back to article Outsourced Virgin Media techies botched this infosec bod's Poodle fix

Virgin Media has promised to ensure all its agents are fully equipped to offer advice on the Poodle vulnerability, after a security expert exposed the failure of outsourced Indian call centre staff to explain and fix the problem. Independent security consultant Paul Moore, who is also a Virgin customer, was contacted by the …

  1. JimmyPage Silver badge
    FAIL

    Two minds about this ...

    What was a seasoned IT professional expecting from the outset ?

    1. Gene Cash Silver badge

      Re: Two minds about this ...

      > What was a seasoned IT professional expecting from the outset ?

      A chance to bash a large company about the head with a big stick, in public? And show their outsourcing is totally incompetent?

      That'd do it for me.

    2. Anonymous Coward
      Anonymous Coward

      Re: Two minds about this ...

      > What was a seasoned IT professional expecting from the outset ?

      A chance to show that VM are committing fraud[1] and the executives in charge should be going to prison?

      [1] Taking money for a service they know full-well they can't deliver.

  2. chris 17 Silver badge
    Childcatcher

    @ jimmy page

    Upvote,

    but i suspect he was expecting a service his non technical friends or relatives could use that did what it said it would. I also suspect he knew it would be a shoddy waste of money service and knew he'd earn more of it (at least in notoriety) than it would cost him.

  3. Kraggy

    My experience of VM, nee NTL over around 20 years is that the service is generally very reliable but God help you if you need support as their 'tech support' has always been lamentable, seems they're continuing the tradition.

    I would say though that if you can get past the abysmal staff they have at 'tier 1' and get through to 'tier 2' (last time I did that was a couple of years ago) in BRITAIN you get to talk to people who understand your language and know what they're doing.

    1. Steve Gill

      I've always found it to be that way too

      Every time you get put through to the outsourced centre you get a script monkey with zero-to-dangerous knowledge and no intention of being helpful

      Every time you get through to the UK based centre you get someone who is knowledgeable about the subject and helpful

    2. Jagged

      That would mirror my experience too. When you get the "outsourced" service, its abysmal. When you get through to an actual UK technician, its pretty good. But nothing could be so great as to expunge the pain of the hurdles you had to go through to get there ;)

      1. Terry 6 Silver badge

        And mine. .

        Since often the web site status page hasn't got faults on it that they are experiencing, users may well wash up with them, when it's not even a problem local to their device.

        Before now I've discovered that the first tier didn't know a significant fact that VM back home was completely aware of. Sometimes, First tier often don't even know what the public has already been told ( it is on the web site, if only we'd been able to get to it...)

        More to the point, there's an arrogance or panic in the first tier lot that lets them think they can fix the problem by nuking your system, even when they have no idea what the problem is, rather than asking for help from above.

        Or they'll try passing you off to paid support, as if the problem wasn't in their system.

    3. Mark 85

      My observation is that his not unique but seems to be worldwide. The telcos I've had issues with here in the States required some screaming, choice words, and several calls to get to someone who had some knowledge, i.e.: someone in country, at tier2 or higher, and not a script monkey with a language barrier problem.

      1. John Brown (no body) Silver badge

        The problem isn't just the tier 1 script monkes, it's that the VAST MAJORITY of calls to ISP support are either nothing to do with the service or are something easily fixed like the tried and tested "have you tried turning it off and on again".

        Where it goes badly wrong is the tier 1's not being able to identify when it's a real problem outside of their scope and being able to pass it up to the next tier as soon as the script fails.

      2. Skoorb

        Yup. I was told by someone who works for TalkTalk that over 80% of "technical support" calls are resolved by the tier 1 monkey reading from one of about 10 scripts. Mostly things like "is it plugged in", "have you yanked the microfilters out of some extension socket", "let's put your login details back in your router" etc.

        And, they only put you through to tier 1 if an automated line test is clear.

        I understand they now have a three tier service; tier 1 (doing the script reading) tier 2 (doing the actual technical support) and the engineers and technicians who actually investigate and fix faults at tier 3.

  4. Captain Scarlet
    Flame

    did not meet our usual high standards

    Hang on, so this person just managed to get the exact 6 people who didn't meat their standards.

    What typical canned response BS

    1. Anonymous Coward
      Anonymous Coward

      Re: did not meet our usual high standards

      No, only one of those six people didn't meet their standards, five of them were great, and hugely surpassed them...

