On Monday this week, Connect.com.fj was apparently hacked by someone (or someones) who have issue with the company or for whatever reason, wanted to demonstrate their skills. It's been an interesting thing to watch the reaction.
To begin with, I have to give some credit to Connect Fiji for their corporate response. Although it took over two hours (!!!), they did openly admitted to the breach and did their best to reinforce to customers that it was just the website which was hacked and no customer data or network services were interrupted. Articles about the hack appeared in multiple news sources around the country. That, in itself, is a pretty far cry from the kind of response Connect would have provided just a few months ago when their previous executive team was in place. At that time, and for the 8+ years prior, the company communicated very little to it's customers about problems and issues with its services unless and until they had to. At least, that's my opinion. For a communications company, the irony that they were piss poor communicators should not be lost on anyone. They have improved significantly and that's been demonstrated by this one event.
So their site gets hacked and they spring into action, taking the site down, reinstating the links to webmail services and sending out a communication to its entire customer base, acknowledging the breach and explaining what they were doing.
Monday, February 1, 2010 Dear Connect Customer, Please be advised that our corporate website was hijacked and our engineers are working to restore the site. There is no effect to the provision of internet services or to our email, hosting and customer data bases. This was an isolated incident and Connect is currently reviewing our security measures to ensure that we manage such intrusions more effectively in the future. Please contact our Customer Services on 330 0100 or follow us on Twitter <https://twitter.com/connectinternet> or Face book <https://www.facebook.com/pages/Connect-Internet-Services/234773120059?ref=ts> to keep to date on the latest information regarding our service.
This is not bad at all and is actually a fairly decent template for any company which faces an information security breach and needs to communicate something to it's customers. Acknowledge, address, respond and plan for the future.
I think the response breaks down slightly when actually visiting the Twitter and Facebook accounts, to be honest. So soon after this security issue, the latest tweet on their Twitter page references a craving for noodles and hot bread.[UPDATE: CONNECT has since removed this tweet. Too bad.] Either the account should be used for network/services status or it should be used for personal musings. I don't think it should be used for both and I'm certain that if I was a Connect customer with a service issue, I wouldn't be interested in the latter. But I digress...
The public response that I saw, not surprisingly, was grinning and sarcasm directed at the company. Everywhere I've ever lived in my entire life, the local telecom company is hated and Fiji is no exception. They are the largest Internet provider with the most customers so by default, they are going to have people whinging about things. It has always been like this and will always be like this as long as they're around. At the end of the day, however, there's very little that is funny about a website being hacked and I write that representing a company who manages websites and web servers for many of Fiji's largest organisations. The last thing I want to see is a client's web server compromised because some person somewhere gets bored and wants to prove that they can do it. Frankly, it's an irresponsible way of proving the existence of skills. If there is an opening in a web server's security, the responsible thing to do would be to simply let the business know about it (and even try to upsell your own security knowledge as a consultant). Trying to embarrass a company, however, is juvenile.
My own initial response to this hack was to check that Oceanic's own servers were not being threatened. We have, in the past, also been victim to attempted intrusions to some of our larger client sites in the form of DNS attacks and related activities. They're not fun and end up wasting a great deal of time and causing lots of stress. I'm certain that the few other web hosting companies in Fiji would agree that having servers attacked is not enjoyable.
Not that it really makes a difference but Connect's website was developed by an Australian company last year and for all I know, is still being hosted by those guys. Although it may be Connect's responsibility, if the site is not hosted by them, then the Australian company should have some explaining to do. Also, "hack" could mean something as simple as an ex-employee having access to a server password versus an actual technical intrusion. People should keep that in mind before assuming that Connect's entire systems are somehow not secure.
At the end of the day, there was clearly a breach somewhere and Connect is being forced to manage it. Their first reaction via communication was actually a good one...they should probably have their site back up and running by now or, at the very least, provide some information on their webmail page about why their site is not there. They should also rethink how they're using Twitter and Facebook to communicate to their customers. I'd like to see similar activity from all the infrastructure providers in this country to do the same.