[ISN] Hackers force mass website closures

From: InfoSec News (alerts@private)
Date: Thu Dec 06 2007 - 02:02:02 PST


http://technology.timesonline.co.uk/tol/news/tech_and_web/article3007298.ece

By Simon de Bruxelles
The Times
December 6, 2007

Hundreds of websites have been shut down temporarily by one of the 
largest web hosting companies in Britain after the personal details of 
customers were stolen by computer hackers.

The hackers managed to access the master database of Fasthosts for 
information, including addresses, bank details, e-mails and passwords.

The action is expected to lose vital business for hundreds of small 
companies in the run-up to Christmas.

Fasthosts claimed that it had no option other than to perform an 
emergency shutdown after it discovered that the hackers had tried to use 
information gleaned from its servers. New passwords had to be sent out 
by post rather than e-mail to avoid the information being compromised 
again.

Fasthosts was founded by Andrew Michael when he was still at school in 
Cheltenham. Mr Michael, 27, sold the business, which sells domain names 
and space on computer servers, to a German firm.

The company discovered a network intrusion in October and recommended 
that users change their passwords. Last week, staff noticed unusual 
activity on some of its sites and closed down all those that had not yet 
changed their passwords, as well as some that had.

Among the companies affected by the shutdown was EU Reporter, a small, 
web-based business that makes money from downloads and web advertising. 
Chris White, the owner, said that his downloads went from 47,000 a week 
to nothing and subscribers assumed that he had gone out of business.

He said: The loss of readership on my site is incredibly significant to 
my business. Ive lost thousands of pounds and there are literally 
thousands more out there like me. Ive got a pile of letters and e-mails 
from long-standing customers saying theyre sorry weve gone bust.

This has been a crime turned into a farce and I dont know if well 
survive.

Kohul Thiagarajah, another client of Fasthosts who manages bookings for 
taxi companies, said: I had my clients screaming at me for not being 
able to access their e-mails or their bookings.

Barry Wise, who manages 100 sites, said: This is worse than being hacked 
because I now just have to wait for the post. I cant call them because 
their phone lines are overwhelmed.

A spokesman for Fasthosts Internet Ltd said: Last month Fasthosts wrote 
to all its customers to advise them that the company had discovered a 
network intrusion involving a Fasthosts server and, as a precautionary 
measure, recommended that all customers update their passwords. 
Fasthosts was made aware that a very small number of customers, who did 
not change their passwords, had experienced a compromise. As a result, 
Fasthosts implemented automatic password changes.

We apologise to those customers affected for any inconvenience.

David Roberts, the chief executive of the Corporate IT Forum, which 
shares expertise among its companies, said: This could well be the 
biggest internet attack of its kind. The criminals could theoretically 
have taken everything on the database.

Police are investigating the network intrusion.


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Thu Dec 06 2007 - 02:10:12 PST