4800 websites destroyed after hacking attack on web hosting firm Distribute.IT – SME victims speak out
The incident is the latest of an unprecedented set of attacks against major corporations and websites over the past few months from hacking groups such as Anonymous, LulzSec and others. The instigator of the latest attack has not been revealed.
The groups have attacked companies including Sony and Nintendo, and have also brought down government websites, resulting in repair bills reaching into the hundreds of millions. Thousands of login details for email addresses have also been released.
Distribute.IT, which has been forced to communicate through a Google Blog after its site was attacked, informed customers yesterday that data contained on four separate servers was unrecoverable.
“While every effort will be made to continue to gain access to the lost information from those hosting servers, it seems unlikely that any usable data will can be salvaged from these platforms,” it said yesterday.
“In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data.”
Distribute.IT has been contacted for comment but no reply has yet been received.
Experts have informed the company there simply aren’t enough resources to transfer the 4800 domains and accounts, “and at this point we cannot undertake further provisioning of servers and accounts on the current infrastructure.”
“This leaves us little choice but to assist you in any way possible to transfer your hosting and email needs to other hosting providers.”
The reaction from customers has been vitriolic. Many have taken to internet discussion forum Whirlpool to deride the loss of personal and business data, which in some cases has been lost forever due to a lack of backups.
Milan Rajkovic, who runs hosting and domain name register company Milan Industries, said he has already lost clients over the debacle.
“We use Distribute.IT as a wholesale domain provider, although we have our own infrastructure. It has caused us to lose two clients now, because we can’t make any changes on domain names.”
“We had signed up a few new clients just on Friday before the attack, and were going to set them up on Monday for email services and so on. Of course, when we went to assign IP addresses, it couldn’t be done.”
Rajkovic says while the company hasn’t lost data as a result of the breach – and many have – it has nevertheless impacted on prospective business.
“This whole thing has affected us in a processing way and is costing us more than it should. Changes that should take five minutes in the back-end are now taking 30.”
Dean Turnbull, who runs the IT support firm Next Edge, says he too has been affected – he is unable to access registry information for domains controlled by Distribute.IT.
But while Turnbull says there are questions to be asked on whether Distribute.IT could ever be expected to recover the data after such an attack, and whether it should be blamed for its current position, he believes the lack of communication is most frustrating.
“My main gripe with them has been their lack of communication, not the fact that what happened, happened. The time taken to recover from the attack is understandable, but what is not is that their registry servers are down.”
“The registry servers should be separated from the hosting environment and backed up, and you’re taking a few hundred gigabytes at tops. There’s no reason why these should have been off for a week-and-a-half now.”
Turnbull also works for another company that has lost access to 202 domain registrations.
“The problem with Distribute.IT is that they’ve grouped in all of their own infrastructure in the same backup methodology. So they’ve lost a whole lot of customer data, but their company has also gone down because the two weren’t separated.”
Rob Forsyth, director of the Internet Society of Australia and managing director of internet security company Sophos, told News.com.au it appeared Distribute.IT’s security systems were too lax.
"To me it seems really that there were inappropriate security settings within a number of their databases," he said.
"It appears that some of the data was not encrypted and therefore was once the servers were cracked, was available in clear text.”
The debacle comes as the government prepares to launch a new bill into Parliament that will strengthen cyber-security laws, announced by attorney-general Robert McClelland. He said in the past six months, the Computer Emergency Response Team had informed businesses of more than 250,000 pieces of stolen information including passwords.
“While Australian law substantially complies with the obligations in the [Council of Europe Convention on Cybercrime], the government believes there is more we can do to ensure Australia is in the best position to tackle cyber threats that confront us, both domestically and internationally,” McClelland said.
The new laws will allow law enforcement to do more when tracking down cyber criminals – a practice which is already becoming more common. Earlier this month an alleged hacker behind the Sony attacks was found in South America, while overnight in Britain another alleged hacker was arrested, although the group LulzSec denies any connection.
The legislation is surely in response to the sheer amount of attacks that have been faced not only by SMEs, but major corporations too. International government departments and multi-national giants are suffering under the weight of the attacks. Sony has been targeted several times, bringing its PlayStation network down for a month in one of the biggest attacks of all time.
The CIA, various American software companies and even Australian mining giants have been targeted by hackers.
While Sony has not released official figures on how much it will cost to recover from its attack, analysts expect the figure to be about $US200 million.