Fibra.city is down since yesterday, April 19. Several users of the young operator complain a serious disservice widespread throughout Italy departed from approximately 3 pm on April 19 and continued until April 20. At the time of writing, the situation seems to be progressively returning with some users who manage to navigate optimally, others who manage to connect in fits and starts, still others who are unable to do so. Two serious factors: the lack of transparency by Fibra.City, thedisplay of some company equipment on the public network.
Who is Fibra.City
The company promotes itself on the telephone market in Italy with three strengths, citing the official website. VERA Fibra Guarantee, therefore FTTH for all users (relies on the excellent Open Fiber network), employees resident in Italy, Internal HelpDesk. Fibra.City offers several very interesting packages in terms of costs, but right from the start the assistance service proved to be incomplete in answering users' doubts. The assistance has been enhanced over the past few months, but it seems that the company still has communication problems, as demonstrated by the last down.
Fibra.City down, what happened and what emerged
Starting from 3 pm on April 19th, the Fibra.City network suddenly "shut down", without giving any notice, to several users who reported their experiences online. Several customers (impossible to quantify them at the moment) found themselves unable to connect and no notice appeared on the official channels. The whole story is documented in great detail on our forum and other similar online services, but even today – despite the extent of the event – there is no notice on the Fibra.City social channels or on the official website. It's hard to understand what's going on, but by contacting the HelpDesk service you get some clues
"Dear Customer,
we inform you that we are proceeding with the resolution of the problem you have reported to us, together with our international partners. As you may have known, the problem is caused by a series of attacks at national level on the entire network. During today's day, connectivity will be restored (with reactivations divided on a regional scale). If your connection does not become active again by the end of today's day (i.e. after 18 on Monday 20/04/2020), please let us know by opening a new ticket. We apologize for any misunderstandings which, as mentioned, have resulted from causes external to our will.
Sincerely, the Fibra.City Staff "
Fibra.City has fallen under the blows of "national attacks", or is it a new case of hacker attack probably fictitious INPS-style, under which to take refuge in order not to admit a situation with far deeper issues? Easy to fall into more or less valid assumptions, given that to date there are no certainties, but they make us think badly about some things that emerged during this down.
It is very simple to access the log-in screen of some network devices used by the operator (external to Open Fiber). In short, the access portal could be vulnerable to brute force attacks and the credentials used could be recovered through targeted aggression obtaining control of extremely sensitive tools. To make matters worse the bad management of some services offered to the customer: by accessing the ticket system for assistance it was enough to change the id in the URL to read the requests of other users.
Requests that sometimes included sensitive information (names, surnames, partial addresses), with the naivety of a certain carelessness in managing user privacy. At the moment this problem appears to have been resolved, but has remained dormant for several months.
Fibra.City down, a response from the company is awaited
In short, the the down problem is only marginal compared to what has been found in the past few hours, also because in terms of performance the company has nothing to envy to the most famous competitors. Now, however, he must respond to his current customers (and future ones) regarding the various problems that have emerged in these hours, and not only with regard to the down. The disservices also happen to big names, and not only in Italy, but everything else is to be clarified. We await a response from the managers of Fibra.City, and we will update the page if we receive exhaustive information on the problems that have emerged.
Update 20 April 2020 – 2.30 pm
Fibra.City has published an update on the official Facebook channel, which we report entirely below. The line of "attacks that blocked" the network is confirmed, and customers are warned of "a few blackouts of a few minutes in the next few days, due to the adoption of measures to remedy these problems".
"Dear users, we apologize for the inconvenience you have been having since yesterday, but we have suffered a series of attacks that have blocked the network. Unfortunately these attacks are aimed at blocking the functionality of the network itself, so it becomes difficult to keep the network operational.
We therefore advise you that you may experience small blackouts of a few minutes in the coming days, due to the adoption of measures to remedy these problems. Our legal department is already working to find out if the culprits can be identified and prosecuted.
We remind you that in these cases you must open a support ticket and refer to those (not to the FaceBook pages or to the call center). Thanks and sorry for any inconvenience. "
Updates April 21, 2020
Fibra.City has published several press releases on the matter on the official Facebook page, with the aim of clarifying the doubts that have emerged over the past few hours. One relates to the ability to access support tickets, a move the company has threatened lawsuits to the detriment of those who have tried to access tickets sent by other users.
"With regard to the fact that sensitive data from our Customers may have been stolen or disclosed, we would like to reassure everyone and confirm that there has been no" theft "or unauthorized access. In no case were data related to: addresses or personal data; credit cards; bank data.
It is true, however, that some users have used the procedure fraudulently, attempting to access the information of other users (as mentioned, without having access to any sensitive data). These actions are configured as an attempt to hack and our legal division is evaluating the actions to be taken together with the Judicial Authority ".
More interesting is the technical post currently at the top of the Facebook page, which explains what happened a little in detail. Although late, Fibra.City is getting back on track in terms of communication, explaining in detail what happened. The company indicated April 20 at about 20, a timing of about 24/48 hours for the technicians' work to be completed in order to correctly restore the line on all utilities. Problems in accessing some sites are to be expected, especially in the evening and at night.
"We inform you that the mitigation works for Sunday's attack are still ongoing. We are keeping online the services and equipment that have been affected (and that continue to suffer attacks), which are mainly related to domestic packages (the Business services did not suffer any disservices of any kind, while Smart Business services were affected for less than 3%).
For transparency, we therefore point out that the problem only affected a part of thecustomers (we would therefore like to reassure users who ask us why they have not suffered problems and if they will suffer them).
Regarding the possibility that someone may have had access to the gateways dedicated to the Best Seller, Potenza, Smart, Fibra.City 1,000 mega packets! and partially for some Smart Businesses, we can guarantee that no one has had access to these devices and that their web interfaces have been kept accessible externally, for the time strictly necessary and only to allow the services to be restored (protected however by password with a degree of complexity such as to avoid possible intrusions). We reiterate this, nobody has had access to the gateways (Mikrotik or Cisco) and, as demonstrated by the communication that we have made public, the errors are attributable only to the DDOS attacks.
Our staff estimate that it will still take 24/48 hours for all systems dedicated to home users to return to working properly. During this period you may have difficulty reaching certain IPs (therefore also websites and web services), especially in the evening / night hours.
We close with a heartfelt, truly heartfelt thanks for all the customers who have supported us and encouraged our staff in these hours, which we assure you, have spent and are spending far beyond their traditional tasks (despite us too, like everyone else , we have to deal with the pandemic in progress and with smart working, which in these days has been much less "smart" 
🙂 ).
We will keep you updated on the state of the network affected by the attack in the coming days ".
