WorldCom plugs hole in internal data network

WorldCom has fixed a security hole in its internal data network that apparently left the networks of some of its biggest...

WorldCom has fixed a security hole in its internal data network that apparently left the networks of some of its biggest corporate customers vulnerable to intruders.

The telecoms and data networking services provider confirmed it was alerted to the existence of the hole by a hacker who had managed to penetrate the company's administrative network on multiple occasions without being detected.

No customer systems or networks were compromised before the repairs were made late last month, said Jennifer Baker, a WorldCom spokeswoman.

According to Baker, the problem was caused by a human error that allowed a router on WorldCom's network to use an "inappropriate filter". As a result, "unauthorised access could be made to the administrative internal data network" run by the company, she added.

WorldCom's technical team immediately removed the filter after being informed of the hole on 30 November and then reconfigured the router. But Baker declined to comment in more detail on the original configuration of the router.

The hole was discovered by Adrian Lamo, a San Francisco resident with a history of exploring the inner workings of corporate networks in search of weaknesses.

Lamo, who describes himself as more of a security researcher than a hacker, said he contacted WorldCom via an intermediary at SecurityFocus.com in California.

Over a period of several months, Lamo said, he was able to dig deep into WorldCom's network and gain access to in-house system tools that could have given him access to the networks of the company's customers. "All the information that I needed was there," he said.

Lamo said he neither sought nor received any payment for providing the information about the hole to WorldCom. Baker confirmed that Lamo assisted the company in making the repairs and said that WorldCom appreciated his help.

Read more on Antivirus, firewall and IDS products

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close