When LulzSec Attacks: a Survivor's Story

Security start-up Unveillance fell prey to LulzSec. In this interview, founder Karim Hijazi talks about how the hack unfolded and what lessons he sees for companies.

By Robert Lemos
Fri, June 10, 2011
. What's this?

CSO — Between LulzSec's hacking of major organizations, such as Sony and PBS, the group found time to go after the four-person startup Unveillance. On June 3, the vandals posted documents from Unveillance CEO's Karim Hijazi as well as a recording of a conference call that they managed to join.

In this interview with CSO contributor Robert Lemos, Hijazi discusses the breach and what lessons he takes from the incident.

Also see: What would Salvador Dali make of LIGATT and LulzSec?

CSO: When did you first find out what had happened?Hijazi: We sensed something impending. There was a lot more activity based on the logs. We instituted some strong security measures that were really intense, meaning whitelisting the access to the environment entirely, which means that you had to be explicitly known to get in. And that completely stifled any effort to get in to the systems. And then I guess they started working on my email environment, because that was not hosted by me, but by Google (GOOG). Yet, again. They were able to solicit my work email and what they claimed to be my personal email as well. My mistake was not using two factor. The facility was available. I'll be really honest, had I used that, it may have been a different story. The problem is that ultimately, these guys were pretty adamant about trying to get in. There are a lot of accusations made here, but the reality is that they were extorting me, whether for money or for our botnet intelligence.

When did LulzSec first contact you?We sensed some strange activity prior to the 25th of May, but the official first contact, if you will, happened late in the evening on the 25th at 3 a.m., so very early morning on the 26th of May. And it was an email that came in via a Hushmail address that was fairly ominous, that had in the subject line one of my passwords. It got my attention, basically. It was a very innocuous first email, but scary enough to make me pay attention. It was, "Let us talk."

Any other signs, besides the log traffic, that something was going on?The only reason I wasn't caught off guard was because earlier that evening, I could tell that my emails were going from "unread" to "read" and back to "unread." So, I knew something was up.

I went into Google's Web interface and they have a facility to show which IPs had hit it, and that is when I discovered that the iPredator VPN had dinged my email. And so I knew something was up. It's a free VPN tool out of Sweden that is notoriously anonymous. The encrypted VPN helps them obfuscate themselves quite well. That is what spurred me on to change the passwords on my email and go through my security checklist right then.

Continue Reading

Originally published on www.csoonline.com. Click here to read the original story.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
How Much Containment Is Enough?
Achieving an optimum degree of airflow containment cannot be reached through a one-size-fits-all solution. The true measurement of any containment solution is dependent upon using a Hot Aisle, Cold Aisle or Cabinet Containment strategy that has been optimized for airflow, static pressure, leakage, bypass air and temperature variance.
Fast Track your Access to Business Intelligence
Identifying the right configuration and deploying complete, scalable data warehouses can be a time consuming, costly and error-prone process. Success ultimately depends on the ability to deploy a system that can support an expected level of performance - then allow that performance to scale linearly as needed.
Best Practices for Implementing a Data Warehouse on Oracle Exadata
Increasingly companies are recognizing the value of an enterprise data warehouse (EDW). A true EDW provides a single 360-degree view of the business and a powerful platform for a wide spectrum of business intelligence tasks ranging from predictive analysis to near real-time strategic and tactical decision support throughout the organization. Ensuring the EDW will get the desired performance and will scale out as your data grows you need to get three fundamental things correct, the hardware configuration, the physical data model and the data loading process. By correctly designing these three corner stones you will be able to create an EDW that can seamlessly scale without constant tuning or tweaking of the system.

