Hackers Among Us
So far in the month of October we have had five web sites hacked, plus two major attacks against some of the commercial software applications we use daily at Simply Web Services. And one email password compromised.
All the attacks this month we exploits to previously unknown vulnerabilities (referred to as Zero-Day attacks).
Let’s start with the web site defacement attacks. Started on the 15th and continued to the 18th. The first attack was stopped and cleaned up in a few hours. We investigated but we couldn’t find any one thing that pointed to anything besides a weak password on the users account. We changed it and instructed the user to change the password to something that they could remember, but not something easy. The very next day the same users email account was hacked. We immediately changed the password and asked the client to contact us ASAP to ensure that they didn’t change the password we reset the day before back to what it was originally. Later that day four other web sites were defaced, displaying the exact same defacement as the day before. Three of them we discovered before the clients did. We quickly archived the hack, restored the sites and started our investigation. We discovered that a commercial application that we use on older html web sites had a previously unknown vulnerability. We contacted the vendor and we worked with them over night to get the application patched.
About The Defacement
Here is a screen grab of the lovely web site defacement that the hackers were using. They would replace the web sites homepage with this page. The screen shot doesn’t do it much justice, the lightning bolts were animated, flashing every few seconds.
And in the backgroud at full volume was “The Game / 50 Cent – This is how we do it” {Warning – Vulgar Language}
It was very annoying to say the least
Saturday night we received an urgent notice that the software we use for web hosting billing and support ticket had been compromised. Not our installation itself, but the vendor had received word that a previously unknown vulnerability had been exploited and that all versions of the software were vulnerable. So we immediately took our installation offline and waited until the patch was released. By 6 a.m. the next morning, we had a patch in hands and our installation was back up and running. Please note that our installation was not hacked and there was not personal or credit card data from our database released. It is also important to understand that we do not store credit card information on our servers. We have always taken the safe approach of having the credit card gateway handle credit cards, so we would never have to worry about that liability.