The Register® — Biting the hand that feeds IT

Feeds

Virgin Media to battle modem hackers

Fraudsters grab free high speed broadband

By Christopher Williams, 19th March 2009
  • print
  • alert

Magic Quadrant for Enterprise Backup/Recovery

More than a thousand hackers are using reconfigured cable modems to fraudulently access free high speed Virgin Media broadband, sources have revealed.

The hack has been made possible by the recent launch of Virgin Media's 50Mbit/s "XXL" package. It relies on new equipment running the upgraded DOCSIS 3.0 data transmission standard.

The launch has allowed hackers to apply the new configuration from Virgin Media's official up to 50Mbit/s home modem to legacy DOCSIS 1.0 hardware, to access the DOCSIS 1.0 platform at higher speeds. Our source said over a thousand lines have been seen obtaining about 30Mbit/s downstream.

Virgin Media told The Register it was aware of the problem and was working to address it. It added that recent network upgrades allowed it to detect modems cloned in this way and it intends to pursue those involved. "The message is: we are onto this and we are after you," a spokesman said.

He said new routers in the firm's network were able to detect and take measures against cloned modems to ensure bandwidth is not stolen from legitimate customers. Many hackers, who trade details of their hacks in web fora, believe the modified modems are untraceable, but according to Virgin Media its new systems mean "that's absolutely not the case".

Virgin Media also sent this statement:

Virgin Media takes the issue of fraud on its network very seriously and, where appropriate, will prosecute. We have a range of tools that can detect fraudulent modems and service profiles on our network and a number of technological features which assist us in successfully addressing the challenge of fraudulent activity.

Whilst the numbers are small, we are actively tracking fraudulent activity and are rolling out a range of countermeasures to eliminate these fraudulent broadband users from our network.

Obtaining services dishonestly is an offence under section 11 of the Fraud Act 2006. A conviction carries up to 12 months in jail.

Fraud using modified equipment has also been a problem for Virgin Media's TV services. Last year a Scottish man was jailed after making £50,000 selling modified receivers that offered free access to premium channels.

Virgin Media investigators also participated in a raid on a modification operation in Lancashire last April, which saw six people arrested. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (49)
Latest Comments
Anonymous Coward

and here we go again...

its much harder to trace a cable connection than a bt land line, a landline is basically hardwired from end to end, whereas the cable network is more like sky, the cable split to more cables split to more cables and the card in your box decides what you get to see (and in the case of the modems everything your modem sends and recieves is visible to everything else in your area but the "docsis encryption" keeps it private

have a search on google for ntl engineers manual, their training manual leaked out years ago, those little green cabinets are little more than glorified aerial amplifiers: 1 main cable goes in X number of feeds go out to peoples houses, hence it will be VERY difficult to trace the fraudulent modem by following the cable as some suggest, even more so if your in a block of flats etc where the lazy sods tend to just further split off one incoming feed into as many flats as needed (optical cable (that seems to be made of solid copper) must be THAT expensive that they need to save as much cost as possible... now wheres advertising standards when you need them...)

one has to wonder why were pretty much the only country in the western world where dodgy cable is available if not the norm, pretty much everywhere else has their network securely set up so the clones and carded boxed arent possible (maybe VM should have a talk with sky's tech department to learn how to set things up right)

the thing thats never been picked up on:

sky gets pissed off at the dodgy cable boxes, takes the sky channels off vm

virgin does a sweep and kills most the boxes, gets sky channels back

dodgy boxes gradually reappear so how long you reckon they sky channels are going to stay?

then we have the headlines about sky wanting access to the virgin cable modem network

a few days later virgin are waging war on the modems, surely its only got to be a matter of time before we see it all becoming sky media or something else? (doubt it would be sky virgin cos that sounds like a star in one of the films wacky jakies hubby seems to like getting us to pay for...)

0
0
Anonymous Coward

another point about virgins crappy security...

apparently from having a bit of a google it seems that the modem hackers use a bit of software that simply ASKS VIRGINS SERVERS for alist of all valid mac addresses along with the subscribed speeds, now im no expert but if any other company was found to be giving away that kind of information theye'd be shut down pretty quickly...

now how a company with that kind of flaw in their basic setup can claim to be activley persuing the hackers....

0
0
Mike

easier

it's a lot easier than you seem to think, re-read the article:

"It added that recent network upgrades allowed it to detect modems cloned in this way and it intends to pursue those involved."

network upgrades, such as the blocks of flats i've seen being re-wired which now have a separate coax from every flat back to a central box with a fibre uplink in? i'm not sure if it is related to virgin or not as the way they have fitted them seems to be sub-optimal for anything i can think of that would require running coax around the building, however if that is indeed virgin coax (it's not connected up yet here) then that would make it trivial to locate cloned modems

or of course they could just head out and start unplugging things, while there might be thousands of sources to track down now there wouldn't be many at all if they actually put effort in to tracking them down and prosecuting, there are only so many people doing it because they can get away with it

personally i think they should just block the MAC Addresses that show up twice on the network, sure it'll cause temporary loss of service to legitimate customers initially (who won't even notice it as more than "the usual service level"), but it'd make the modem hacking stop working so people would stop even trying it - no point leaving a hacked modem connected up and turned on if it doesn't even work - so the legitimate user wouldn't stay blocked for long

0
0

More from The Register

1,000 O2 staff chose redundancy over Capita
Betrayal, or just decent terms?
48
Google launches broadband balloons, radio astronomy frets
A careless Loon could blind the square kilometre array
45
breaking news
Pttow! Ofcom kicks hams out of MoD bands
Geet off my land, you, you ... 'secondary user'
30
breaking news
Now you can use your phone instead of your wallet at the ATM, too
Blimey, these little paper towels out of the vending machine are really expensive
47
breaking news
UK.gov's £530m bumpkin broadband rollout: 'Train crash waiting to happen'
Whitehall whispers of damning watchdog report next month
30
breaking news
MySpace zaps millions of teens' tearful rants, causes wave of angst
'Your crappy redesign SUCKS, I wanna read my blogs' screech users
53
breaking news
Microsoft Office 365 on iPhone NOW: No, we're not making this up
Word, Excel, Powerpoint for your pocket-stroker
83
Vodafone Oz launches '100 Mbps' 4G service
Nice speed if you can get it
7
breaking news
Clearwire board to shareholders: Go on, grab that Dish cash
Sprint looks on in dismay
3
EU signs off on eCall emergency-phone-in-every-car plan
GPS and a mobe in every car - do you suppose the NSA would fancy that?
100