Slitherine

quote:

Dear Readers and Friends of The Wargamer.Com,
I wanted to take a moment and communicate with you as to the current outage on Wargamer.com, PiesTactics.com, and 10-David.com, beginning this past Sunday, December 8, 2002.

Late Saturday evening we were the victim of a defacement attack by hackers, exploiting a Microsoft Front Page vulnerability. By the time we rallied staff and figured out what was going on, it was Sunday midday and significant defacement and replacement of content files had taken place and was continuing as we watched.


Despite reasonably prudent security measures and regularly applied patches, service packs, and security updates, these hackers managed to access our server and disrupt our operation during a unique window of time and vulnerability. Since we were unsure as to the exact nature and extent of the compromise, I made an executive decision to pull the server from the network immediately, taking all our websites offline, and halting the defacement.


I then engaged the Federal Bureau of Investigation as well as the San Francisco-based security consulting firm, Procinct, with whom I have been working as part of my regular "daytime" job. (In an ironic twist of fate, we had planned for a full vulnerability assessment and subsequent security monitoring to start sometime before Christmas, after a much needed RAM upgrade scheduled for December 13th, 2002. They say timing is everything, and obviously ours was off this time.)

Inside a few hours, Procinct was able to determine the nature of the attack, the means of penetration, and even provide detailed information as to the identity of the initial attackers, who are apparently based in Brazil. Unfortunately hacking and web defacement is treated very casually in that country, limiting our options for criminal or civil action at this time. We are, however, continuing to cooperate with the FBI in their full investigation and will pursue every civil or criminal option that appears prudent to assist us in recouping cost and as deterrent to preventing such attacks in the future.

Procinct also provided us with very sound system-hardening advice, which we will use to completely rebuild our servers and eliminate the chance of hidden files, Trojans, or other culprits that could wreak further havoc. Finally, we will upgrade the operating system, web server versions, and system RAM for overall better performance. As soon as we feel confident the system is stable, hardened against external attacks, and monitored for security attacks and breaches, we will go back online. We tentatively plan for this to be on Saturday, December 14th.

As you can imagine, significant costs such as a loss of time and materials resulted from this attack and there is an additional level of protection now obviously needed. Since we barely got started toward our December fund-raising for donations under the honor system and our ability to sell and serve banners this week has been undermined during a critical holiday window, our financial situation is pretty tight. If you enjoy our web sites, I ask you to please help us get back on our feet quickly by contributing financially under our current honor system, once we go back online. We'll give away some free games to random donations as soon as we've rallied the wagons and restored / replaced any damaged / missing content, so we can move forward and take these life's lemons, turning them into lemonade.

There is one last item I wanted to address, since security, hacking, and financial contribution usually go hand-in-hand as a matter of concern, is how we store your financial data. The short answer is that we do not. Currently not only is all your data encrypted from our site whenever you donate through our website, but the actual financial data never enters our system and is kept within the secure servers of Authorize.net, a high quality financial institution that specializes in secure online commerce. I can say with complete confidence that all donation details of relevance have been completely unaffected by this incident and will continue to remain safe --- in fact, with our new system hardening, they will be safer than ever.

Thanks for your ongoing support and patience. If anyone is running Windows-based servers and has security concerns, please feel free to contact me directly at [email]kroll@wargamer.com[/email]. I'll be glad to put you in touch with Procinct for their consulting and security monitoring services, point you to some Microsoft security recommendations offered to me, or offer similar information, if that is helpful to you.

Sincerely,

Mario Kroll
CEO, Publisher, and
VP of Marketing and Business Development
The Wargamer Network

Ross Moorhouse

Project Manager
www.csosimtek.com
Email: rossm@csogroup.org