Hacking Horror Story…
Joe’s post today was about the importance of backing up your blog, and it’s something which I now realize can never be taken too seriously - only this week another website I write for, Make Use Of, was hacked and the editors blackmailed.
You may read Make Use Of, if you don’t then it’s one of the larger tech blogs dedicated to webware and software reviews and has over 25, 000 daily subscribers.
You hear about hacking stories and security alerts all the time around the internet but you never really expect it to happen to you, however Make Use Of certainly wasn’t taking any risk, I’ll give you the summary of what this hacker did:
A certain Al Ferank of Dubai hacked Aibek, MakeUseOf’s owner and editor’s Gmail account, it’s worth noting that Aibek was using a secure scrambled password of 15 characters, if it’s that easy to gain access to Gmail perhaps their security needs to be looked at.
Within the account he than set up an email filter to forward GoDaddy communications to another email account, using these details he called up GoDaddy directly and identified himself as Aibek, he simply stated the username and password of the account and requested the domain be transferred, this was carried out within the hour.
Viewers of MakeUseOf where suddenly greeted by a static page filled with nothing by paid links and advertisements, editor Mark O’Neil found out via Twitter shortly afterwards and contacted Aibek.
As they where trying to figure out what happened they received a charming email from the man himself:
I said it very simply and very easily !
2 K !
Deal or not ?!
You own the domain I get the money...
Make Use Of was hacked and the domain stolen within an hour, the process of getting it back took significantly longer:
Aibek contacted NameCheap – the hosting company the domain had been transferred too and they agreed to lock the domain down while they and GoDaddy investigated the situation, although they warned it might take between 20 hours and 3 days. In the end after much back and forthing between Aibek, GoDaddy legal and their PR department the whole process of getting the domain back took about 15 hours, getting MakeUseOf online again took another day or so.
I can actually think of no way this could have been avoided on MakeUseOf’s part, however I definitely think Gmail needs to look at their security measures, obviously a ‘strong’ password isn’t strong enough.Advertisement