The Anatomy of a Hack Attack

Written November 5th, 2009 by
Categories: CEO's Blog
Comments Off on The Anatomy of a Hack Attack
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Yesterday started off like any other day.

I scanned my overnight emails, read our daily production log, attended our daily standup meeting and then planned my priorities for the day.  High on my list was to research a competitor that we were about to do battle with.  Little did I know that half way around the world in Chennai, India, they had the same priority.

By 0930  I had developed a profile of the competitor and posted an image of their principals (straight off of their website) on our intranet for “inspiration”.

I couldn’t believe what happened next.

At 0944  I received the following inquiry off of our corporate website:

“Hi, We are looking for an ecomerce solution integrates SAP. We looked
into b2b2dot0 and interested on the product cost. Please convey
this.  Please send us the brochures, whitepapers, case studies on this.”

What was really bizarre was that this person identified himself as an employee of the very same competitor that I had just developed a profile for moments earlier.

Were these dots connected?

I immediately responded to his email asking him to state his intentions.  If they were honorable, I would be happy to provide him with whatever information he requested…as I do with all inbound inquiries to our website.  It’s been over 36 hours since that email exchange and I’ve yet to hear from him 🙂

At 1000 I then decided to analyze the web traffic that was coming to this blog and our corporate website.  I was quite flattered to learn that he was spending quite a bit of time with Google trying to learn what he could about us. I guess that was only fair since I had just spent an hour of my time doing the same 🙂

Was that another pair of connected dots?

I then took a closer look at the search terms he was using and that got my adrenaline pumping!  He was trying to scour the web for login information to our demo site! He was crossing the line from harvesting publicly available information to illegally trying to access one of our secure sites.

These dots are now definitely connected!

At 1030 I skyped my partner Joe Pryor and asked him to look at the logs of our demo site and see if there was any evidence of someone trying to hack their way in.  And lo and behold, our “friend from Chennai” had persistently tried to guess a userid and password combination that would unlock the front door to our website.  Now I felt violated!

By 1045 we had deactivated all unused ids, locked down our firewall to his company’s IP address and hopefully slammed the door shut on him for good.  But that got me to thinking…what was he after?  would he go after any of our client’s systems?  what harm could he do if he did break in?  how vulnerable were we actually?

Here are some of our observations, lessons learned and answers to these questions:

  • First of all, it felt great to be “important” enough to be on the receiving end of an espionage attack.  I guess we’ve arrived 🙂
  • No single action on our competitor’s part was in and of itself flagrant enough to trip any major alarms.
  • Similar to the challenges that our Homeland Security apparatus faces, the threat was recognized only when we “connected the dots”.
  • We were able to connect the dots, because unlike Homeland Security, our lines of communication are short, wide open and well worn.
  • No known technological solution exists that could replace the power of these human interactions in connecting the dots.
  • Our corporate challenge is going to be to maintain this level of interaction as we grow.
  • Even if he was able to hack his way into one of our administrator accounts, all other user passwords are encrypted.
  • We don’t store any of our client’s business data on our website.  Only userids, passwords and mappings to SAP SoldTo’s etc.  No credit card data, no price lists, product catalogs, no order histories…nothing is stored on our servers!
  • Our website is connected to our client’s SAP via a secured tunnel which prevents access to anything other than that particular id’s SAP data and allowed transactions.  No other client systems can be compromised.

In the end, all our “spy from Chennai” was able to accomplish was to bolster our resolve.  He also reminded me of how grateful I am to David Carrick of Memex whose company is the leading provider of Criminal Intelligence Management Software and whose Board of Advisors I sit on 🙂  My association with him, his company and his clients, was great training for yesterday’s excitement.

Sam