An ISP Story (Summer, 2007) --------------------------- By Witchlight I thought I'd share with you all a little story about a script kiddie, a real nice victim of said kiddie, and an ISP. I work tech support for a large ISP in a state that will remain nameless. (You should be able to figure it out.) One night I got a call from a rather nice customer requesting a password reset. His name was Mr. O'Reilly. As I pulled up his account to do this for him he told me how he had been "hacked." Now you have to know that we took this with a grain of salt at tech support. In the four years I've been doing tech support I can honestly say that I've only talked to maybe three people who have actually been abused by a "hacker." Once I got his account up, however, I immediately believed him. See, Mr. O'Reilly's account came up now as registered to one "Assbag O'Reilly." Some script kiddie had gotten access to his account and reset all the personal information for the account as well as other things. So now whenever the customer sent an email it would say it was from Assbag O'Reilly. I went over with him on how to change it back and advised him to change the secret question for his account as well since it was likely the kiddie had changed this too and would be able to reset the password and we'd be right back where we started in a day. Now here s where we ran into a dead end. We knew that he had been victimized. What could I do as a representative of a major ISP? Not a thing. Nothing. There was no security team that I could escalate the customer to. There was no phone number for any such department listed in the numbers of approved contacts that I could call or refer the customer to. The only thing I could do was get the customer to email abuse@hotmail.com and hope for the best. How could this be? Well, as we are outsourced support we are given very few tools and absolutely no access to departments that could do anything about this. We follow the call center mantra of the almighty talk time and all issues have to be resolved in an average of 15 minutes or there's the door. It makes for a support culture of saying anything - even if it's total crap - just to get rid of the customer so you can get your metrics met to get your bonus for being the best punter around. Agents are not hired for their tech ability. They rely on the customer being even more ignorant in order to make them a "tech." About two of every ten people in the center are technically inclined and we pick up the punts and fix what the first person should have been able to do. Rant over. Having done what the client wanted and recommending a few things to O'Reilly to try and help him, I ended the call. Two days later he called back again with the password issue. The kiddie had used the flavor of the month MSN exploit again, recracked his account, and made himself a subaccount. A friend of mine had the call this time and talked to me about it since he saw my name from the last ticket. No response to Mr. O Reilly from the abuse department and nothing done. What was different this time was the kiddie had gotten some balls and was using O'Reilly's MSN account to instant message him. We were watching this happen via our remote assistance tool. Now we had something to track the kiddie! One of our tools for those who know where to look would show us the IP of the last successful login and we found it was not from our ISP. One lookup later and we traced it to an SBC user. Choosing to ignore the 15-minute rule because Mr. O'Reilly was a nice guy (this goes a long way) we decided to call SBC on his behalf and track the kiddie at the source of his connection. We got a representative from SBC and explained that one of their users was "hacking" our customer as we spoke and that we had proof. Here we learned that SBC operates exactly like our ISP and didn't have any way of doing anything about it. So we got a supervisor instead. You would think a supervisor could do something... Nope. Their job is not tech. They are there to make sure there are butts in chairs taking calls and making money for whatever outsourced company is hired by the ISP. They said that there's nothing they can do and don't even have an email address for the abuse/security team. We pressed the point and they actually told us that what their user was doing was perfectly acceptable use of their service! I'd love to know what the SBC legal team would have said about that one. But it makes my point and shows you the reality of what the average victim of script kiddie mayhem has to go through. We did all we could but until this kiddie grows up and leaves him alone, O'Reilly is stuck (unless he takes legal action). We did more than we were supposed to and got nowhere because outsourced support and the ISPs who use them just don't give a crap. I wouldn't say it's open season or that you won't get your service pulled for hacking or worse. But the system is actually stacked slightly against the average user and in favor of the script kiddie. The tally: Kiddie 1, O Reilly 0, ISP... rich. Shouts to Gilda, Harrybalz, ZX, and jedi262.