news The rollout of the Coalition’s preferred Fibre to the Node technology has suffered another setback, with the revelation that the NBN company is leaving ‘micronode’ infrastructure completely open to public access, in a substantial security breach.
Labor’s original vision for the National Broadband Network called for the network to feature a near-universal Fibre to the Premises rollout. However, since taking office in September 2013, the Coalition has heavily modified the approach, instead focusing on integrating the legacy copper and HFC cable networks owned by Telstra and Optus.
FTTN sees fibre run from telephone exchanges to local neighbourhood ‘nodes’, before re-using Telstra’s copper network for the remaining distance to customers’ premises. In some cases, the NBN company has chosen to deploy so-called ‘micronodes’, which are smaller versions of the nodes which service smaller groups of premises.
However, Delimiter can today reveal that these micronodes are, at least in some cases, being deployed in a completely insecure manner.
A reader has sent Delimiter photos of a micronode located in the Mount Barker area in South Australia, where the NBN company has recently begun launching FTTN services.
The micronode is located in a public area on the side of a road. However, the green cover is extremely easy to remove. It appears that the cover has two small pins on each of its short sides. Once these pins are removed (which can be done with no specialist equipment), the green cover can be slid off the unit.
“Anyone could walk up to this enclosure and open it,” the reader said.
It appears that it would be trivial for the electronic equipment inside the micronode to be stolen or vandalized, or for it to be modified without the NBN company’s knowledge. This could lead to hundreds of premises in the immediate vicinity being unable to access their normal high-speed broadband services.
It is also possible that this kind of situation could create a risk for local residents, due to the powered nature of the micronode. A third issue is that local wildlife could gain access; as can be seen above, a spider has achieved entry to the micronode (it is believed this happened when the cover was on).
It is believed that the NBN company’s larger nodes have switches which alert the NBN company if the enclosure is opened. However, it does not appear that the micronode has any such device.
The lack of security on the NBN company’s micronodes in South Australia mimics a situation seen in Western Australia several weeks ago.
At the time, Delimiter was sent photos of a FTTN ‘node’ on the corner of Spencer Road and Southdown Place, in Thornlie in Western Australia. The node appears to be connected to the Cannington telephone exchange.
The photos appeared to show that the node was left open by either the NBN company or one of its contractors, with its door swinging and the inside circuitry, battery backup and other features left completely open to the elements. The individual who sent in the photos to Delimiter stated that the node had been left that way for at least an hour, as they had been monitoring it.
Delimiter has attempted to contact the NBN company to ask for a response to the security issue on its micronodes.
opinion/analysis
Anyone know what kind of spider that is? Looks fairly beefy. I wouldn’t want to be getting too close to it.
>>Anyone know what kind of spider that is?>> Huntsman. https://en.wikipedia.org/wiki/Huntsman_spider
Must be part of the nbn’s new security strategy…A Huntsman in every micronode…
https://www.google.com.au/search?q=Sparassidae&safe=off&source=lnms&tbm=isch&sa=X&ved=0ahUKEwim74GOsrrMAhXBopQKHcVLCX8Q_AUIBygB&biw=1376&bih=677
It’s likely the only web access these premises will be getting…
*groans*
You sir win the internetz for today!
*groan*
Arachnid’s a huntsman…
geddit?
GEDDIT?
Sadly Huntsman do not build webs.
Could be a wolf spider. The wolves are at the node for the wasteful FTTN.
Doesn’t Google use spiders?
Spider to the Node!
That’s a 48 port Micro-node, (actually in this context it’s really an SEM aka Sealed Expansion Module most likely powered from a nearby full-size node), so it’s unlikely that interfering with it would cause the upstream node any issues. Someone would have to send a very high current back up the power cable to the main Node – even then the breakers would likely simply isolate the SEM without causing interruption to the services delivered from the main node cabinet.
I guess they missed the Sealed part there.
The actual SEM is the shiny Ribbed Metallic Module, they are very well sealed.
Looking again at the pic tho, it appears this SEM may not be powered from the node as there is a large rectifier module in the cabinet and a 240v mains Isolation switch.
no micronode is powered by other than local AC as of yet.
Pretty sure that will breach any standard electricity reg’s then if that is 240v and its that accessible!
DAFUQ?
Obviously you are mistaken about it being “unsecure”…
NBN Spider Security.
“In response to calls for greater transparency…”
Yeah its a huntsman … essentially they’re completely harmless (well to humans), pretty rare to hear of anyone getting bitten by one (mostly females with egg’s).
Cover that can be pulled off by anyone … le sigh. I thought it was bad when they should the internals of the locking mechanisms for the nodes themselves. I guess this is why they weren’t worried about that lol.
Well if you’re building a shitty system, you may as well do a shitty job.
