dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

Lincroft, NJ

1 recommendation

reply to Floppy

Re: [Bill] Comcast billing issue on the Consumerist site

I really don't think that the woman is ordering the PPV herself.

If Comcast has verified that it is coming from one of her current boxes (and not from one of those old ones she originally swapped out), then here are some possibilities:

"One expert tells Bamboozled it wouldn't be all that difficult for a clever hacker to make it look like their massive porn purchases are being ordered through someone else's set-top box." A "cloned" box?

"... and her boyfriend was at his job, 45 minutes away, from 9 a.m. until 8:14 p.m." Could the boyfriend have stopped back at the apartment during that time?

Could one of their friends or a relative, the super, maintenance man or someone else that could have access to the apartment, be doing this?

One way to eliminate these last two possibilities would be to use a stealth "nanny cam" to record any unattended activity near that cable box. Who knows what it might catch - maybe it is the cat!

Snohomish, WA
said by telcodad:

....would be to use a stealth "nanny cam" to record any unattended activity near that cable box....

yet when the same technology is even hinted at for POSSIBLE home security, advertizing, or motion sensing (a la Kinnect) it is immedietly derided as " invasive, spying", or other such terms.
perhaps a password, along with the understanding that giving the password to ANYONE, is like giving them your credit card would be better.

Respice, Adspice, Prospice
Onion, NJ
they set up a pin for her, and there is still activity...

Lincroft, NJ
reply to telcodad
OK, some more details on this case from the source article:

Bamboozled: Seeing red over blue-movie fees
The Star-Ledger of NJ, NJ.com - April 2, 2012
»www.nj.com/business/index.ssf/20 ··· 169.html

An excerpt (which seems to dismiss a lot of my possible explanations):

"Before taking on Hart's case, we had a host of questions about who has access to her home.

"I am the housekeeper, accountant and chef," she said. "I have no one that comes in."

She has no kids. No family members who come and go. She's not having construction at the home, so workers aren't in and out. Her boyfriend of nine years does have access, but he works a full-time job — including times when movies were ordered.

Upon our request, Hart gave us copies of telephone records and datebooks so we could compare Hart’s and her boyfriend’s locations during the times of the porn charges.

It seems there were plenty of times that Hart has evidence that no one was home, or that her boyfriend was working, when movies were ordered.

For example, there were unauthorized charges on Jan. 21 from 12:30 to 9:30 p.m. Cell phone records, datebook records and receipts show that on Jan. 21, Hart was at a 1:45 doctor’s appointment and her boyfriend was at his job, 45 minutes away, from 9 a.m. until 8:14 p.m.

We looked at many other dates, too.

If the skeptics among you think it has to be the boyfriend, consider this: If he’s been with Hart for nine years, why suddenly order porn for the first time? And even if it was him, after Hart discovered the January charges, why continue to order month after month?

Also, it’s customary for service providers to give customers a credit the first time an unexpected or possibly unauthorized charge appears on a bill. But if Comcast’s investigation determined the orders originated in the house, why credit Hart a second time?

We looked online for similar complaints and found many. Customers said they even unhooked their boxes for an entire month, but the porn charges continued to appear.

We took these questions to Comcast, and while it investigated, we talked to a few experts to see if it was technically possible for someone to hack into another customer’s digital system.

For starters, a simple Google search finds all kinds of ways to allegedly hack into cable boxes, but we’re not techies at heart. We asked the experts.

David Maloney, a security researcher at Rapid7, a security assessment company, said it’s hard to give a definitive answer without knowing the specs of Comcast’s system in that area.

Still, while Comcast said it identified which set-top box placed the orders, Maloney said that’s not a foolproof system.

"STBs are usually identified simply by the MAC (Media Access Control) address, which is easily spoofed," Maloney said.

He said spoofing a MAC address hides the actual hardware address, making it look like orders are coming from a different device.

Additionally, he said, many models of set-top boxes can be modified with new operating systems, giving attackers access.

He said companies often make the mistake of believing their STBs are known quantities and they fail to account for the possibility of them being modified.

"This can result in basic safeguards being neglected due to the mistaken assumption that an attacker could never get on that network," he said.

Maloney also said if a malicious user was able to spoof a request from an STB so it appeared that a request was coming from another STB, it would theoretically be possible to purchase programming and charge it to someone else.

Tech analyst Jeff Kagan also said a hack is possible. He said he’s heard these complaints for years, and not just about Comcast, but about all cable providers.

"It may be just like hackers on your computer. They can hack into networks at various points and they can take service," Kagan said. "(Cable companies) don’t talk about it because they don’t want everyone to know there is a problem.""


Philadelphia, PA

Bamboozled: Seeing red over blue-movie fees
The Star-Ledger of NJ, NJ.com - April 2, 2012

Ah, so she has finally blocked all Comcast PPV. Good for her.

Next stop, netflix!