Virgin Media to battle modem hackers
Fraudsters grab free high speed broadband
More than a thousand hackers are using reconfigured cable modems to fraudulently access free high speed Virgin Media broadband, sources have revealed.
The hack has been made possible by the recent launch of Virgin Media's 50Mbit/s "XXL" package. It relies on new equipment running the upgraded DOCSIS 3.0 data transmission standard.
The launch has allowed hackers to apply the new configuration from Virgin Media's official up to 50Mbit/s home modem to legacy DOCSIS 1.0 hardware, to access the DOCSIS 1.0 platform at higher speeds. Our source said over a thousand lines have been seen obtaining about 30Mbit/s downstream.
Virgin Media told The Register it was aware of the problem and was working to address it. It added that recent network upgrades allowed it to detect modems cloned in this way and it intends to pursue those involved. "The message is: we are onto this and we are after you," a spokesman said.
He said new routers in the firm's network were able to detect and take measures against cloned modems to ensure bandwidth is not stolen from legitimate customers. Many hackers, who trade details of their hacks in web fora, believe the modified modems are untraceable, but according to Virgin Media its new systems mean "that's absolutely not the case".
Virgin Media also sent this statement:
Virgin Media takes the issue of fraud on its network very seriously and, where appropriate, will prosecute. We have a range of tools that can detect fraudulent modems and service profiles on our network and a number of technological features which assist us in successfully addressing the challenge of fraudulent activity.
Whilst the numbers are small, we are actively tracking fraudulent activity and are rolling out a range of countermeasures to eliminate these fraudulent broadband users from our network.
Obtaining services dishonestly is an offence under section 11 of the Fraud Act 2006. A conviction carries up to 12 months in jail.
Fraud using modified equipment has also been a problem for Virgin Media's TV services. Last year a Scottish man was jailed after making £50,000 selling modified receivers that offered free access to premium channels.
Virgin Media investigators also participated in a raid on a modification operation in Lancashire last April, which saw six people arrested. ®
and here we go again...
its much harder to trace a cable connection than a bt land line, a landline is basically hardwired from end to end, whereas the cable network is more like sky, the cable split to more cables split to more cables and the card in your box decides what you get to see (and in the case of the modems everything your modem sends and recieves is visible to everything else in your area but the "docsis encryption" keeps it private
have a search on google for ntl engineers manual, their training manual leaked out years ago, those little green cabinets are little more than glorified aerial amplifiers: 1 main cable goes in X number of feeds go out to peoples houses, hence it will be VERY difficult to trace the fraudulent modem by following the cable as some suggest, even more so if your in a block of flats etc where the lazy sods tend to just further split off one incoming feed into as many flats as needed (optical cable (that seems to be made of solid copper) must be THAT expensive that they need to save as much cost as possible... now wheres advertising standards when you need them...)
one has to wonder why were pretty much the only country in the western world where dodgy cable is available if not the norm, pretty much everywhere else has their network securely set up so the clones and carded boxed arent possible (maybe VM should have a talk with sky's tech department to learn how to set things up right)
the thing thats never been picked up on:
sky gets pissed off at the dodgy cable boxes, takes the sky channels off vm
virgin does a sweep and kills most the boxes, gets sky channels back
dodgy boxes gradually reappear so how long you reckon they sky channels are going to stay?
then we have the headlines about sky wanting access to the virgin cable modem network
a few days later virgin are waging war on the modems, surely its only got to be a matter of time before we see it all becoming sky media or something else? (doubt it would be sky virgin cos that sounds like a star in one of the films wacky jakies hubby seems to like getting us to pay for...)
another point about virgins crappy security...
apparently from having a bit of a google it seems that the modem hackers use a bit of software that simply ASKS VIRGINS SERVERS for alist of all valid mac addresses along with the subscribed speeds, now im no expert but if any other company was found to be giving away that kind of information theye'd be shut down pretty quickly...
now how a company with that kind of flaw in their basic setup can claim to be activley persuing the hackers....
it's a lot easier than you seem to think, re-read the article:
"It added that recent network upgrades allowed it to detect modems cloned in this way and it intends to pursue those involved."
network upgrades, such as the blocks of flats i've seen being re-wired which now have a separate coax from every flat back to a central box with a fibre uplink in? i'm not sure if it is related to virgin or not as the way they have fitted them seems to be sub-optimal for anything i can think of that would require running coax around the building, however if that is indeed virgin coax (it's not connected up yet here) then that would make it trivial to locate cloned modems
or of course they could just head out and start unplugging things, while there might be thousands of sources to track down now there wouldn't be many at all if they actually put effort in to tracking them down and prosecuting, there are only so many people doing it because they can get away with it
personally i think they should just block the MAC Addresses that show up twice on the network, sure it'll cause temporary loss of service to legitimate customers initially (who won't even notice it as more than "the usual service level"), but it'd make the modem hacking stop working so people would stop even trying it - no point leaving a hacked modem connected up and turned on if it doesn't even work - so the legitimate user wouldn't stay blocked for long