An Xtra user has been stung with additional use charges on her dial-up account and has had the matter referred to the police.
Basil Orr provides technical support to his sister and her husband and was called in when overlapping usage charges began appearing on her Xtra dial-up account.
"She called the helpdesk at Xtra and got them to change her password but the charges continued for several days," says Orr. The charges continued to appear from April 19 through to April 25 during which time Orr himself changed the password for the account several times.
"It seems odd to me that the charges continued to appear even though we'd changed the password."
Xtra's helpdesk staff told Orr that the problem was probably a virus on his sister's PC - however Orr pointed out that the PC in question wasn't actually connected to the modem for that period as it was waiting for him to fix its hard drive. Orr also claims the PC has up-to-date anti-virus software installed.
Mandy Corderoy noticed extra charges appearing on her bill for additional internet use and alerted Xtra to the problem. Xtra has agreed to waive the bill following police involvement and the arrest of several teenagers in the Wellington region.
However IDGNet understands this new case is unrelated to the Wellington group. Xtra spokesman Matt Bostwick would not comment on the case as it is now in the hands of the police.
"I can say that any charges on the account have been frozen and won't be passed on to the customer if the police do uncover fraudulent activity." Bostwick says in the majority of cases where Xtra's team is contacted over suspected fraud, the usage is eventually explained away.
"Often the usage has been incurred either by a family member or someone know to the customer ... as a result of the account holder divulging their login ID and password to another party." Bostwick says user login details should be considered on a par with an ATM card's PIN.
Anti-virus specialist Nick FitzGerald says additional use on the account prior to the password being changed could very easily be blamed on a virus of some kind.
"My initial thought was that it was some kind of back door or keystroke logger installed on the PC. However, once Xtra had changed the password that theory no longer applies."
FitzGerald says there are a number of keystroke logger applications that monitor a victim's typing until such time as a box with the words "user name" or "password" appears. Then it begins logging keystrokes, thus recording important user information.
"However, the fact that they could still access the account after the password had been changed by Xtra points to something else entirely," says FitzGerald. He says that implies either a higher level of access to account information or some kind of bug or fault in the Xtra system - either technology related or a human problem.
"If the helpdesk staff member didn't actually change the password or if there are default passwords that still work and have been compromised, that would explain it." FitzGerald says one US ISP had a similar problem several years ago.
"The helpdesk PCs had been infected with a trojan that allowed external users access to the network without being charged. The ISP's firewall allowed outgoing connections to the internet to pass unchallenged so the hackers were getting away with murder."