Jump to content
  • Welcome!

    Register and log in easily with Twitter or Google accounts!

    Or simply create a new Huddle account. 

    Members receive fewer ads , access our dark theme, and the ability to join the discussion!

     

Now we know why AT&T had 12 hour outage


Lame Duck
 Share

Recommended Posts

If outsiders gained access to a company's network, the last thing they would want to do is cause an outage that brings attention to them.  Such a hack would be subtle, and likely discovered after the fact.

 

The vast majority of major outages are caused by software/code upgrades that were improperly vetted, or engineers making a mistake. Sometimes denial of service attacks are a big problem as well.  Data breaches rarely if ever are accompanied by an outage.  

Link to comment
Share on other sites

1 hour ago, Davidson Deac II said:

If outsiders gained access to a company's network, the last thing they would want to do is cause an outage that brings attention to them.  Such a hack would be subtle, and likely discovered after the fact.

 

The vast majority of major outages are caused by software/code upgrades that were improperly vetted, or engineers making a mistake. Sometimes denial of service attacks are a big problem as well.  Data breaches rarely if ever are accompanied by an outage.  

You do not think AT&T took the system down when they realized they are being hacked and likely realized what was stolen so they did not go back online until the patch was installed?

Link to comment
Share on other sites

2 hours ago, Lame Duck said:

You do not think AT&T took the system down when they realized they are being hacked and likely realized what was stolen so they did not go back online until the patch was installed?

I have been working in that area of IT for a long time, and it's highly highly unlikely.  Personal information storage and the active network for phones are two completely different systems.  Just a rough guess here, but when your phone connects to a network, the data stored on your phone (the phone chip number) is communicated to authentication servers and they confirm that phone has the right to use the ATT network.  The communication doesn't necessarily contain personal data like email and such.  

The breech is more along the lines of email, phone number and address that they have on file for bill pay and statement information, or when you log in via app to pay your bill.  And the big issue is social security numbers.  This is more along the lines of when you log into your account thru your phone or laptop to pay your bill or check the status of an order.  This is not about the phone connecting to and using the ATT cell tower.  

Most likely, they discovered the breech after the fact and then had to implement new security protocols, patches, and updates to prevent new breeches. 

 

  • Pie 2
Link to comment
Share on other sites

58 minutes ago, Davidson Deac II said:

I have been working in that area of IT for a long time, and it's highly highly unlikely.  Personal information storage and the active network for phones are two completely different systems.  Just a rough guess here, but when your phone connects to a network, the data stored on your phone (the phone chip number) is communicated to authentication servers and they confirm that phone has the right to use the ATT network.  The communication doesn't necessarily contain personal data like email and such.  

The breech is more along the lines of email, phone number and address that they have on file for bill pay and statement information, or when you log in via app to pay your bill.  And the big issue is social security numbers.  This is more along the lines of when you log into your account thru your phone or laptop to pay your bill or check the status of an order.  This is not about the phone connecting to and using the ATT cell tower.  

Most likely, they discovered the breech after the fact and then had to implement new security protocols, patches, and updates to prevent new breeches. 

 

They stole everything from AT&T… from names, addresses, social, birthdays to even PIN numbers.  I mean, they sucked everything out.  Whenever you discover you are being hacked but not sure of the source, you just shut everything down and trying to figure out in safe mode/offline where breach happened and patch it up before going back online.   That’s why I’m thinking the systems went down was no coincidence.  Rule of thumb, dark web gets all the info right away and hack communicated within few weeks of attack.  Falls in line with an outage.  I have been hacked before.  My immediate response was to take everything offline and close the door before going back on as I wasn’t sure where hack was coming front.

Link to comment
Share on other sites

2 hours ago, Lame Duck said:

They stole everything from AT&T… from names, addresses, social, birthdays to even PIN numbers.  I mean, they sucked everything out.  Whenever you discover you are being hacked but not sure of the source, you just shut everything down and trying to figure out in safe mode/offline where breach happened and patch it up before going back online.   That’s why I’m thinking the systems went down was no coincidence.  Rule of thumb, dark web gets all the info right away and hack communicated within few weeks of attack.  Falls in line with an outage.  I have been hacked before.  My immediate response was to take everything offline and close the door before going back on as I wasn’t sure where hack was coming front.

No, you don't.  That is just not the way it works.   You secure the network if there is an active breech, but this had been going on since 2019.  

Edited by Davidson Deac II
Link to comment
Share on other sites

On 4/1/2024 at 7:57 PM, Lame Duck said:

They stole everything from AT&T… from names, addresses, social, birthdays to even PIN numbers.  I mean, they sucked everything out.  Whenever you discover you are being hacked but not sure of the source, you just shut everything down and trying to figure out in safe mode/offline where breach happened and patch it up before going back online.   That’s why I’m thinking the systems went down was no coincidence.  Rule of thumb, dark web gets all the info right away and hack communicated within few weeks of attack.  Falls in line with an outage.  I have been hacked before.  My immediate response was to take everything offline and close the door before going back on as I wasn’t sure where hack was coming front.

that's not how systems or post-hack-discovery works.

As the previous caller mentioned, there's separation of billing/backend systems vs systems that allow phone calls to be made. 

Link to comment
Share on other sites

23 minutes ago, Lame Duck said:

Yea, at some point that info will be released to public of how the data leak took place.  AT&T is going to get hammered by the regulators.  They are repeat offender too.

They're not alone - same has happened to many many other companies. I wouldn't bother focusing on the AT&T situation when time is better spent hardening your own security access sets across the board.

A data leak (from any company) will happen again. Best you can do is have a good plan in place for when it does.

 

Link to comment
Share on other sites

7 minutes ago, PanthersATL said:

that's not how systems or post-hack-discovery works.

As the previous caller mentioned, there's separation of billing/backend systems vs systems that allow phone calls to be made. 

It was not just phone call system.  The entire AT&T was down.

Link to comment
Share on other sites

2 hours ago, Lame Duck said:

I was just informed my info is on dark web from AT&T hack.  I had AT&T uverse many many years ago.

If you think the AT&T hack is what put your info online for miscreants and rapscallions to utilize, you're mistaken. It's just another in an ongoing series.

Check https://haveibeenpwned.com/ for all the other places your online data may have leaked from.

The best defense is a good offense:

  • Use 2FA wherever possible. And not SMS messaging if you have options for Authenticator apps or other 2FA solutions. SMS is not secure (but it's better than nothing)
  • Turn on any security feature that can notify you of account changes
  • Have a unique password for every account
    • Minimum of 20 characters, and a mixture of upper/lowercase letters, numbers, and symbols
    • Use a password manager to manage all your passwords. Doesn't matter which one - 1Password, BitWarden, LastPass.... there are others.  (disclaimer: some critics are not recommending LastPass due to its own one-off issues, but experts have dismissed those a bit for various reasons)
  • Put a freeze on all three of your credit reports (it's free!). This would/should keep your credit from being utilized fraudulently without your involvement/awareness

 

image.png.348d640d88e303a4e65b93e964f0a17b.png

  • Pie 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share


×
×
  • Create New...