Greetings and welcome back. This week, we continue our series on Cyber and Physical Security for Remote Telecom sites with our blog: Cybersecurity for Rural Telecom and Broadband Sites. In our last blog, we discussed the availability of open network ports that are used by cybercriminals as back doors to steal data and destroy your equipment. This week, we look at the ability of hackers to penetrate the front door of your network to wreak havoc with your operations.
To begin with, its important to realize that, whether you have a rural or urban telecom site, you’re a key target of hackers and data thieves. Hackers get paid for disrupting your operations and data thieves get paid by stealing your customer’s data and selling it on the black market. All the data that passes from your customers to and then from the Internet flows through your remote sites and for this reason, the bad guys put high value on your sites.
How Hackers can Attack Rural Telecom Sites
To give you an example of how hackers can target your rural sites, please look at this article of a hacker who brought-down hundreds of thousands of Deutche Telecom customers. In this case, a hacker was paid $10,000 by a middle eastern company in order to take down the DT customer network. The hacker modified the Mirai Botnet to attack the port 7547 – the port for Simple Online Access Protocol (SOAP) which is used to remotely manage a number of routers. By using this port to overload the routers and then the network, the hacker was able to bring down the DT network. The key thing here is that there are always people willing to pay to harm companies or their customers and you must consider that you are a potential attack candidate.
In making a scan of rural telecom sites via the Shodan Search Engine, I found a significant number of routers that have open ports that could be used to bring down their networks. For obvious reasons, the names of those organizations will not be named but, it is clear that rural telecom sites are vulnerable to similar and perhaps much more destructive attacks.
How Data Thieves can Steal Data at Rural Telecom Sites
Stealing of data through a remote site is surprisingly easy. To do so, one only need gain physical or virtual access to any remote telecom site. From there, permissions can be created to allow selected packets of information to be duplicated and then sent to a cyber-thief’s awaiting server. For security reasons, the particulars of this hack will not be shared but, I can say that I was able to find innumerable rural telecom site network systems online using Shodan. Thousands of sites presented the option to remotely configure a switch at these sites and, once done, a data thief would be in control of that network site. This leaves those sites wide open to data thieves and leaves open huge liability to the telecom service provider.
What Can be Done to Protect Rural Sites?
Its imperative that the open ports of these systems be secured. In terms of remote management, simply placing a firewall on that port is of little value. The reason for this is that the firewall must decide to let those whom it believes to be “good guys” to have access to the units. The problem with this is that its all-too-easy to spoof a good guy and take over the site.
What needs to be done is to completely lock down all remote management ports and to send all data from those ports into a secure location, accessible only by privileged individuals. This is exactly what our RackGuardian product does. It creates a stealth shield around any device that it monitors while it sends all monitoring data with respect to that device to our secure cloud portal. The result is that you can remotely monitor and manage your critical network equipment while keeping its presence hidden from all Internet traffic.
Please think about this and give us a call if you would like assistance at your remote sites. We would be happy to have a confidential discussion with you about your security options.
Until Next Time,