By using the Oracle Exadata Database Machine as your data warehouse platform you have a balanced, high performance hardware configuration. This paper focuses on the other two corner stones, data modeling and data loading, providing a set of best practices and examples for deploying a data warehouse on the Oracle Exadata Database Machine.
Oracle: Big Data for the Enterprise
Analyzing new and diverse digital data streams can reveal new sources of economic value, provide fresh insights into customer behavior and identify market trends early on. But managing this influx of new data can be a challenge. To derive real business value from big data, you need the right tools to ca! pture and organize a wide variety of data types from different sources, and be able to easily analyze it with your enterprise data. By using the Oracle Big Data Appliance with Oracle Exadata, enterprises can acquire, organize and analyze all their enterprise data to make the most informed decisions.
Oracle Database 11g Product Family
By deploying Oracle Database 11g within their IT architecture, organizations can leverage the power of the world's leading database to reduce their server and storage costs and improve quality of service. Read this white paper to get an overview of the Oracle Database family of products and learn how you can transform your business, budgets, and service levels with Oracle Database 11g Release 2.
Oracle Real Application Testing 11g Release 2
Real Application Clusters with Oracle Database 11g, enables a single database to run across a cluster of servers, providing unbeatable fault tolerance, performance, and scalability with no application changes necessary. This white paper provides a technical overview of Oracle Real Application Clusters 11g Release 2 with an emphasis on the features and functionality that can be implemented to provide the highest availability and scalability for your enterprise applications.
Webcasts »
Enterprise Data Warehouse Appliance (EDW)
Join IDC Analyst Dan Vesset and HP Senior Architect, Jeff Spiller, as they discuss the rise of analytics, the impact of big data and need for scalable enterprise solutions. Learn about the HP Enterprise Data Warehouse appliance, which offers massive scale at low cost for single rack appliances up to large scale Data Warehouses. All while providing a single view of information across your enterprise that scales with your data, improves query performance and reduces IT cost over traditional data warehousing offerings. Featuring Intel® Westmere processors. View the entire webcast or only the chapters you desire.
Appliance video
The first appliance in the industry which consolidates and manages thousands of databases, integrates hardware, software and support and is scalable to meet your changing business needs.
Database Consolidation-SQL Server Appliance and Building Your Private Cloud
Please join guest speaker IDC Analyst Carl Olofson as he discusses Enterprise Data Center challenges and why database consolidation is important and necessary. And hear from HP expert Joe Sullivan, who will discuss the HP Database Consolidation Appliance and how it addresses enterprise industry challenges. Joe will provide an overview of product architecture and details on how the appliance enables companies to build their own private cloud. This webcast will provide the latest information for simplifying your data management needs while reducing costs.
Gaining A Competitive Advantage With Your Data
Fact: The demand to respond faster and with greater insight to business demands, based on data, is increasing. Fact: More organizations are turning to business intelligence (BI) and data warehousing for insightful decision-making.
Leverage automation today to reduce IT complexity
Date: Tuesday, June 5, 2012, 2:00 PM EDT

Whether your B2B complexity is caused by multiple technologies due to M&A, business or application specific needs or traditional under investment, the net effect is usually the same: high cost and lower productivity. Enabling business-to-business (B2B) integration using point-to-point EDI translators is usually time intensive and cost prohibitive.

Join IDC's Maureen Fleming and SAP for an insightful Webcast on the different approaches companies are taking to B2B integration and how you can ask the right questions to reassess you B2B approach.
Delivery Management -- Extending Lifecycle Management
Date: Wednesday, June 20, 2012, 1:00 PM EDT

Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs, project delays, lower quality, and time-to-market delays. Providing a collaborative platform where the whole organization can prioritize, share and manage deliveries with more transparency can help the organizations make more informed decisions at all levels, and greatly improve communications and traceability between teams. Hear from application lifecycle management experts how to increase delivery efficiency and effectiveness with a new approach to Delivery Management.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

How Much Containment Is Enough?

Fast Track your Access to Business Intelligence

Best Practices for Implementing a Data Warehouse on Oracle Exadata

Oracle: Big Data for the Enterprise

Oracle Database 11g Product Family

Oracle Real Application Testing 11g Release 2

Backup and Recovery Performance and Best Practices for Exadata Cell and the Sun Oracle Database Machine

BDW IDC White Paper

An Introduction to the HP Business Decision Appliance

EDW Solution Brief

BDA solution brief

HP Business Data Warehouse Appliance

Mobile Middleware Strategies

Native & HTML5 Mobile Apps: Not an either or, but a where and when

The Evolution of Enterprise Mobile App Development

AlertBoot Case Study

Gilt Groupe Case Study

See Tickets Case Study

STA Travel Case Study

Socialbomb Case Study
Sponsored Links

High performance. Delivered. Click to see Accenture's client successes

Master the cloud with the power of convergence from HP

Connect with IT leaders redefining mobility at the Enterprise Mobile Hub

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Click to see how Accenture has delivered high performance to clients

Complimentary Gartner Report on BYOD: Media Tablets & Beyond. View Now

Elevate storage agility and efficiency with HP 3PAR storage.

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords