Cyber attack on Biznews: How it happened, why you could be next

On the night of Sunday March 22nd, Biznews.com was hit by a cyber attack. It was a denial of service  – the equivalent of a single computer sending thousands of simultaneous visitors to a site built to handle a few hundred at a time. It throttled the site, effectively blocking access for some hours. That the attack co-incided with the publication of a story exposing the alleged Belvedere Ponzi scheme raised suspicions. In this fascinating interview with Kovelin Naidoo, CIO of Internet Solutions, we discover how it happened and why those with an online presence need to be less trusting, more sceptical. And also have a watch of the video above where Naidoo shows us the “toys” cyber criminals use in free wi-fi coffee shops to harvest information we’d all prefer to keep secret – like bank account passwords. – Alec Hogg

In this special podcast, Alec Hogg talks to the CIO of Internet Solutions, Kovelin Naidoo.  Internet Solutions were the pioneers of the Internet in SA. How many years ago, was that?

That’s about 21 years ago, so we’ve come a long way.

How long have you been with IS?

Well, I’m a recent acquisition to IS and I’ve been there for just over a year now.

What does a CIO do?

I’m there to represent our shareholders, our clients, and our employees/our crew to make sure we maintain the status quo from a governance/security point of view.  Ensuring we have the highest possible client service levels and client experience out there, whilst having the most secure one as well.

What does the ‘I’ stand for?

Under the CIO, it stands for Chief Information Officer.

We had an incident going back a couple of months now, on the night that we started publishing these exposés about an alleged Ponzi scheme called Belvedere, which now seems to be unravelling fast.  The Biznews website was attacked that night and we discussed very briefly what might have happened.  Is it easy for me – if I don’t like what somebody’s doing on a particular website – to bring the site down?

Yes.  I remember that conversation we had and to answer your question simply – yes, it is literally that easy.

How?

As much as some of the newer TV programs make the industry quite sexy in terms of cyber-attacks out there, you actually need zero skills.  All you need is either a credit card or Bitcoins and basic knowledge of the deep web.  For $5.00/hour, you can hire someone who knows how to do this stuff.  It’s literally, quite easy if you want to try it yourself.  You can go out there, do a simple Google search, and bring out a whole plethora of tools if you are technically inclined.  It’s just too easy out there.  The Internet pretty much means that we have digital borders for our corporations and our companies, and a digital border around your personal life as well (Facebook, Twitter).  With social media, we have all these digital touch points, so it’s all too easy to try to profile a person or a company online to get an idea of who they are.  Whether it’s for profit or for corporate espionage, there are various motivating factors.  It’s very easy to do that.

What seemed to happen in our case was that many people were hitting the site at the same time. Explain how that might have happened.

In your particular incident, after we assisted with that investigation…you’re 100 percent right.  It was an enormous amount of traffic, which was generated to your website.  According to your website, I’m just seeing an influx of things that are addressing me, and it just fell over because all systems have a breaking point.

Instead of a couple of hundred people coming in simultaneously, there were many more?

Thousands.  A computer can generate a virus – a single Internet connection.  If you’re someone in South Korea with a Gigabyte Internet connection, you could be generating millions of connections, just from one computer in that household.

That can then take down websites, unless you have big security? 

Well, it all depends on the type of attack that we’re seeing there.  When we looked at what happened with the web servers on your side, it was just sheer volume of traffic generated by a single computer out there.  In this case, it wasn’t as malicious as we first thought it was.

Well, they say so……we still don’t believe it.

Obviously, you have some really interested companies out there, in your brand particularly, and the quality stories that you have so there’s a huge interest.  In this case, (we’ll call it Company X for now), they had a script or a bot (think of it as a little computer) constantly polling your sites.  We call it ‘scraping’ but for lack of a better word, pretty much trolling through your site for content/specific tags, so searching for specific pieces of information that goes back and stories then move from place to place.

On a broader perspective though Kovelin, what does a company do? How clever are South African corporates in securing those phases of their business?

