Wednesday, 8 March 2017

We don’t do TalkTalk anymore

Telecoms company TalkTalk has been issued with a record £400,000 fine by the Information Commissioner's Office (ICO) for security failings that allowed a cyber attacker to access customer data “with ease”. The ICO’s in-depth investigation found that an attack on the company last October could have been prevented if TalkTalk had taken basic steps to protect information.

The ICO gave TalkTalk a £80,000 discount when it paid the fine early. The cost of each TalkTalk sponsored X-Factor TV prog is over £1 million, or 2 x a maximum ICO fine.

This company is unresponsive. Avoid TalkTalk at all costs     

TalkTalk is the worst organisation I've had the misfortune to deal with; 'unresponsive' doesn't even start to describe the company. 'Organisation' is a misnomer, and there's fierce competition for the distinction of 'worst'. Over the past forty years I've encountered and castigated some terrible outfits - His Majesty's Revenue & Customs (HMRC), the Department of Work and Pensions, Poll Tax, Council Tax and Appeal tribunals, British Telecom, Amstrad, Stagecoach/Bluebird, Citilink, the Coal Board, intransigent employers and oil companies, to name but a few. However, hands down, TalkTalk have the X-Factor when it comes to appalling service. When I posted a precis of my experiences to Trustpilot, it ran alongside over two thousand similar sorry tales. I had 72 unresolved outstanding incident reports when, with the help of Aberdeenshire Council Trading Standards, I was taking TalkTalk to court under the Supply of Goods Act (1984). Then in April 2016 TalkTalk dumped me unceremoniously - along with 105,000 other customers - because they couldn't provide us with a satisfactory service.

While preparing my court case in October 2015, I issued TalkTalk with a Data Protection Act request to release all of the data that they held regarding my account. My timing could not have been worse: the very next day, using schoolboy techniques, a teenager in Northern Ireland struck (loc. cid.). In light of the exuberance of youth and in his possible defence, this young hacker was maybe just trying to get a response - hacking appears to be the only, most effective way to elicit a reaction or access any information from TalkTalk. In my case the company didn't even bother replying to Trading Standards. A computer message:- 'TalkTalk is unresponsive: wait forever or kill it.'

The legacy of my time with TalkTalk is the calls from the scam merchants who have read, stolen or bought his or other hacked information, who persist in cold-calling purporting to be from TalkTalk, claiming I have a problem with computer speed and Windows. During a decade of non-contact TalkTalk never phoned me, so I know they're not in contact now; I'm no longer that valued customer, not that I ever was.

'You're not from TalkTalk, not officially anyway. The only way you could know anything about my computers is if you've planted a virus, which ironically is what you're trying to do," I tell these scammers. "My computers are not running slowly, chiefly because I'm well shot of TalkTalk; my new provider supplies fibre optic Broadband. The only problems I have are your far-fetched, nuisance phone calls, and the fact that, for logistical reasons, I must continue to access and copy my Tiscali mail through TalkTalk's useless slow email system, which I've discovered was not covered by my contract, therefore I cannot complain, or take the company to court. I'm a Mac user, by the way. Over. Out. Bye.' forviemedia blog - July 2013. PC Solutions - a scam

Based in India, the perpetrators either work for TalkTalk - a thankless existence overshadowed by constant job insecurity, or they have access to stolen data. Indian call-centre workers, who have often fallen under the control of criminal gangmasters, have been prosecuted; it's just the tip of an iceberg. Often educated to degree level, call-centre workers in Asia are paid comparatively well. The temptation is to earn more, before their workplace closes when, like BT, TalkTalk move ops out of their country. The result will be hardship for their families, possibly destitution.

The purpose of these malicious calls is to trick folk into handing over control of their computers, usually via Event Viewer and Talk Host Window. They'll instruct you to press the Windows button on your computer and to enter the letter R, then ask you to type in EVENTVWR. You're likely to be asked to go to a website such as TeamViewer, LogMeIn, AnyDesk, King Viewer or AMMMY. They’ll then ask you to download a piece of software that’ll give them remote access to your computer. This gets installed and the scammers ask you to provide an ID code - they now have control of your computer. They might claim you’re due a refund as a goodwill gesture (for the trouble you’ve been experiencing, really) and ask you to log in to your online bank account. It’ll seem that you’ve been refunded too much money and you’ll be asked to return the difference through Western Union or MoneyGram. They will be transferring money out of your account that you’ll be unlikely to see again.

