LapLink says hackers left key clue

[InfoSec News <isn () c4i org>]

http://seattletimes.nwsource.com/html/businesstechnology/134653561_laplink150.html

By Kim Peterson
Seattle Times technology reporter
March 15, 2003 

While driving to work on Interstate 405 Thursday, Mark Eppley checked
his e-mail from his cellphone and saw a message titled "Break-in
attempt."

Eppley, the chief executive officer of Bothell software company
LapLink, first thought that his business had been burglarized.

"What are they going to steal, computers?" he thought. "Maybe they'll
get a Pentium 4 if they're lucky."

Then his day got much worse.

Someone had broken into LapLink's computer system and planted enough
bugs to disrupt business for days. E-mail had been down briefly and
would soon be down again. Key files were missing, and other strange
things were happening.

LapLink had been hacked, a situation becoming increasingly common
among corporations. Even as companies build one virtual wall after
another around their computer networks, hackers are relentlessly
searching out weaknesses and finding new ways inside.

But LapLink's crisis had an unusual twist. It looked like the hacking
came from a computer address at another company: Classmates Online.

The hackers used the login names and passwords of two former LapLink
employees who had moved on to jobs at Renton-based Classmates Online.  
Those employees had been in charge of LapLink's computer systems, and
had intimate knowledge of — and, in some cases, created — the very
network that was being targeted.

That's when Eppley says his "heightened awareness" kicked in.

"It's like breaking and entering," he said. "It's no different than
that."

The employees are now managers at Classmates Online, and Eppley said
his team called one of them, who denied responsibility and suggested
it was someone else with knowledge of his password.

Eppley called Mike Smith, Classmates Online's CEO, who promised to
look into the issue.

When contacted, a Classmates Online spokeswoman said one of the
employees was cleaning out his computer and found an icon on the
screen linking to LapLink's system. He clicked on the link but did not
log in. The other employee did not log in either, she said.

By the end of the day, Classmates Online had begun an investigation
and the two employees had been placed on paid administrative leave.

But that wasn't the end of LapLink's troubles. Yesterday, its
corporate e-mail servers went down again and business was paralyzed,
Eppley said. He suspects the hackers had left a virtual time bomb that
caused more damage.

LapLink contacted the Bothell police, and Eppley said he intends to
file charges against those responsible. A detective visited the
company yesterday.

LapLink has estimated that it lost $50,000 in revenue because of the
incident, said Capt. Bob Woolverton of the Bothell Police Department.

Nothing like this has happened before at Classmates Online, said Gail
DeGiulio, vice president of corporate marketing.

The company takes immediate action if one of its employees is acting
inappropriately, she said, adding that she has kept in touch with
Eppley and is working to resolve the problem.

"This has been one of our top priorities," she said yesterday.

This kind of situation happens far more than it should, said Dan
Hitchcock, a manager at Breakwater Security Associates, a
computer-services company in Seattle.

Most companies intend to delete an employee's computer account after
that person leaves, but sometimes they don't follow through, he said.

"LapLink is not a small company, and it's not a young company, and
they should have done that," he said. "But they're not alone."

For some companies, the situation becomes more complicated when the
computer-systems people leave. In many cases, they leave with more
knowledge of the system than their replacements.

LapLink's corporate computers were damaged, but its e-commerce and
customer-related systems were not affected because they are run
separately, Eppley said. The company's Web site was protected as well.

Susan Meldahl, LapLink's computer-systems director, said she is going
through her network with the equivalent of a fine-toothed comb,
looking for anything out of the ordinary.

"We're really locked down," she said. "By the minute, we're making
sure that nobody else is going to try this."

Eppley said his company may have fallen victim to a computer culture
in which it's hip to be a hacker. But when, he asked, does hipness
cross the line? "That may have happened here," he said. "Something
that may have started off as innocent turned into something really
ugly."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.