Two of my favourite topics: broadband and security. What an interesting question!

Here’s a quick TL;DR, though – you should not worry about this happening, especially if you are a residential broadband consumer. No one will hack the actual data traveling across the World by targetting the actual physical lines in the ground. If you are a business, you may want to read on a bit further, simply because telecoms fraud is a serious issue both with VoIP and analogue phone services.

Broadband Explained Simply

To put it as simply as possible, broadband is what allows you to connect to the World’s largest network – the Internet. When you connect to www.google.co.uk, your computer sends a request to a server, which sends you back a copy of the google website, which you can browse and use. Your little bit of data is sent from your computer, to your router/modem, out through your DSL socket, out into a cabinet in the street, all the way to the exchange, out through your ISP’s network, and then finally across the Internet, all the way to Google’s servers, where your request is processed and the result is sent all the way back to you. It all happens exceedingly quickly, and you get a result in a few seconds, if that.

What is Hacking?

Hacking as we know it today is the process of gaining access to something in an unorthodox way. For example, taking remote control of a computer against the user’s wishes. Or breaking into a company’s network to steal data. If you are worried about getting hacked, then you need to protect the devices on your network from being compromised, which, in this day and age, is quite simple and very effective.

Types of Hacking

There are 2 main ways of gaining remote access to a device: client-side attacks and exploitation of vulnerabilities. Exploitation involves scanning a device for vulnerabilities and then using a program to send the compatible exploit to the device. If an exploit attack is successful, a certain result will be achieved. This can change depending on the exploit, and some are far more dangerous than others. For example, some exploits will allow the attacker to get a remote shell with root privileges. This means they have total access to a device on your network, meaning they can steal files, delete files, install new malware, and more. Other exploits could cause denial of service attacks, whereas others could allow a piece of malware to spread across every single computer in your network with no interaction from anyone.

Luckily, exploits require a vulnerable piece of software. Some programs won’t even be vulnerable to anything at all, especially if they are incredibly simple. Even if vulnerabilities are found, you can simply update the program and that will often patch up any vulnerabilities, making your devices secure again. I know it can be a big hassle to update software constantly, but you could be preventing hundreds of thousands of pounds-worth of damages. Be aware, however, that 0-day exploits, i.e. totally new exploits that are unique and have never been shared with/discovered by the security community could pose a serious threat, even if you have a fully up-to-date device.

Fortunately, all new exploits must be created by an individual with a serious understanding of computer science. They can take months to develop and unless your business is large and popular enough to be targetted by a hacker, I would not worry about 0-day exploits all that much. It’s not impossible that you would be targetted, but a hacker has to believe it would be worth his time.

The other way of gaining access to a computer remotely is far more common and requires no exploit development. Client-side attacks involve getting the user to run a computer program that gives the attacker some form of access to the remote device, be it a simple shell, or full-blown total control where documents can even be sent to your printer!

Nowadays, anti-malware software is incredibly sophisticated. Signature-based detection is very reliable and behavioural and heuristic detection is now excellent. However, there are ways hackers can evade all detection methods, giving themselves enough time to remotely disable your anti-malware solution. This is why training your employees to never open documents from unknown sources is very important, as is teaching them about phishing attacks, so that they can recognise dodgy emails and delete them.

So, Can Broadband Be Hacked?

A hacker does not need to develop ways of hacking into fibre optic lines to read data. It’s far more useful to have remote access to a device from their own computer than it is to be able to read information travelling over the internet by hacking the physical copper and fibre optic lines.

Attacks could be launched exploiting your router, but that has nothing to do with hacking into physical lines in your house.

Telecommunications Fraud

One thing that is a serious problem is telecommunications fraud. Hackers/fraudsters can use tools that they attach to the physical copper phone lines that can make calls using your line. It will look to your service provider like you are making calls, but it is in fact a hacker. Usually, a huge volume of calls are sent to premium rate numbers overseas that cost you tens of thousands. Oftentimes, you will legally be liable for these calls even if they were fraudulantly generated. With the rise of VoIP, this type of fraud is even easier to perform, with many PBXs being accessible over the internet, meaning they can be remotely used over the internet too.

How To Prevent Telecoms Fraud

The most effective way to prevent this type of fraud is to make sure your telephone service provider has fraud protection. At Ballscoigne, our analogue and VoIP voice solutions have automatic fraud protection, which caps and bars all outbound calls if a certain limit, say, £20 in one day, is reached.

We love working with businesses to help them find the best solutions to their broadband, voice, and security concerns. If you have any doubts concerning the issues raised in this article, please get in touch. We can help your business stay safe in an increasingly technological World.