Your modem provides a gateway to the internet, but this entry point is highly vulnerable to hackers as 60,000 customers of BSNL have discovered.
Bharat Sanchar Nigam Limited (BSNL) is an ISP based in New Delhi, India with around 93 million customers, but even with these customer numbers they have been struggling in recent years due to the increased competition in the Asia telecommunications sector. And they now have an embarrassing malware incident on their hands, so these are certainly tough times for BSNL.
The attack which has affected BSNL is almost ridiculous in its simplicity, but it has the potential to cause huge damage for BSNL and its customers. It also carries an important lesson that every PC user can benefit from, so let’s take a look.
Hacking BSNL Modems
Using botnet attacks, the hackers were able to breach the National Internet Backbone (essentially a huge network making up the backbone of the internet in India) of BSNL and gain access to their internal modems and recently installed customer modems. From BSNL’s end, this meant that their broadband service was severely compromised with around 45% of internet connections suffering disruption. For customers using the recently installed modems, however, matters got much worse.
The malware affecting BSNL was able to change the passwords of BSNL broadband customers who had made the fatal mistake of not changing the modem’s default password of “admin”. As a result, around 60,000 customers have found themselves at risk of having their broadband connection compromised as their modem would not be able to log into the BSNL system. Affected users have reported a lack of internet access and the modems ‘red error’ LED switching on to indicate a fault.
Whilst BSNL were able to manually change the password details for their internal modems and stop any further changes to their customers’ details, they were unable to reset passwords for customers who had fallen victim to the malware. Instead, these users have to manually reset their modems and enter a new password, a task which isn’t particularly simple for your average PC user.
The Importance of Password Changes
BSNL are rightly embarrassed about the breach that their systems have experienced and there’s still no mention of the attack on their official website. And the fact that this attack stemmed from a simple password flaw is astonishing, but not completely surprising. Many, many organizations still use the age old login name/password of Admin/Admin for gaining access to the administration side of computer systems; it’s easy to remember and provides quick access, but the problem is that every hacker knows this and will always try these login details early on in an attack.
It’s absolutely crucial that you protect your networks (and even your modems) by practicing good password security. It only takes a few moments to think of a new password and just as long to change your old one, so there really shouldn’t be any excuse. And that’s why you should always change default system passwords as soon as you’re given the chance. Otherwise, you’re at risk from being hacked and will only have yourself to blame.
For more ways to secure and optimize your business technology, contact your local IT professionals.