Govt looks to split TPG, FTTB providers; Russians hack NATO, Ukrainian govt; 7m Dropbox passwords ‘leaked’?


By Andrew Collins
Tuesday, 21 October, 2014


Govt looks to split TPG, FTTB providers; Russians hack NATO, Ukrainian govt; 7m Dropbox passwords ‘leaked’?

TPG would have to split into separate wholesale and retail operations in order to run its planned fibre-to-the-basement (FTTB) network if a plan drafted by the federal government is enacted.

The government last week asked for public comment on a draft carrier licence condition for networks that supply “superfast carriage services” to residential customers.

“The draft licence condition would require owners of high-speed networks servicing residential customers to functionally separate their wholesale and retail operations, and to provide access to competing service providers on the same non-discriminatory terms as those provided to their own retail operations,” a statement from Communications Minister Malcolm Turnbull, read.

Under the plan, the carrier’s wholesale company would need to supply a Layer 2 Wholesale Service to other carriers and service providers, with that service carrying a price of $27 a month.

Turnbull’s statement said that, “The government's aim is to ensure that carriers provide wholesale access to FTTB network infrastructure and remove the ability to favour their own downstream retail operations over other retailers on the network.”

Without such arrangements, “competition and consumers can suffer”, the statement read.

Parties looking to comment on the draft plan can submit their comments to infrastructureandaccess@communications.gov.au. The deadline for comment is 14 November 2014.

If enacted, the licence condition would remain in place for two years, “allowing long-term regulatory arrangements for the sector to be settled”, a statement from the Minister’s department said.

Russians hack NATO, Ukrainian govt

Russian hackers infiltrated computers from NATO and the Ukrainian government using a zero-day vulnerability in Windows, according to cyberthreat intelligence company iSIGHT.

The company announced the existence of vulnerability last week, saying that it impacts all supported versions of Microsoft Windows and Windows Server 2008 and 2012. Windows XP is said to be exempt.

The firm said Russian hackers have been using the vulnerability as part of a cyber-espionage campaign.

According to iSIGHT, the campaign has targeted NATO, Ukrainian government organisations, a Western European government, firms in the energy sector (specifically in Poland), European telcos and a US academic organisation.

But more organisations may have been targeted; the company notes that “visibility [into the campaign] is limited and that there is a potential for broader targeting from this group (and potentially other threat actors) using this zero-day”.

In August, iSIGHT discovered a spear-phishing campaign targeting the Ukrainian government and at least one US organisation. The attacks coincided with the NATO summit on Ukraine held in Wales.

These spear-phishing attacks exploited the Windows zero-day vulnerability, and used a “weaponised PowerPoint document”.

“Though we have not observed details on what data was exfiltrated in this campaign, the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree,” the firm said.

iSIGHT has dubbed the group behind the cyber-espionage campaign ‘Sandworm Team’, due to the hackers’ use of encoded references to the science fiction series Dune in command-and-control URLs and various malware samples.

iSIGHT researchers reportedly said they believed the hackers are Russian because of language clues in the software code, and the hackers’ targets. Reuters cited an iSIGHT employee as saying he believed the hackers were supported by a nation state, because they were engaging in espionage rather than cybercrime.

Tech Times reported that Microsoft has issued a patch to address the Windows vulnerability used in the attacks.

Dropbox denies 7 million password hack

Hackers have leaked hundreds of usernames and passwords they say are for Dropbox accounts, claiming they are merely a sample taken from 7 million stolen Dropbox logins - but Dropbox denies it has been hacked.

Several hundred usernames and passwords were posted anonymously to Pastebin by a user who claimed they would release more credentials if they received donations via Bitcoin.

Dropbox released a statement denying it had been hacked, saying that: “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”

In a post on Dropbox’s own blog, a company representative wrote: “Attacks like these are one of the reasons why we strongly encourage users not to re-use passwords across services. For an added layer of security, we always recommend enabling two-step verification on your account.”

Image courtesy Stephan Ridgway under CC

Related Articles

Digital experience is the new boardroom metric

Business leaders are demanding total IT-business alignment as digital experience becomes a key...

Data quality is the key to generative AI success

The success of generative AI projects is strongly dependent on the quality of the data the models...

The top hurdles that will keep Australian CDOs up at night in 2024

The era of AI promises plenty of potential but this also guarantees increased complexity for...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd