Security breach story. User sees all on shared media cable net:
Message 10473879
Published Saturday, July 10, 1999
Modem security breach lets neighbor learn a little too much
Steve Alexander / Star Tribune
Bill Jorgenson of Apple Valley knows secrets about his neighbors that he wishes he
didn't, and it's all because of his new cable modem.
Three weeks ago Jorgenson, a home health care worker, ordered a high-speed
Internet-access cable modem for his home PC from local cable TV provider Charter
Communications. At first he was thrilled with the service. But the thrill faded when a
week ago he discovered that a cable modem security breach allowed him to view the
contents of the computers of more than 30 people in his area.
Jorgenson, who admits he snooped in other peoples' PCs, said he found pornography,
personal financial information and address lists in the computers of other Apple Valley,
Rosemount and Northfield residents who subscribe to Charter's cable modem service.
"I signed up for a cable modem for high-speed access to the Internet, but I didn't know
it was high-speed access to my neighbors' computers," Jorgenson said. Cable modems
are typically 30 to 50 times faster than standard computer modems.
On Friday he complained to the city of Apple Valley and to Charter Communications,
the St. Louis-based cable TV company.
Charter Communications began signing up cable modem customers in the three Twin
Cities suburbs about two months ago. So far about 800 consumers have signed up in
those areas, but not all will be vulnerable to PC snooping.
Charles Grawe, assistant to the Apple Valley city administrator, said he's not sure
whether the city's cable TV franchise agreement gives it any authority over cable modem
privacy.
Charter referred calls to its Internet access provider, High Speed Access Corp. (HSA)
of Denver, which said it isn't at fault. Privacy, it said, is the responsibility of consumers
because all shared computer networks contain inherent security risks.
Shared files
George Salinger, HSA engineering vice president, said most consumers using cable
modems never will encounter the problem, which occurs only if people decide to set up
their computers to "share" files with the network so they can gain access to their PCs
from another location. If consumers are going to open computers to the network, they
should create passwords to protect the PCs from unauthorized snooping, he said.
Opening a computer to share its contents with the cable modem network is easily done
through a Microsoft Windows function called "file sharing," Salinger said. Activating the
function automatically triggers Windows to suggest that the person create a password,
and only those who ignore that suggestion are at risk of having their PC privacy
breached, he said.
"This is a common, well-known problem of networks. This is not an exception, and it is
not the first time it has happened," Salinger said. Most cable modem systems are
vulnerable, as are some types of DSL high-speed Internet access from telephone
companies, he said.
Consumers are warned about the security problem when they sign up for cable modem
service, but it appears that many don't understand the importance of passwords,
Salinger said.
Other cable TV companies also are aware of the problem. Colleen Miller, a
spokeswoman for MediaOne, the Denver-based cable TV firm that serves more than
60 percent of the Twin Cities, said her firm's cable modem installers are told to make
sure that the file sharing function on a consumer's computer is turned off.
"As long as you turn off file-sharing, it's not a problem," she said.
'Network neighborhood'
Jorgenson, who describes himself as "just an average joe with a little bit of knowledge"
of computers, said he discovered that other computers were open to him by clicking on
the "network neighborhood" icon on his computer's Windows Explorer directory. That
brought up names of other computers on the cable modem network, which were
identified by "user names" belonging to some area residents and, apparently, Twin Cities
companies.
One of the computers he accessed belonged to "the biggest porn freak in the world, and
I didn't want to know that. One guy had a construction business, and I could look at his
Word documents and see his price quotes. There's everything down to the simplest
school papers and personal address books. It's horrific" that such information is readily
available to outsiders, he said.
Jorgenson said it took him a while to figure out how to communicate with his neighbors
about the security problem. Then one day he used his access to another person's PC to
cause this message to appear on that computer's printer:
"Call Charter Communications if you can read this. If I can read your hard drive,
someone else could too."
However, Jorgenson apparently was the first to complain to Charter. "Maybe I was the
only one crazy enough to say I don't want anybody else looking at my computer," he
said.
Charter said it has 30,000 cable TV customers in Apple Valley, Rosemount and
Northfield. The 800 cable modem users, a relatively large number for a start-up service,
may reflect a trial period in which HSA offered free service until July 15. After that,
customers will be charged $39.95 a month for the service plus $9.95 a month to rent
the cable modem, said Ferris Peery, HSA executive vice president of network sales.
Mary Neely-Carlson, a spokeswoman for HSA, said the company plans to continue
consumer education efforts to encourage people to use passwords if they share their
computers on the cable modem network.
"Sometimes, because it's new technology, it takes a while for consumers to understand
it. You have to educate them over and over again," she said.
© Copyright 1999 Star Tribune. All rights reserved. |
