Kansas Hacking Prompts Changes

The victim of an extended hack attack has urged users to learn from his woes.

Alan Ballew, IT manager at Kansas City Economic Development Corporation, believes that performing regular backups to a Compaq robotic tape library helped his company survive a protracted attack last week.

A hacker grabbed the corporations Microsoft Corp. (Nasdaq: MSFT) Windows Web server for a 40-hour period. Officials were eventually forced to take down the company Website as part of a cleanup operation on the affected server.

“Notice to all administrators: Do your backups,” Ballew says. “This is the type of scenario where your network is very fragile and has the potential of a catastrophic loss of service."

Although the exec is not aware of any data lost during the attack, his Website was still out of commission at the time of writing. Ballew tells NDCF it should be up and running again next week.But in the future, the Website will be run by a Web hosting company, largely for security reasons. “We evaluated the security, management, and maintenance issues and decided that it was not cost-effective to keep that in-house,” Ballew says.

The corporation, which dealt with around $1 billion of development work in Kansas City during the last year, was planning to implement a Cisco Systems Inc. (Nasdaq: CSCO) router and intrusion detection system, although this was not in place when the attack happened. “I think that we would have been able to identify and contain it earlier and faster."

The exec feels, nonetheless, that the organization’s own internal security policies helped limit the impact of the attack. The corporation only makes critical information available to users on a, “need to know,” basis, he says. “Not all of our files are thrown open to every user -- that limits the number of machines that can be affected.”

Corporation officials, however, are still looking to bolster the group’s defenses, although Ballew is playing these cards close to his chest. “We are taking measures regarding the security of our network, but if I told you what they are, they would be less effective."

Ballew is still unsure what the hacker was trying to achieve by tapping into his Web server. He or she may have been planning to use the server as a point from which to launch a denial-of-service attack, says the IT manager. Another possibility, according to Ballew, was using the server as a collection and forwarding point for stolen credit card addresses.Does this type of thing happen a lot? "It does. A good friend of mine is a CEO of a hosting company, and they get lots of customers from this circumstance," says Ballew.

— James Rogers, Site Editor, Next-Gen Data Center Forum