[ISN] LapLink says hackers left key clue

From: InfoSec News (isnat_private)
Date: Mon Mar 17 2003 - 03:14:10 PST

  • Next message: InfoSec News: "[ISN] SSH Tunneling part 3 - Where does the crypto end?"

    By Kim Peterson
    Seattle Times technology reporter
    March 15, 2003 
    While driving to work on Interstate 405 Thursday, Mark Eppley checked
    his e-mail from his cellphone and saw a message titled "Break-in
    Eppley, the chief executive officer of Bothell software company
    LapLink, first thought that his business had been burglarized.
    "What are they going to steal, computers?" he thought. "Maybe they'll
    get a Pentium 4 if they're lucky."
    Then his day got much worse.
    Someone had broken into LapLink's computer system and planted enough
    bugs to disrupt business for days. E-mail had been down briefly and
    would soon be down again. Key files were missing, and other strange
    things were happening.
    LapLink had been hacked, a situation becoming increasingly common
    among corporations. Even as companies build one virtual wall after
    another around their computer networks, hackers are relentlessly
    searching out weaknesses and finding new ways inside.
    But LapLink's crisis had an unusual twist. It looked like the hacking
    came from a computer address at another company: Classmates Online.
    The hackers used the login names and passwords of two former LapLink
    employees who had moved on to jobs at Renton-based Classmates Online.  
    Those employees had been in charge of LapLink's computer systems, and
    had intimate knowledge of  and, in some cases, created  the very
    network that was being targeted.
    That's when Eppley says his "heightened awareness" kicked in.
    "It's like breaking and entering," he said. "It's no different than
    The employees are now managers at Classmates Online, and Eppley said
    his team called one of them, who denied responsibility and suggested
    it was someone else with knowledge of his password.
    Eppley called Mike Smith, Classmates Online's CEO, who promised to
    look into the issue.
    When contacted, a Classmates Online spokeswoman said one of the
    employees was cleaning out his computer and found an icon on the
    screen linking to LapLink's system. He clicked on the link but did not
    log in. The other employee did not log in either, she said.
    By the end of the day, Classmates Online had begun an investigation
    and the two employees had been placed on paid administrative leave.
    But that wasn't the end of LapLink's troubles. Yesterday, its
    corporate e-mail servers went down again and business was paralyzed,
    Eppley said. He suspects the hackers had left a virtual time bomb that
    caused more damage.
    LapLink contacted the Bothell police, and Eppley said he intends to
    file charges against those responsible. A detective visited the
    company yesterday.
    LapLink has estimated that it lost $50,000 in revenue because of the
    incident, said Capt. Bob Woolverton of the Bothell Police Department.
    Nothing like this has happened before at Classmates Online, said Gail
    DeGiulio, vice president of corporate marketing.
    The company takes immediate action if one of its employees is acting
    inappropriately, she said, adding that she has kept in touch with
    Eppley and is working to resolve the problem.
    "This has been one of our top priorities," she said yesterday.
    This kind of situation happens far more than it should, said Dan
    Hitchcock, a manager at Breakwater Security Associates, a
    computer-services company in Seattle.
    Most companies intend to delete an employee's computer account after
    that person leaves, but sometimes they don't follow through, he said.
    "LapLink is not a small company, and it's not a young company, and
    they should have done that," he said. "But they're not alone."
    For some companies, the situation becomes more complicated when the
    computer-systems people leave. In many cases, they leave with more
    knowledge of the system than their replacements.
    LapLink's corporate computers were damaged, but its e-commerce and
    customer-related systems were not affected because they are run
    separately, Eppley said. The company's Web site was protected as well.
    Susan Meldahl, LapLink's computer-systems director, said she is going
    through her network with the equivalent of a fine-toothed comb,
    looking for anything out of the ordinary.
    "We're really locked down," she said. "By the minute, we're making
    sure that nobody else is going to try this."
    Eppley said his company may have fallen victim to a computer culture
    in which it's hip to be a hacker. But when, he asked, does hipness
    cross the line? "That may have happened here," he said. "Something
    that may have started off as innocent turned into something really
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Mar 17 2003 - 05:51:31 PST