week later, when Telecom began cancelling the passwords of XTra users on Saturday the 16^{th<\/sup>. 60,000 of them, in fact.<\/p>\n}

According to TVNZ.com<\/a>, former New Zealand High Commissioner Ted Woodfield was one of those customers. \u201c\u2026Woodfield said he had tried to contact Telecom repeatedly after his Xtra email password was unexpectedly changed yesterday. \u201cI sat on the phone for twenty minutes at a time in three separate sessions. The last one said there was an hour’s delay,\u201d said Woodfield. Woodfield said he can now access his email but is left \u201cfrustrated\u201d by his dealings with Telecom.\u201d<\/p>\n

Now, it would be fun to beat up on the company for being too lazy to pick a real name, but it\u2019s more fun to focus on the painfully obvious. Telecom seems to have attacked this issue as if it was bringing a dirty bomb to a fist fight. The ham-handed way in which the problem was resolved, the inordinate time delay in rectifying the problem, and the customer service (or lack thereof), suggests a lesson from which other providers should take note. Hey, if Facebook can do it, then anyone can.<\/p>\n","protected":false},"excerpt":{"rendered":"