[LINK] FW: FW: SMH: '4800 Aussie sites evaporate after hack'

Paul Koerbin pkoerbin at nla.gov.au
Wed Jun 22 12:34:39 AEST 2011


Oops. I misunderstood. It's not the Whirlpool forum that has gone - though if it does ...

Is there a list of sites that were lost? If they were on the .au domain and if they did not have robots.txt exclusions, then the NLA may have copies or if not us, the Internet Archive. This would not retrieve the original files but all or some of the content at least may not be lost.

Paul

-----Original Message-----
From: link-bounces at mailman.anu.edu.au [mailto:link-bounces at mailman.anu.edu.au] On Behalf Of Paul Koerbin
Sent: Wednesday, 22 June 2011 12:07 PM
To: link at mailman.anu.edu.au
Subject: [LINK] FW: SMH: '4800 Aussie sites evaporate after hack'

It is a pity (for them that) the Whirlpool Forum site a comprehensive robots.txt disallow on all user agents. Had it not we would have collected a copy of the site in the latest .au domain harvest we did in Feb-March of this year.


Paul


Paul Koerbin | Manager Web Archiving | National Library of Australia
Ph: (02) 6262 1411 | Email: pkoerbin at nla.gov.au



-----Original Message-----
From: link-bounces at mailman.anu.edu.au [mailto:link-bounces at mailman.anu.edu.au] On Behalf Of Roger Clarke
Sent: Wednesday, 22 June 2011 10:00 AM
To: link at anu.edu.au
Cc: asher.moses at fairfaxmedia.com.au
Subject: [LINK] SMH: '4800 Aussie sites evaporate after hack'

[Firstly, congrats to Asher on his Walkley, reported in the SMH this am!

[The key elements of this story are extraordinary:
(1)  "[after an attack on the servers]... four of the company's 
servers were "unrecoverable"".  (Okay, as they say, 'shit happens')
(2)  " ... not only was the production data erased during the attack, 
but also key backups, snapshots and other information that would 
allow us to reconstruct these servers from the remaining data"

It's remarkable enough that a service-provider doesn't have the 
capability to re-construct the software environment on which its 
business depends.

But to have no secured backups of their customers' data beggars belief.

I've been tackling the problems of cloud services, both for business 
and for consumers, but I'd assumed that standards in the mainstream 
outsourcing industry were a great deal higher than this!

See http://www.rogerclarke.com/II/CCBR.html
     http://www.rogerclarke.com/EC/CCC.html

We need litigation, to make clear that company directors' houses are 
on the line when risk management falls significantly short of the 
public's reasonable expectations.

_______________________________________________________________________


4800 Aussie sites evaporate after hack
ASHER MOSES
21 Jun, 2011 02:51 PM

At least 4800 Australian websites have been lost with no chance of 
recovery following a break-in at Australian domain registrar and web 
host Distribute.IT.

The hack attack caused so much damage that four of the company's 
servers were "unrecoverable", the company said, leaving thousands of 
website owners in the lurch.

"The overall magnitude of the tragedy and the loss of our information 
and yours is simply incalculable; and we are distressed by the 
actions of the parties responsible for this reprehensible act," 
Distribute.IT said.

As reported by Fairfax Media last week, Distribute.IT was hit with a 
"deliberate, premeditated and targeted attack" on its servers last 
Saturday but it is still struggling to work out exactly what happened 
or how much data was stolen.

Security experts warned that thousands of websites were vulnerable to 
being hijacked and extensive private data were at risk of being 
stolen.

Customers hit the Whirlpool forums to complain that Distribute.IT had 
not adequately responded with information about the break-in and that 
the hack "has probably killed my business".

In a statement published today, Distribute.IT said it had been 
working around the clock in an attempt to recover data from its 
affected servers.

"At this time, We regret to inform that the data, sites and emails 
that were hosted on Drought, Hurricane, Blizzard and Cyclone can be 
considered by all the experts to be unrecoverable," it said.

"While every effort will be made to continue to gain access to the 
lost information from those hosting servers, it seems unlikely that 
any usable data will can be salvaged from these platforms.

"In assessing the situation, our greatest fears have been confirmed 
that not only was the production data erased during the attack, but 
also key backups, snapshots and other information that would allow us 
to reconstruct these servers from the remaining data."

The company said 4800 websites were affected and since it did not 
have the capacity to transfer the domain names to other parts of its 
platform, Distribute.IT had no choice "but to assist you in any way 
possible to transfer your hosting and email needs to other hosting 
providers".

The significant data loss has raised questions from backup experts as 
to why Distribute.IT did not appear to have offsite backups of 
customer data.

Distribute.IT has still not been able to get its website back online 
and it is using a Google Blogger account to update customers. Its 
phone lines have been ringing out and its email is down, forcing the 
company to use a temporary Gmail addresss - distributeit888 at gmail.com.

Rob McAdam, CEO of security firm Pure Hacking, said the issue was a 
"catastrophic problem" for those with websites hosted by 
Distribute.IT.

"If these clients of Distribute.IT had no other backup other than 
what was at Distribute.IT, they would then have to rebuild their site 
- from scratch," he said.

"From the Distribute.IT blog post, it appears that they have lost all 
of the content for these web sites and any associated backups that 
Distribute.IT kept."

James Turner, security analyst at IBRS, said: "This could be the 
nightmare scenario that every small/medium businessperson working on 
the internet has in the back of their minds. If the attack is as 
described then the malice behind it is appalling."

On the Whirlpool discussion forums, where there are over 60 pages of 
posts discussing the Distribute.IT hack, customers were livid at 
finding out their data was gone forever.

"I think I'm in shock ... I have lost everything .... I couldnt 
possibly replicate all those years of work again ... my whole lifes 
work is gone down the drain," wrote one.


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University
_______________________________________________
Link mailing list
Link at mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

_______________________________________________
Link mailing list
Link at mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link




More information about the Link mailing list