Charter Communications, who can you trust?

Charter Communications, its union, its customers and the New York attorney general all are experiencing trust issues.

security trust
Thinkstock

Who can you trust? That’s the question being asked of and by Charter Communications as it deals with insiders, unions, customers and a state’s attorney general.

An unhappy attorney general

Let’s start with the unhappiness of the New York attorney general (AG). The AG contends in a complaint that Charter Communications has been overpromising and under-delivering on advertised speeds. As can be expected, the company says, no way, and has asked the court to dismiss the suit, but that didn’t happen. This piece of judicial jousting has been going on since 2015, and there does not appear to be any signs of abatement.  

Perhaps more embarrassing for the company is the accusation that over 900,000 subscribers were leased “older-generation” modems, incapable of achieving the advertised speeds that they were purchasing. Things don't look good.

Clearly the AG doesn’t trust Charter Communications.

A union on strike

According to SEC filings, the company has approximately 94,500 employees (or full-time equivalents). The International Brotherhood of Electronic Workers (IBEW) Local Union No. 3, has been in strike status against Charter Communications for over a year. The IBEW Local Union No. 3, notes that its strike is due to lack of a collective bargaining agreement — a situation that has existed for over two years. The union claims that Charter Communications and a predecessor company declined to “bargain with the local.” In the union's recent update, the union notes that technicians are being disciplined for “repeated service calls to customers over unobtainable Wi-Fi speeds.”

Hmm, seems aligned with the consumer complaint from the New York AG, selling speed that can't be achieved.

Clearly the IBEW Local Union No. 3 doesn’t trust Charter Communications.

Who trusts the union?

Every story has two, sometimes three, sides, and we see that Charter Communications has its own perspective on things. It is "working on" the speed and modem issue. Though not making the litigation hit parade of the annual report, the company did enter the courts in October 2017 to sort out an insider-threat issue. The union's membership were identified as the insider threat.

The company accuses the on-strike union employees of sabotaging the network. The technicians would certainly have the necessary insider knowledge.

The complaint pointedly states:

On over 125 occasions, Charter cables, including both coaxial and fiber optic cables in both secured and unsecured locations at sites throughout New York City have been deliberately cut or damaged, thereby denying thousands of subscribers access to cable, internet, and voice service and interfering with their ability to contact emergency services, and forcing Charter to devote hundreds of thousands of dollars and hundreds of man-hours to investigating and repairing its property.

And continues with descriptions of individual events falling within the 125 instances. One of the more interesting claims, pointedly calling out insider know-how, surrounded the sabotage of fiber-optic infrastructure.

As with the prior incidents, these acts of sabotage bore telltale signs of careful coordination and inside knowledge. In particular, in each of the three instances above, the saboteurs were also careful to steal the fiber “can” into which numerous individual fibers are routed and spliced, and which contained a detailed blueprint of how the various fibers were connected. This greatly complicated Charter’s ability to reconnect the sabotaged fiber, and given that the “can” can have no value to anyone other than Charter, further demonstrates the malicious nature of the sabotage.

Clearly, Chart Communications does not trust members of the union on strike. 

Court says, come again?

But just because they have knowledge of how to cripple a network does not necessarily mean that the accused are guilty. Plenty of people have knowledge of how fiber networks operate.

And in early April that is what the courts told Charter Communications when the suit against the union was dismissed.

The Court of Appeals has held that suits against unions, which are unincorporated associations,"for breaches of agreements or for tortious wrongs" are limited to "cases where the individual liability of every single member can be alleged and proven." Here, dismissal of the tort claims against Local 3 is warranted because Charter failed to plead that each individual union member authorized or ratified the allegedly unlawful conduct by defendants."

In sum, the company’s filing against the union was too broad, “the perpetrators of these acts of sabotage were Local 3 members and/or agents.” If Charter Communications could not name names, it had no case.

When it rains it pours, customer data at risk

Then we have the small issue of customer data hung out for any and all to peruse.

Seems that in September 2017, 4 million customers of TWC (a company acquired by Charter Communications) had found out that their information was stored in a misconfigured AWS storage bucket, by one of their provider’s vendors, BroadSoft. The leakage was found by Kromtech researchers, whose communications officer, Bob Diachenko, noted

Cyber criminals and state-sponsored espionage is a real threat to major corporations, businesses of all sizes, and individuals. We see more and more examples of how bad actors use leaked or hacked data for a range of crimes or other unethical purposes.

Charter Communications customers have another area of trust to address, in addition to the speed issues, in that they had their information hanging out on the proverbial clothes line.

Can the customers trust Charter Communications?

Insider threats

Does Charter Communications understand the concept of insider threat? By all appearances it does. In a LinkedIn posting, its head of corporate security, Jane Rhodes-Wolfe, makes the case for “the need for persistent checks and vigilance of employee activities.”

In her short piece, she lays out indicators that may signal that an insider presents a higher risk and may be about to become a threat. Her piece advocates monitoring key employee indicators, including substance abuse, personal/family crisis, financial problems, mental health concerns, volatile behavior, revenge, pending termination, corporate restructuring, and criminal history.

That’s quite the shopping list.

A list that, given the recent corporate restructuring of Charter Communications and the fact that it has approximately 94,500 employees (more than the population of many cities), one may venture that a healthy percentage of the employee base fits into one of these criteria. If these are the signals being monitored, then the security/infosec and HR teams clearly have their hands full sorting out who they can trust.

Three questions about trust to cogitate on 

  1. Who do you trust in your company? 
  2. Who trusts your company?
  3. Does your company trust you?
Get the best of CSO ... delivered. Sign up for our FREE email newsletters!