Tuesday, 27 February 2007

FIBRECRAFTS - under attack

Monday 5 February 2007 will be remembered at FIBRECRAFTS for some time to come.

We opened up, as usual, and as a part of our normal routine, checked the emails for orders from the web site. On the previous evening 16 identical orders had been placed by an individual with the name of ‘Sad’. After a few more minutes we realised that a file on the site which held some credit card details had been completely wiped.

More research, particularly using a free Google tool, told us that over a period of 2 hours the site had been attacked from a computer in Hanoi, Vietnam. The technique used is known as ‘SQL injection’. This attempts to trick the web site into giving away its structure so that, through a series of intelligent guesses, the data can be extracted.

All the key data on the site is, of course encrypted, using strong processes which we understand should take 30 years to crack. The evidence on the site suggested that the attacker had only been able to delete a data file. However we thought that the responsible way to handle this was to email everyone whose data could have ever been on the site. We told them of the attack and that our estimate of their credit card data being accessed was a ‘moderate’ risk.

We immediately closed down the web site and over the following days worked to harden it to ensure that no more damage could be done and we will remain ever vigilant of future attacks.

The site was re-opened on Thursday 8th February. On the following Sunday the site was attacked again, again from Hanoi, with two individuals working simultaneously. However this time the attack lasted only six minutes and there was no damage. Again we emailed all those who had registered on the site saying that we believed that this re-attack suggested that no data had been extracted.

There have been two lessons from this for us; never to assume that a site is safe and therefore to make sure that no valuable data is held there, ever. Secondly, just how cheered we were by the very many positive responses to our emails thanking us for the warning, and assuring us that they admired us for being prepared to admit that the attacks had happened.

Over the past two weeks orders through the site have continued to flow in at an ever increasing rate.

No comments: