HACKING HORROR STORIES: ALWAYS KEEP YOUR EYES OPEN
While these stories make great headlines, it’s crucial to understand that these hacks are a threat for any kind of business, no matter its size. To uncover some hacking horror stories that have struck closer to home, we sat down with Sutheep Singhsachakul, founder and director of Intellect Systems.
MEET INTELLECT SYSTEMS
Sutheep successfully built Intellect Systems over nine years ago, introducing software, skills and tools to aid companies collaborate within themselves and their respective partners. It’s also one of five IT companies in Thailand that are certified with IBM Collaboration Solutions following the latest release. Serving some of the world’s largest Japanese automobile companies, hospitals, power engineering companies, hotels and many more, Sutheep has seen his fair share of hacking episodes and kindly opened up to share some of those stories with us.
THE DROPBOX HACK
Dropbox is used by over 400 million people around the world, syncing 1.2 billion files every day and creating over 100,000 new shared folders and links every hour. No wonder then that hackers decided to use Dropbox as a way to steal data from unsuspecting victims. However, it’s not actually through Dropbox that this particular hack happened:
“In this hack, one of the employees opened an email from a client that had a link to a Dropbox folder and the message said to follow the link and download the file,” said Sutheep “The guy did exactly that but what he didn’t know was the email wasn’t from a client and the link led to a site that looked like Dropbox, but was just a duplicate.” Sutheep went on to explain how minor differences in web domains caught people off guard; everything will look the same as you’re expecting, except the domain will have a slight alternation that’s difficult to notice if you’re not looking out for it.
“The guy input his email and password to download the file and all that was stolen,” said Sutheep. “It turns computers into a bot to attack other computers, it can steal identities and turn your computer into a drone to attack other systems. Which can then mean you’re liable if an attack is made using your identity.”
Luckily in this case, Google (they were using Google Apps for Work) were very quick to respond and suspended the email due to suspicious activity. A lucky escape it would seem. The next case wasn’t so lucky…
THE MAN IN THE MIDDLE ATTACK
“One of our clients using an enterprise on-premise email had been exchanging emails with their supplier about buying goods into Thailand. Just after the supplier sent an invoice, there was another email saying that the supplier had changed bank account details and the client was to transfer to this new account,” explained Sutheep. “The customer transferred the money to the ‘new’ account, informed the supplier and their response was: ‘we didn’t receive the money. If you don’t send the money, we won’t send the goods.’” Upon sending the supplier the transfer record, they simply replied saying it wasn’t their account: “2 million baht. Gone.” said Sutheep.
During the police investigation, it turned out the false account was registered in Chonburi. “This has been going on as a scam for a lot of factories in Thailand,” explained Sutheep. Known as a ‘man in the middle attack’, “it’s very hard to detect. The way to defend against this is to always check who you’re emailing, sometimes the email can be just one letter different, but to the untrained eye, it’s so easy to miss. The best defense is to check when there are major changes such as this: call the supplier, ask them to confirm a change of details and get them to email with official letterhead the manager again.”
THE WEBSITE HACK
The last story in our tales of hacking horror wasn’t done through emails, but a company website: “In this case, a website was hacked so that it redirected to a Japanese online shoe shop,” said Sutheep. “GoDaddy, the web hosting company, was contacted to try and solve the issue, but after a 30-minute wait on a call to the US, no solution was found and 48 hours after each fix, the website was hacked again.”
“The hosting was moved to Thailand, where the company hosting could be called anytime, emailed, WhatsApp’d etc. However, after several more fixes, the website was hacked again and again. It turned out the hacker had got through the website through an exploit and he kept changing the codes, so he could always access it. He always had a foot in, a magic key, every time the codes were rewritten,” explained Sutheep.
When asked what the purpose of these attacks were, Sutheep responded by saying that this attack was targeted at “someone shopping for shoes in Japan, they get led to this site, they input their details, credit cards and it’s all stolen. For the company whose website was hacked, it’s bad for business, Google well drop their SEO ranking, they may get blocked or a red banner across their website,” explained Sutheep.
These types of hacks are near impossible to fix, the hacker always has the upper hand. So how was this particular hack overcome? Back-ups. “It was back-ups that saved the website from that hack and it is that back-up which is running the site currently,” said Sutheep.
LESSONS TO BE LEARNED
There are two vital lessons to be learned from these examples. Among all the hacking stories we heard, the line of defense is nearly always the same:
- CHECK email sender and website addresses when giving away private information, transferring money or downloading files.
- Back-up EVERYTHING. As Sutheep put it: “Have a back-up of the back-up, and a back-up of that back-up. On the server, on the cloud, on your computer. Back-up, back-up, back-up.”
It’s highly recommended that this advice is extended to all of your staff, particularly those that deal with confidential and valuable information. These are all very real threats that can catch out anyone who’s not keeping their eyes peeled.