In the Crosshairs

ISPs, cable ops brace for more attacks

“F--k Black Lives Matter!”

That jarring and vulgar racist message — and much worse — appeared on the TV home screens of Charter Spectrum subscribers in Dallas two months ago.

Using symbols for white supremacy and Nazism, hackers had momentarily broken into Charter’s network and released the outrageous messages to subscribers. “Brought to you by Phreak of Nature Baby J and King Benji!”

Some North Texas customers, dismayed at the hate speech, called in to complain, and within hours, much to the chagrin of Charter, the story went viral in the local media, including an interview on the local ABC affilliate, WFAA channel 8, with a tearful African-American woman who read the quotes aloud on her screen.

Charter, of course, deleted the messages immediately, and apologized profusely to customers, but the incident still concerns executives at a cable giant known for its diversity efforts, particularly chairman and CEO Tom Rutledge, who chaired this year’s Walter Kaitz Foundation Fundraising Dinner supporting diversity in the cable-TV industry.

The question for U.S. media companies is not “if” they will be breached, but more like “when.” IBM chairman and CEO Ginni Rometty called cybercrime the “greatest threat to every profession, every industry, every company in the world” at the IBM Security Summit in New York City last year.

The motivations for hacks into big companies are as varied as the methods of attack. Some hacks, often big email breaches and releases (Sony), are meant to embarrass. Some are state-sponsored (Olympic athletes, the Democratic National Committee). Other hackers seek to steal customer data (Yahoo) to sell on the black market. Some are meant simply to cause damage, cost money or make a point, however vile (Charter). Others hijack or hold up data for a ransom (Liberty Global) or try to steal money.

“The motives can run the gamut, which is why we’ve committed extensive resources for many years with a focus on risk management,” said Myrna Soto, global chief information security officer for Comcast, which invests heavily in security analytics. Soto declined to go into detail about Comcast’s cyber defense tactics.

Though extended network outages due to hackers are rare for cable operators and big U.S. ISPs, the networks they manage continue to be the target of attacks because of the nature of their digital business.


The intensity and frequency of these attacks is increasing, security experts said, because so much of the product and the architecture around it is no longer in a closed, wired system. Increasingly, it’s all in the cloud, a far more porous and vulnerable environment. Indeed, as more homes, appliances and automobiles become wired for the Internet of Things, the risks are expected to grow. And as cable’s wireless footprint expands, so do innumerable new threats on that platform.

The attacks come in all forms, from distributed denial of service (DDoS) attacks to phishing to the theft of company customer lists. Some big cable operators receive as many as 1 million attempts to breach the system — each day.

Just last year, the California Public Utilities Commission approved a $33 million settlement with Comcast and the California Attorney General’s office related to a incident at Comcast that resulted in the release of personal information of nearly 75,000 Comcast Xfinity Voice customers. The purloined data was being offered for sale on the black market, possibly the victims of malware from phishing attacks or exposure from unrelated data breaches.

Other big cable operators have also weathered attacks on customer data. In January, Time Warner Cable notified up to 320,000 customers of a data breach in which their email and password details may have been stolen, likely through malware, or via unrelated data breaches of other companies storing customer information.

Notably, the FBI notified TWC — not the other way around — that some customers’ email addresses and account passwords “may have been compromised.”

“Hackers are often able to break in and are able to operate in stealth,” said Sam Rastogi, senior manager of products and solutions at Cisco’s Service Provider Security division. “The time it takes a service provider to identify a breach is anywhere from 100 to 200 days and that is huge problem.”


Cable operators and other network companies are doing three things to meet the shifting demands of new cyberattacks.

For starters, they are spending aggressively, contracting with consultants and investing in network security firms outright. Data security concerns are now an issue for company boards, which are sanctioning bigger budgets to update critical protections, executives said.

Secondly, attentive companies are building more holistic or end-to-end defenses, beyond just firewalls, software updates and patches — and they are sharing solutions with fellow providers. Many ISPs collaborate on defenses in real-time, informing one another of details of new strains of viruses — or solutions. Comcast, through its Center of Excellence for Security Innovation, has partnered with academics at the University of Connecticut to “collect, reflect and connect” for best ideas in securing critical infrastructure.

Most providers work in an array of groups, alongside NCTA – The Internet & Television Association, on government and private sector initiatives. “One of the keys to a successful cybersecurity program is collaboration across the ecosystem,” NCTA chief technology officer Bill Check said.

Finally, most ISPs, particularly cable operators, are aggressively educating customers to be more vigilant, and are offering a limited arsenal of defensive tools. Many customers don’t change passwords for different accounts, making it easy for hackers, while others naively open links to malware or emails from phishers.

On its Constant Guard Xfinity website, Comcast offers customers a wealth of cybercrime prevention services, including alerts, hotlines, software and real-time updates on various malware threats, color-coded by level of threat.

In addition to secure firewalls, Charter, too, offers a “Security Suite” for its cloud-based Spectrum service with “advanced real-time protection against viruses, spyware and other malicious attacks.”

“There is no silver bullet when it comes to security,” Cisco’s Rastogi said. “What we see is the most effective way is to deploy multiple layers of security and to insure you can effectively protect the content, protect the service and protect the infrastructure.”




What happened when hackers shut down Liberty Global’s broadband in the Netherlands