      "A Virgin spokesman said: “We strive to maintain high levels of customer satisfaction with our Gadget Rescue service and ensure that agents are able to handle all enquiries. In this case, we apologise that a Gadget Rescue agent did not meet our usual high standards."

    2. Anonymous Coward
      Anonymous Coward

      Re: did not meet our usual high standards

      I'd sure hope that they didn't meat their people out! That's pretty low standards!

      1. Mark 85

        Re: did not meet our usual high standards

        Maybe your standards but probably not Hannibal Lector's standards. But only with fava beans and chianti.

  5. Lysenko

    Tier 1 support has a built in and probably insoluble paradox: anyone with the skills to do the job properly is not going to work for the salary it commands. Outsourcing doesn't change that equation in the final analysis.

    You can't solve that problem with training because training someone to do the Tier 1 support properly results in the subject stopping doing Tier 1 support entirely.

    The only real solution is the one that suits will never countenance: ensuring that support and security expenditure increases year on year in both absolute and relative terms at a faster rate than executive salaries/bonuses because security threats are multiplying far faster than the pool of buzzword spouting PowerPoint ninjas is contracting.

  6. Anonymous Coward
    Anonymous Coward

    Back in the day

    I could strip an entire engine down, rebore the cylinders, regrind the crankshaft, and rebuild it bolt by bolt before flicking the ignition key, and *knowing* it would start.

    But I still had to listen to customers who knew what they were talking about because their next door neighbours second cousins dogs vets nephew "worked at Kwik Fit".

    1. MiguelC Silver badge

      Re: Back in the day

      your point being?

      1. I. Aproveofitspendingonspecificprojects

        Re: Back in the day

        That the management simply sacked all the engineers that did shoddy work and stopped customers talking to their engineers until they had sat in the waiting room for a couple of hour realising how many different ways there were of completing a rebore correctly,realising the engineer had chosen the correct method to suit his car and that if it was a different model how much he owed his neighbour's cousin a smack in the gob and would get one too the next time he drove to India?

        I'll bet vifgin has just sacked all the duffers leaving the ones with the nearest idea to soldier on until they can get some trained staff eventually.

  7. JacobZ
    Coat

    So they screwed the pooch?

    I'll get my coat.

  8. Captain Badmouth
    Happy

    A Virgin spokesman said: “<snip> We have ensured that all Poodles are fully equipped to offer advice on the agent vulnerability.”

  9. frank ly

    Wait a minute

    He let a Virgin Media outsourced agent remotely install software on his computer?

    1. Paul Moore

      Re: Wait a minute

      A virtual machine - I'm not that daft.

      1. ggrider

        Re: Wait a minute

        > A virtual machine - I'm not that daft. <

        Taken as read but also salted with a few honeypots/la brea tar pits just to see how far(or thorough) the agent explores beyond his remit? .......or pehaps how resilient/protected his own client OS is?

  10. Robin Bradshaw

    Wait What??

    So does this mean Virgin media saw all those fake Microsoft Support phone calls, decided that was a good business model and started doing their own version?

    1. a_a

      Re: Wait What??

      Exactly, why were VM calling him, how did they know he was vulnerable? I'm assuming from the way the article reads this was client side config not server.

  11. Archie Woodnuts

    Ah, VM's tech support

    From many moons ago.

    Hello, I don't have an internet connection, it would appear my router/modem/thing is receiving a nack response when it tries to obtain an address.

    "Can you reboot your router for me?"

    Sure, but I've already done that.

    "Can you do it again?"

    *pretend to reboot router*

    "Yes, I can see it rebooting now."

    mmhmm

    "Ok, I've done some tests and that should be working now."

    *constant ping to bbc.co.uk continues to fail*

    It isn't.

    "Ok, I've just made some changes, can you reboot your router for me?"

    We've just done that, it didn't work, it's being denied an IP at your end.

    "Can you restart your computer for me?"

    Done. (not done)

    "That was fast."

    It has an SSD in it. It's lighting.

    "Is it working now?"

    No.

    *stars move across the heavens, continents rise from the sea and are submerged again, the sun grows cold and dies as I repeat this for just shy of eternity until I'm put through to a 2nd line engineer*

    "Huh, looks like your router's being denied an address *clickity clack* should be fine now."

    Indeed it is, thanks.

    1. Anonymous Coward
      Anonymous Coward

      Re: Ah, VM's tech support

      Sounds very familiar :)

      As a side note I use bbc.co.uk for my pings too.

