Firewall Wizards mailing list archives

RE: OK, I've been hacked, now what?

From: "Scott, Richard" <Richard.Scott () bestbuy com>
Date: Mon, 3 May 1999 12:34:46 -0500

Greetings all,

I was just wondering about these so called costs.  Let's assume your web
page was defaced.  That your original index.html or whatever had in fact be
copied to old.html, and a new page inserted(the hacked page).

Now I am not aware of the hacking incident, more information maybe more
helpful here.
Now if it is the case that the original page has been moved.  What are the
real costs in replacing by moving it back to index.html.

The fact that the security hole already existed shouldn't be placed in the
cost of the intrusion.  The cost of beefing up security maybe replacing
software/ hardware shouldn't be placed in to these superficial figures.

If you include costs for increasing the security due to the hole, then this
is of no fault of the hacker.  The hole existed before hand.  In fact, I
would go so far as to say that it's fraudulent use of figures.  It's
analogous to a house break in.  You add to the insurance claim the cost of
providing 24hr surveillance because of the security hole, or maybe the use
or purchase of hi-tech keys, because the keys were picked.
It's all to often heard that companies who are hacked claim millions of $
worth of damage, and maybe that is the case.  But these are more often the
case beefed up figures, including R/D, advertising, management costs, etc
etc....
Maybe one would take a look at this and state: " if this is worth so much,
why are we leaving it out on the street?"
Just the question a police officer/insurance person would asked when you
told them you left a Rolex watch on the path outside the house, but inside a
locked 2ft gate.

The bottom line is, how much did it cost to return the site to it's original
state, plus the business lost(in terms of EC) did they company undergo.  It
is often the case that figures of such are made up to bring about a
prosecution.  And this maybe the case in the Mitnick case.  I would advise
people to be honest in judging the loss caused by intrusions. 

Richard Scott   
(I.S.) E-Commerce Team
* Tel: 001-(612)-995-5432
* Fax: 001-(612)-947-2005
* Best Buy World Headquarters
   7075 Flying Cloud Drive
   Eden Prairie, MN 55344 USA
   This '|' is not a pipe

        -----Original Message-----
        From:   sedwards () sedwards com [SMTP:sedwards () sedwards com]
        Sent:   Friday, April 30, 1999 12:38 AM
        To:     Antonomasia
        Cc:     firewall-wizards () nfr net
        Subject:        Re: OK, I've been hacked, now what?

        On Fri, 2 Apr 1999, Antonomasia wrote:

        > From: sedwards () sedwards com
        > 
        > > Yes it's true, one of my client's web page was hacked. The
attack
        > > occurred on March 27.

        [snip]

        >       Estimate the cost of the incident (when considered
finished).
        >       Actually I'd like to know too since you've been kind enough
to
        >       talk about it.

        Rough guestimates:

                Personnel               Hours           Rate    Cost
                ----------------------------------------------------
                senior management       6               300     1800
                mid-management          6               150      900
                senior consultant       16              150     2400
                senior admin            8                75      600
                mid-admin               8                50      400
                junior admin #1         4                30      120
                junior admin #2         4                30      120
                junior admin #3         4                30      120
                "retired" hardware                               600
                lost revenue                                     500
                ----------------------------------------------------
                                                                7560

        Note that this does not include the costs of pursuing legal avenues
since
        these are still in motion.

        The impact of this attack was mitigated by the availability of spare
        hardware on hand and reasonably fresh backups -- we pulled the
drives out
        of the compromised host, replaced them with spares, installed the OS
from
        CD's and restored the site content from tape.

        Thanks in advance,

------------------------------------------------------------------------
        Steve Edwards      sedwards () sedwards com      Voice: +1-760-723-2727
PST
        Newline            Pager: +1-760-740-1220           Fax:
+1-760-731-3000

Current thread:

RE: OK, I've been hacked, now what? Scott, Richard (May 04)
- Re: OK, I've been hacked, now what? Joseph S D Yao (May 05)
- RE: OK, I've been hacked, now what? sedwards (May 05)
  - Re: OK, I've been hacked, now what? Crispin Cowan (May 06)
    - Re: OK, I've been hacked, now what? Bluefish [@ home] (May 16)
- <Possible follow-ups>
- RE: OK, I've been hacked, now what? Scott, Richard (May 05)
  - Re: OK, I've been hacked, now what? Joseph S D Yao (May 05)
- RE: OK, I've been hacked, now what? Scott, Richard (May 05)
- RE: OK, I've been hacked, now what? sedwards (May 07)
- RE: OK, I've been hacked, now what? Scott, Richard (May 07)
- RE: OK, I've been hacked, now what? Chris Tobkin (May 10)

(Thread continues...)