Originally published Sunday, January 1, 2012 at 5:00 PM

Hacking fix must be done fast to limit damage

Time is of the essence for computer security and forensics firms responding to breaches.

The New York Times

No comments have been posted to this article.


In the film "Pulp Fiction," Harvey Keitel plays the Wolf, a fast-talking and meticulous man who is called in to deal with the aftermath of an accidental shooting.

In the messy world of computer-security breaches, Kevin Mandia is something like the Wolf. Mandia has spent his entire career cleaning up problems much like the recent breach at Stratfor, the security group based in Austin, Texas, that was hacked over the Christmas weekend.

Hackers claiming to be members of the collective known as Anonymous defaced Stratfor's website and published more than 50,000 of its customers' credit-card numbers online. They have threatened to release more card details and a trove of 3.3 million emails between Stratfor and its clients, which include Goldman Sachs, the Defense Department, Los Alamos National Laboratory and the United Nations.

That means Stratfor is in the position of trying to recover from a potentially devastating attack without knowing whether the worst is over.

"They're in a bad place," said Mandia, who is not involved in the Stratfor case. "If the attacker is going to release their emails, there's no way to shut them down."

Stratfor joins a list of other hapless prominent organizations that have recently been breached by so-called hacktivists — hackers whose goal is to embarrass or expose them.

Mandia's computer security and forensics firm, Mandiant, has responded to breaches, extortion attacks and economic espionage campaigns at 22 companies in the Fortune 100 in the last two years alone, Mandia said.

Time is of the essence.

"Every minute you take to figure this out, you could be losing more emails and more credit data," he said. The goal is to determine quickly the "fingerprint" and scope of the intrusion, Mandia said.

The first thing a forensics team will do is try to get the hackers off the company's network, which entails simultaneously plugging any security holes, removing any back doors into the company's network that the intruders might have installed, and changing all the company's passwords.

Once the network has been secured, a forensics team will comb through a company's data to determine the impact of the breach so it can begin notifying affected customers, determine its liability and try to get ahead of the news cycle.

But in a hacktivist case like Stratfor's, in which hackers are threatening to disburse more data, Mandia said "you just have to sit back and hope."

News where, when and how you want it

Email Icon


NDN Video