The Eircom.net ISP has been cracked and the passwords of at least 30000 of its subscription users have to change their passwords. The first that most users knew about it was when they could not access the internet via Eircom this morning. One source stated that the Eircomfree.net access was off in the Waterford area as well. Eircom.net have a helpdesk number 1890 787337 that subscribers can call to get a new password.

This is not the first time that Eircom.net have had security problems as it´s websites were cracked in December. This latest crack apparently allowed access to subscriber usernames/passwords, indicating that it may have been a compromised authentication server that spurred Eircom.net into taking action.

 This is also not the first time that subscriber records have been cracked - a few years ago a password file containing new Indigo subscriber details was accidentally left on a public FTP server. Speculation is still rife about this crack and it seems that Eircom may have only recently discovered that it was compromised.

Eircom.net decided to change the passwords for subscription users last night. In an announcement on the site, it claimed that there had been a "security incident" on Wednesday 16th which affected one of its servers.

In what seemed to be a drastic attempt at damage limitation, the Irish Independent newspaper was able to run a piece that could have been largely dictated by the Eircom press office. It was very unusual that a newspaper not known for covering this kind of story would get such cooperation from Eircom and the hand of Eircom´s very competent press department seemed to have been at work - Eircom were taking dramatic action according to the article. It was like Eircom.net was the Seventh Cavalry riding to battle the crackers with their very own bunch of Custers in the lead. Unfortunately like Custer at the battle of Little Bighorn, nobody seemed to have applied spin control to Eircom.net´s exotically titled "director of infrastructure" Fintan Lawler.

One of the boxes affected appears to be involved in the authentication process. The fact that only 30,000 subscribers have been directly affected by this password change indicates that Eircom.net´s paid subscriber figure is actually low and the valuation of £750 Million being talked about for Eircom´s internet/multimedia division even with the Indigo subscriber figures is really quite ridiculous. Indigo apparently has a separate security infrastructure and was apparently not affected by this crack.

One of the funniest quotes about the incident appeared on Electric News where Fintan Lawlor of Eircom was trying to explain how they handled events. He apparently claimed that the company "proactively" took the step to protect customer information. Let´s put this in perspective: the crack meant that Eircom was NOT protecting customer information. 

Lawlor also claimed that there was "no hole in the server that led this to happen". Extrapolating this statement would not be pleasant for Eircom.net. It would mean that the breach occurred not from a cracker exploit but rather from something as simple as a misconfigured piece of software. A more dangerous possibility is that a packet sniffer had been running on a box inside the Eircom.net network and had been actively monitoring the authentication process. In any case, the sheer stench of panic was evident in the Eircom statements.

Eircom.ie Disappeared Over Weekend

By attacking these boxes, an cracker could gain a foothold in the Eircom ISP network and while arguably outside the eircom.net network, these boxes could have been used to mount an attack on the Eircom.net authentication servers. Alternatively they could have been used to just monitor the authentication process either as the users logged on to the Eircom.net service.