/s
I remember Telecom used to have an owl as a mascot, looks like GimpCo too has found one to promote its substandard network though I think a skunk would have been more appropriate.
A picture can only tell us so much
how do we know a nbn tech was not working on that node at the time
let someone take a photo and now the photo is being taken out of context?
Read the story again, the guy who took the pictures was able to remove two pins with no special tools and take the cover off himself.
so?
i would take the same photo and say i had to remove 4 pins
You arent making any sense.
Sounds spot on actually.
Devoid you never make any sense so bugger off, there’s a good LibTroll.
And that changes the fact that it is insecure how? 2 pins, 4 pins, makes no difference. Changing it to a method that can be locked and not interferred with by a 12 year old who is bored would make a difference.
I bet if this was still Labours baby people would jump up and down decrying it as loud as they can. Perhaps we can spin it around as an efficiency dividend later on, not having to waste time on physical security for national infrastructure
Well they did complain about the coffee machines.
They should have put a huntsman on the coffee machine … it’d A OK then!
They are designed to be locked by fitting a padlock through the locking pins. The locks are usually left off while the area is still under construction. I would hazard a guess that either this one is still being constructed, or someone has forgotten to lock it, which can happen with a standard node or FTTP cabinet as well (it’s called the human factor)
Like so:
http://s32.postimg.org/6lvjom201/padlock.jpg
Any tech specs on what these “micronodes” are? And where and how they’re being deployed, distances to premises etc? That’s far more interesting than someone popping the top.
“Any tech specs on what these “micronodes” are?”
No way…if you knew that, you might steal them!
48 port CSD (compact sealed DSLAM). It is basically equivalent to a single subscriber card from a standard node, with its own power supply, battery backup and fibre uplink. It is not fed from any nearby node as some posts have suggested.
Earl, it’s an SEM or sealed expansion module which is part of the Alcatel ISAM 7330 product range. See page 7 of this brochure:
http://broadbandsoho.com/FTTx/Alcatel_7330_ISAM.pdf
They are deployed in more sparsely populated areas (think 5 acre blocks). Where the copper path loss is the limiting factor, you need more nodes to get them close enough to each user….
And a larger node can be opened with a crowbar (probably even just a flat head screwdriver). So what?
I think you are being a bit optimistic, or ignorant, or both!
No, he’s being realistic.
It takes more than a Crow bar to get into a proper node or FDH cabinet.
Thats ok, this bloke has you covered…
http://www.dailytelegraph.com.au/news/nsw/tank-mans-6m-rampage/story-e6freuzi-1111113969335
The point is that you don’t need a tool to open a micronode, whereas you do need a tool to force open a full node. The key word being “force”. If you can open something without force, it’s insecure.
drunk boffins don’t tend to have such implements when wandering home after happy hour (I’ve seen street signs posts and all get removed with nothing but hands and high blood alcohol level!) Kids don’t tend to play with them either and those small hands can get up to surprising mischief!
By the sounds of it if you look at the cover wrong it wants to come off. Once off there’s a host of issues (despite it not being sealed from the elements and vermin to begin with.
What happens if it rains and the cover is off how safe is it from arcing then (electricity can jump up to 6m etc)
“crowbar”
I wonder which will come first.. FTTP or Half Life 3?
Crow Bar
http://new4.fjcdn.com/pictures/Crow+bar+source+simpsons_efec45_4814781.jpg
Great to get images of the Micro Nodes. Do we know what suburbs they will be installed in? And do they run off the larger nodes, or in isolation to them?
They’re run from a larger node cabinet (these serve ~40 premises)
No, they’re a full standalone DSLAM. They have the capability of being subtended off a parent node but they are not deployed in that manner currently.
+1
We’ve installed dozens, none are dependent on a node.
Have you checked the security on Telstra pit lids lately? The reality is the copper network is, and always has been, completely open to anyone to tamper with. Not saying this scenario is ideal, but Nbn isn’t doing anything drastically different to what is already in place today. If I wanted to kill your entire block’s ADSL services, I could do that with a pair of bunnings tinsnips renai. And if I was malicious enough to cut the cable bundle in two places and haul out the bundle, Telstra would be within its rights to declare a mass service disruption and take however long it needed to repair it.
Maybe the contractor thought these nodes are pieces of junk and just left it without giving a shit. Would rather work on a fibre node. That micronode out of the pit does look hideous though. It is just a half-arse job.
no the spider was an NBN contractor working on that node.
it was trying to catch some of the firmware bugs in that node at the time.
Yes. That damned FTTN. Not only does it make the FTTP fanbois cry, it also makes the Node tech leave the door open. Has it been secretly causing fridge doors to be left open too?
I’d say you can’t make this shit up, but Renai just has. Next he’ll be claiming that lizard people are in control, and invented FTTN to destroy humanity – with making people forget to close the door on a cabinet being part of their preliminary mind control testing.