Even if you avoid the fiscal cons, your details are still out there, to be sold for marketing, fraudulent and identity theft purposes, for instance. Antivirus security, like Symantec and Norton, contain critical vulnerabilities. Cloud storage is suspect. Once exfiltrated, any data can be stored as a beachhead for infrastructure attacks in the future. Millions of IP addresses can be used. The massive distributed denial of service attack that closed half the Internet on October 21st 2016 was down to botnets, log-ins for kettles, using known default passwords. Sorry, I'll read and write again. Yes, kettles. Smart kettles. If my neighbours fitted their cats with a smart collar, I could hack in and keep them out of my (German Shepherd's) garden.

Smart electricity meters are dangerously insecure. Thieves can detect expensive electronics: utility bills could be changed. A single line of malicious code might cut power to a property or cause overloads leading to exploding meters and fires. Now is the winter of your disconnection. 

From miniscule to mega, no organisation is immune when it comes to cyber attacks. At present Aberdeen City Council are trying to suppress details of a recent Ransomware demand. Then a group called Team System DZ took over the authority's homepage for more than two-and-a-half hours on 28th January 2017. During that time, the homepage carried the message "security stupidity". The English Scots For Yes website is back online after a sophisticated' hack wiped out the entire site (including its map) at server level. Revelations about algorithm and search engine manipulation abound, casting companies and even the largest of organisations as masters of chichanery and incompetence. It's been known for years that tax evader Google has been hacked by - alongside other 'Davids versus Googliath' - a Donald Trump fan from St Petersburgh, using spambots and malicious spyware to distort Google Analytics. Using the latest technologies, Cozy Bear and Fancy Bear hacked the network of the Democratic National Committee during the US presidential campaign, not working in pursuit of financial interests, instead concentrating on politically relevant information that is in line with Russian aims. Both groups have also hacked government institutions, technology and energy companies and research institutions in the US, Canada, Europe and Asia. In February 2016 the Bangladesh Bank was hit by the biggest bank robbery in history when thieves got away with $101m online. In June 2015, the US Office of Personnel Management revealed that hackers had stolen the social security numbers, names, dates and places of birth and addresses of 21.5 million people from its computer systems. More than one billion Yahoo accounts - names, phone numbers, hashed passwords, e-mail addresses, dates of birth, encrypted or unencrypted security questions and answers - have been stolen in data breaches. The personal details of 36million Ashley Madison customers were stolen in a deceptively simple 2015 hack: the infidelity site boasted the slogan, 'Life is short. Have an affair'. Use Ashley Madison. Get divorced.

'A three-hour outage in an obscure, if tremendously profitable, wing of online retailer Amazon resulted not only in websites such as Medium and Business Insider failing, but also in people unable to turn on their lights. This outage affected Amazon Web Services, an Amazon subsidiary that provides cloud computing services to other businesses. If you’ve ever been told something is stored or runs “in the cloud”, the likelihood is that it was in servers owned by Amazon – or by similar services provided by its two main competitors, Microsoft and Google. Smart home owners reported losing control of their houses after the jury-rigged system they used to control internet-connected locks and light bulbs failed.' Alex Hern; 1st March, writing in the Guardian.

Wi-Fi codes and router default passwords have been stolen from TalkTalk customers in the latest cyber attack on the company. The malware used is a modification of the Mirai worm. TalkTalk customer security just gets more and more risky. Change the default password on your router or you'll  remain vulnerable, if you must entrust your personal details to useless custodians like TalkTalk.

Back to the nuisance callers.. To date I've had fun playing tunes as the phoning phonies fiddle; I've furnished the more gullible cold-callers with the sort code and bank account number for HMRC and I've redirected calls to the local police station and Police Scotland. I've taught them to pronounce router as rooter not router, so victims won't suspect they're taking part in a rout. I've given the dog the phone when they call and he runs around the office panting excitedly, heavy breathing down the line. {I put the kettle on - it doesn't whistle when the water boils; it sings out a default password.} I thought I was being inventive, then on a forum I read of a riotous household in Wales who have formed a family choir to sing 'Fraudsters, fraudsters, fraudsters!' (in Welsh, I hope) down the phone until these callers hang up.

However I fear that the gangsters are now using my landline for training purposes. I'm getting four unsolicited calls a day, including silent ones that could be genuine; I'm used to unresponsive behaviour, silence being TalkTalk's trademark. I can't even escape corporate references by blocking calls, to sort emails in peace or watch TV. When the vacuous X-Factor isn't being promoted, TalkTalk's latest ad, 'Working from home' (sic), features a wide-boy tradesman on the phone, telling lies to a potential customer. I could not have scripted it better myself.

Recommended: Fleur Telecom 

No comments:

Post a Comment