      1. Archie Woodnuts

        Re: Ah, VM's tech support

        Well, it isn't too many letters is it? Plus, if Auntie Beeb's down then it's probably the end of the world and network issues will be the least of my worries.

  12. anthonyhegedus Silver badge

    Am I being really thick here, but what device was attacked by Poodle and why was he contacted by Virgin?

  13. Anonymous Coward
    Anonymous Coward

    Gadget Rescue

    Virgin have been pushing this paid for service for a while. Some would call it coercing customers into paying for a service they do not need by asserting alleged but unproven security vulnerabilities.

    1. John Brown (no body) Silver badge

      Re: Gadget Rescue

      On the other hand, haven't we been saying here for years that ISPs should be more proactive with their customers since they can see and identify suspicious traffic coming from their IPs?

      VM seem to have gone the wrong way and introduced a paid service when what they could do is simply sandbox a users IP and direct them to online fixes.

      If VM really are pro-actively contacting infected/pwned users than at least this may be a step in the right direction in protecting both the users and the ISPs network.

  14. Anonymous Coward
    Anonymous Coward

    All the help you need

    Must have been talking to this guy:

    https://www.youtube.com/watch?v=Bs1EWCfRyq8&feature=youtu.be

  15. Chris King
    Facepalm

    Independent security consultant Paul Moore, who is also a Virgin customer, was contacted by the company, told that he was vulnerable to Poodle and was offered a £20 "premium technical support" service to fix it.

    So, some random loon rings up out of the blue, says you've got a terrible security problem and offers to fix it for a fee ?

    Yeah, right. I've been telling my users for years that Microsoft NEVER rings end users regarding security issues and now those cretins at Virgin Media are using the exact same tactic for POODLE ?

    *facepalm*

    1. a_a

      Maybe it wasn't even VM who called but they're too incompetent to realise it was scammers and not their staff.

  16. Paul Moore

    The crucial videos...

    Here are the two videos regarding this article.

    First 3 calls: https://www.youtube.com/watch?v=ffgayEPV6so

    Remote session (edited from 2hrs to 20 mins): https://www.youtube.com/watch?v=qlSzw2s2VWg

  17. JimboSmith Silver badge

    Once upon a time back in the days of NTL and analogue cable I was a customer of theirs. I had to be if I wanted anything other than regular fta broadcast tv because it was rented accommodation and there was a no dish clause. One night a channel froze and there was something I wanted to watch on that channel. The receiver at the head end had fallen over, it was obvious from the on screen display being broadcast on top of the frozen picture. It was showing the same thing on both boxes and therefore definitely not the equipment in the house.So I called customer service (in the UK at the time) and said that their receiver needed a reboot at the head end. I also asked when the engineer would be doing it as my prog started within half an hour.

    NTL: I need you to find your remote control.

    Me: Can I reboot the headend this way?

    NTL: No sir you can't

    Me: So why are we doing this then?

    NTL: We need to check whether your box is faulty or something at our end.

    Me: Both my boxes show the same thing, they just unscramble the picture and all the other channels are fine. This therefore leads me to say as a bloke who works in broadcasting on the engineering side it's your receiver at the head end that's fallen over.

    NTL: We don't know that yet sir hence why we have to try out the remote control tests.

    Me: Let me hazard a guess based on the OSD of the frozen channel that you use Scientific Atlanta receivers at the head end?

    NTL: What makes you say that?

    Me: Because I've seen this OSD before on a SA box before and given time I can probably tell you the model number too.

    NTL: Regardless of that I need you to run the remote control tests sir.

    Me: Okay go on then

    NTL: (after tests) It would appear that our local equipment has failed and the not your box.

    Me: Didn't I tell you that? Anyway now you know that there is a problem when is it likely to be fixed?

    NTL: 9 O'clock

    Me: great so I should be able to watch my programme this evening?

    NTL: No sorry that's 9am not 9pm

    Me: Why can't someone do it this evening?

    NTL: They've all gone home at this time of night.

    Me: It's lucky you don't run the tv transmitter network in the same casual manner.

    NTL: We don't run the tv transmitter network though, we're a cable company.

    Me: You might want to check up on that you might be surprised.

    NTL: I don't think so.

    Me: Okay so basically you're not going to reboot it this evening and as such I will miss my programme.

    NTL: Yes sorry.

    Me: Why am I paying you people......

    I stopped my subscription shortly after this happened.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like