Mr shark failing at comprehension as usual!
Does the IPA give you smacko’s for posting LibTroll crap too?
You know Mr shark, it’s a special kind of moron who blindly backs something their party described as #fraudband only 8 years ago!
“lizard people are in control, and invented FTTN to destroy humanity”
I’ll let you know after I exit the budget lockup at 7:30pm tomorrow night.
” invented FTTN to destroy humanity ”
Not Humanity, just the NBN and our economy…
Simpletons! The sooner we dispense with high cost slow moving labor Conrovian lizard people and move to cheaper faster multi-reptilian mix Overlords, the faster ™ we can all have the internet we deserve.
Step 1: technician goes to his truck to grab sandwiches and thermos.
Step 2: union operative takes photos.
Step 3: Labor party stooge supplies to Renai with some cockamamie story.
Step 4: Delimiter article. #nofilter
Step 5: Rinse, repeat from another location.
Oh great another LibTroll that can’t comprehend simple facts!
The chap who took the photos was able to remove the 2 locking pins himself with zero tools and remove the cover!
Oh no Derek, those “facts” are the cockamamie story apparently. It isn’t at all possible it could be true, must be a lie.
It is as much a lie as 25Mbit to all by 2016 was 100% factual.
Yeah, these copper zealots really are amazingly dense!
Just so people aren’t pitting apples against bananas, what Rico and some others are referring to is the accuracy of the supplied information. “The chap who took the photos” can say whatever he likes about the photos, the statements haven’t been verified.
Not true, his photos clearly show the locking pins installed and then removed prio to the cover coming off – this is not a random case of nbn forgetting to install the pins, it’s a case of nbn using an insecure outdoor enclosure.
EDIT: judging by the pics, there should be a padlock going thru the loop protruding through one side of the green enclosure.
The photos clearly show before and after shots, but not how those states were obtained. We could take “the reader” at his word about what exactly happened but it still can’t be verified.
Some healthy scepticism by all sides doesn’t go astray.
We could ask Renai to publish the image metadata to confirm?
The healthy criticism you mention is fine, if it weren’t coming from the same fuckwits who also harped on and on about NBN Co buying coffee machines years ago.
The ludicrousness of it all is just through the roof.
Only because the two padlocks that prevent the locking pins being removed were apparently left off for some reason.
Now tell us how easy it is to get in when locked, the same as any door.
Bolt cutters get through padlocks pretty easily.
Yup, it’ll keep little fingers out (which is a good thing) but anyone wanting in gets in without much hubris.
I would just like to remind everyone that if this was an FTTH deployment that box would only contain passive splitters :D No power, no copper, no f**ery.
not to mention that the locking mechanism on an FDH (and a proper Node too) is quite robust with key-actuated locking rod’s at the top and bottom which would require a serious amount of effort to open, even with a big ass crowbar.
Not sure what the problem is. This is the new FttH option in the MTM, with that being Fibre to the Huntsman.
All thats going on is the huntsman is doing some bug testing…
I have a home solar project that just needs a few batteries.
It looks like the locking tabs have ben made to take locks so I am wondering if this is an isolated event or if NBNCo hasn’t thought about it.
No one is worried about how close to the road this is? It would not take much for an errant car to destroy the box in one foul swoop and then as stated earlier, a mass outage and take as long as you like to fix it.
Well, at least whoever this labor & FTTP fanboy stooge is, they didn’t use a wooden pole to open this one.
Isn’t tampering with network equipment (the same as Telstra’s pits) against the law? What was this guy doing trying to remove the cover in the first place?
The CSD sites consist of a Nokia 7367 ISAM SX-48V which are fibred directly back to the nearest exchange, they do not connect to any FTTN street cabinet. There is also an internal PSU with batteries powered from the incoming unmetered AC supply. This PSU is supplied by Alpha technologies.
The black box is where the copper street cables terminate as well as the DSLAM cables, there is also a fibre tray which allows them to either splice or use a factory made fibre cable that has an HMFOC connector at one end and ASC connectors at the other. The ASC’s form the DSLAm will also connet to the incoming fibre, the DSLAM only uses a single fibre for Tx & Rx
John where are you getting this info from?
I’ve been told from current nbn employees they are using the the Alcatel Lucent 7330 SEM’s.
Well obviously they are not in the know, they have several of these units in their office and they are working with a number of their vendors to come out with alternative enclosures for these units. The only 7330 being used are for FTTB sites and their FTTN street cabinets, and these use separate Tx & Rx fibres
It doesn’t make sense to fibre these “micro nodes” back to the exchange, it’s incredibly wasteful and inefficient, that’s why the SEM exists in the 7330 ISAM range.
Also no FOD upgrades for those poor users either!
Good point, FoD still proving to be political vapourware!
Comments are closed.