If you look at the South African landscape…certainly, from what I’ve seen, financial services currently leads the way with regard to awareness around cyber-crime/cyber-security.  Because of the nature of the industry, they’ve evolved much quicker.  The regulations have enforced a lot more controls around the environment.  They’ve led the way with regard to countermeasures and how we protect our brand in cyberspace, because that’s what it’s really about – once you truly understand the psyche of people out there that are not only interested in your website, but your brand/the value of your asset.  To answer your question, we have a long way to go in terms of the other industries out there.  Certainly, for CIO’s out there, it’s also a new concept for them.  As technical as we are, cybercrime and cyber-security takes it to really, another level and it requires a different mindset to approach the problem.  We can’t simply use old-school methodology and textbook methodologies, which are now actually quite meaningless.

We don’t have to become cynical, but we need to be a little more sceptical.  At Biznews, we certainly are.

Yes, without a doubt, Alec.  If I could sum up the point in the following analogy…  If we had to look at a company back in the eighties or the seventies and you had to sit with that CEO and say ‘how do we gauge the actual net worth of that company’, it would be in its assets – its physical assets.  Companies back then had buildings, tons of vehicles, and actually physical assets and stock, etcetera.  When you transpose that to a modern business that operates in the modern day and you try to look at the net worth of the current company, most of the net worth sits in the digital space.  You don’t have many physical buildings, but companies are remote.  There is mobility.  We work from anywhere/anytime, digitally, so a lot of what your company’s worth, actually sits in cyberspace.  If you think back to ‘how much do I spend on physical security on a building’ versus ‘how much of security do I actually spend on protecting my company’s digital borders’, because if most of my net worth is actually in there, I should be spending a decent amount of my attention to cyberspace as well.

The problem is that the crooks in cyberspace are usually much more sophisticated than the crooks in the physical world…

Of course.  They are not always as sophisticated, but most of the time…  They also don’t have a limited clock of 12 hours.  They’re on a 24-hour shift rotation with multiple time zones.  They’re really, coordinated guys and most importantly, they don’t play by rules.

They can come from anywhere in the world…

There are no rules.

Have you had really bad attacks in South Africa?  

Yes.  The team that I lead and the products and services that we have as IS; we do a lot of cutting edge stuff behind the scenes that clients just don’t know about.  It’s value-add.  It’s us, protecting your brand by what we do and the experience we give out there.  We do see quite a lot of sophisticated attacks on particular market segments and sometimes, particular brands out there.  There is a concept, called ‘advanced persistent threat’, which is a type of cyber-crime aimed at a specific entity.  This sort of crime is well publicised abroad, particularly in the banking sector (abroad).  We’ve even seen those types of APT’s where your brand has been specifically targeted, either for information or something of value.

Industrial espionage?

I haven’t personally seen that in South Africa yet.  I know that internationally, one of the hot properties in the deep web right now, is data.  If you drill down into what sort of data…  For the Americans, it would be Social Security numbers, credit card information, (which is universal) and we’ve seen a ton of that happening with targeted tax on specific brands and industries looking for credit card information in South Africa.  Globally, we’ve also seen health information recently becoming quite a hot commodity.  You’d think ‘who’d be after my health information and the last kidney stone that I had’ but actually, health information is quite a hotly traded commodity out there. I think it’s aimed particularly at things like market intelligence – taking information from Company A and targeting Company B to say ‘do you know that you’re missing out on this many clients with this volume of transactions that you currently don’t have’.  What’s this information worth to you?  What is this database worth to you?  What is this worth, from a marketing point of view?  If we look at the actors in cyberspace, you would have heard that the main actors in the cyber connotation, would be guys motivated by profit – those ‘black hatters’ out there, the dark side of the force – and you get guys who are motivated by a cause (typically, your activists out there).  We’ve also seen nation states getting involved as well and where nation states are considered, we’ve seen very targeted – not in South Africa yet – attacks globally, purely looking for information.  Looking for specific information around military files and blueprints, etcetera.  Malicious software that sits on your machine that looks for specific types of information to go back to specific attackers.

 

Visited 78 times, 1 visit(s) today