http://www.redherring.com/Article.aspx?a=20229 By Sean Wolfe Red Herring December 13, 2006 Call it a Friday night special. Over the weekend, South San Francisco-based Blueprint Ventures, backer of such companies as Airtight Networks, KeyEye Communications, and Visto, lost their Web site to a hacker, whose modus operandi is to alter the domain name server pointer, and direct it to porn sites, then await a ransom to undo those changes. Now, the company is wrangling with Register.com to get it back. Bart Schachter, managing director at Blueprint said he wasnt sure how it had happened. On Friday evening when he left work all was well. Then over the weekend, his email stopped working. Did Blueprint fail to pay domain registration fees? No, Mr. Schachter said. Its like identity fraud. Now we cant even get into the register.com entry, because they changed all the passwords, he said. Blueprints former domain now lists Andrew Krukov, presumably a false name, in Moscow, Russia. The email address for Mr. Krukov leads to a domain registered in the name of Andy Placid, whose name is attached to a number of domains - some not fit to reprint here - but including cellgateinc.com, and treffend.com - a known source of pornography spam. What weve found is that this guy has done it quite frequently and that porn seems to be how he gets his ransom. Its not because hes trying to sell porn, but because its probably offensive to the original owners to get them to pay, Mr. Schachter said. Blueprints working on getting its site back, but complains that the process for getting its site restored is lengthy. Its probably going to take weeks, which is absurd. Its like someone stealing a car, and youre pointing to it, you have the papers, but they wont give it back to you. The impact to the firm has been significant, as the company is working in closing two deals before years end. Its messed with the closing schedulebut the real handicap is to go without email, he said. Blueprint Venture has set up a temporary site at www.blueprintventure.com until the matter is resolved. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Dec 14 2006 - 22:56:11 PST