Firewall Wizards mailing list archives
RE: OK, I've been hacked, now what?
From: "Scott, Richard" <Richard.Scott () bestbuy com>
Date: Mon, 3 May 1999 12:34:46 -0500
Greetings all, I was just wondering about these so called costs. Let's assume your web page was defaced. That your original index.html or whatever had in fact be copied to old.html, and a new page inserted(the hacked page). Now I am not aware of the hacking incident, more information maybe more helpful here. Now if it is the case that the original page has been moved. What are the real costs in replacing by moving it back to index.html. The fact that the security hole already existed shouldn't be placed in the cost of the intrusion. The cost of beefing up security maybe replacing software/ hardware shouldn't be placed in to these superficial figures. If you include costs for increasing the security due to the hole, then this is of no fault of the hacker. The hole existed before hand. In fact, I would go so far as to say that it's fraudulent use of figures. It's analogous to a house break in. You add to the insurance claim the cost of providing 24hr surveillance because of the security hole, or maybe the use or purchase of hi-tech keys, because the keys were picked. It's all to often heard that companies who are hacked claim millions of $ worth of damage, and maybe that is the case. But these are more often the case beefed up figures, including R/D, advertising, management costs, etc etc.... Maybe one would take a look at this and state: " if this is worth so much, why are we leaving it out on the street?" Just the question a police officer/insurance person would asked when you told them you left a Rolex watch on the path outside the house, but inside a locked 2ft gate. The bottom line is, how much did it cost to return the site to it's original state, plus the business lost(in terms of EC) did they company undergo. It is often the case that figures of such are made up to bring about a prosecution. And this maybe the case in the Mitnick case. I would advise people to be honest in judging the loss caused by intrusions. Richard Scott (I.S.) E-Commerce Team * Tel: 001-(612)-995-5432 * Fax: 001-(612)-947-2005 * Best Buy World Headquarters 7075 Flying Cloud Drive Eden Prairie, MN 55344 USA This '|' is not a pipe -----Original Message----- From: sedwards () sedwards com [SMTP:sedwards () sedwards com] Sent: Friday, April 30, 1999 12:38 AM To: Antonomasia Cc: firewall-wizards () nfr net Subject: Re: OK, I've been hacked, now what? On Fri, 2 Apr 1999, Antonomasia wrote: > From: sedwards () sedwards com > > > Yes it's true, one of my client's web page was hacked. The attack > > occurred on March 27. [snip] > Estimate the cost of the incident (when considered finished). > Actually I'd like to know too since you've been kind enough to > talk about it. Rough guestimates: Personnel Hours Rate Cost ---------------------------------------------------- senior management 6 300 1800 mid-management 6 150 900 senior consultant 16 150 2400 senior admin 8 75 600 mid-admin 8 50 400 junior admin #1 4 30 120 junior admin #2 4 30 120 junior admin #3 4 30 120 "retired" hardware 600 lost revenue 500 ---------------------------------------------------- 7560 Note that this does not include the costs of pursuing legal avenues since these are still in motion. The impact of this attack was mitigated by the availability of spare hardware on hand and reasonably fresh backups -- we pulled the drives out of the compromised host, replaced them with spares, installed the OS from CD's and restored the site content from tape. Thanks in advance, ------------------------------------------------------------------------ Steve Edwards sedwards () sedwards com Voice: +1-760-723-2727 PST Newline Pager: +1-760-740-1220 Fax: +1-760-731-3000
Current thread:
- RE: OK, I've been hacked, now what? Scott, Richard (May 04)
- Re: OK, I've been hacked, now what? Joseph S D Yao (May 05)
- RE: OK, I've been hacked, now what? sedwards (May 05)
- Re: OK, I've been hacked, now what? Crispin Cowan (May 06)
- Re: OK, I've been hacked, now what? Bluefish [@ home] (May 16)
- Re: OK, I've been hacked, now what? Crispin Cowan (May 06)
- <Possible follow-ups>
- RE: OK, I've been hacked, now what? Scott, Richard (May 05)
- Re: OK, I've been hacked, now what? Joseph S D Yao (May 05)
- RE: OK, I've been hacked, now what? Scott, Richard (May 05)
- RE: OK, I've been hacked, now what? sedwards (May 07)
- RE: OK, I've been hacked, now what? Scott, Richard (May 07)
- RE: OK, I've been hacked, now what? Chris Tobkin (May 10)
(Thread continues...)