To get in touch please send us an email via the contact form

All posts in Security

08 Apr 2015

The dangers of a sulking contractor or employee

As ICT (Information Communication Technology) professionals clients put their trust in us to do a good job. Most of us work hard for our clients and seek to give them the best value for money. Some, as we know, bring the profession into disrepute and its not just from shoddy work. Within thirty seconds a petulant employee or contractor can cost you thousands, but how do you protect yourself?

In my years working in ICT I recognise that you have good times with clients and you have bad times with clients. Build a strong relationship and you have them for a long time. Sadly though that doesn’t always work out as personnel changes and changes in circumstances within a client company can mean that, through no fault of your own, your relationship ends. Then of course there is the time the client outgrows your ability to support them.

I have learnt many things about people and seen much unprofessional behaviour over my years as an ICT consultant and I have often warned clients about the dangers of placing too much trust in one solution or one area. I also find myself having to advise clients to consider the possibility of a failed relationship and the damaged that can ensue should a former employee or contractor decide to wreak havoc or vengeance. Not a message the client wants to hear because after all they trust us and so do not want to believe such things happen.

Let me relate one such tale which illustrates this point exactly. It emphasises the need to have your own backups of all the data and content of the website at all times and not rely on the website contractor, designer, or other parties to maintain them for you.

Recently a company that I have done business with for a number of years, but don’t do contracted consultancy for (so they have not received security assessments or briefings from us) got themselves into quite some difficulty just because they didn’t renew the support contract with their web developer.

I was aware that the web developer had been causing trouble for some time. Not delivering and narrowing the options of the client unnecessarily. I supported them in finding an alternative developer and I suggested strongly to them that they allowed this developer to get in place before they sacked the existing one. For reasons of their own they didn’t do that, however they did ask my support in changing passwords and locking out the existing developer. They assured me that he had been fully paid and that has proven to be the case. They simply did not want to renew his support contract which was due as is of course their right and they had not yet concluded their deal with their new provider. The client was concerned that this developer would be unhappy about it and they proved to be very right.

In providing the initial advice to them, and at their request, I had researched the particular CMS that was in use and with the support of other ICT professionals that were familiar with, indeed expert in it, and know to me and trusted by me, I developed a strategy to transition to another developer to take over. However I wasn’t expecting the following outcome.

The developer had completely taken over the site by, over time, changing notify information, contact information and some ownership details. This meant that when I changed the cPanel (gateway) password he was automatically and immediately notified by the service provider and he by his own admission logged in giving him access. According to the ISP he also changed the passwords by means of a lost password request and while he was at it he was deleting critical configuration files, logs and the contents of system files and CMS users from the database causing a cascade delete of data and so a lot of the website content was gone. In short, the website no longer worked any more!

When you get these situations you have to ask “What could I have done differently?” Not much against someone who was so determined. Changing the notify information would have tipped him off in the same way and he could easily lock me out by changing the master password that the client gave me. In any case it is not so easy or quick to do and it was not visible and had to be changed by the ISP, so I could not have been aware of it. Taking a complete back up of the system in advance would also have alerted him and although I had some backups and some information I by no means had it all and would have required the website to have been taken down for some time as it is relatively huge.

The developer gave himself away that he had been on the site by admitting that he had removed his google analytics and some fonts so his presence there is without doubt. He also gave himself away by his other comments to the client including an almost preemptive list of things that we now had to do, followed by a “see I told you so” taunt email or txt when it had been done, some at 9.45 pm. Each intervention by text to the client declared with certainty what needed to be done with unerring accuracy. Something he could not have known once, with the help of the ISP, we had secured his inability to connect unless, of course, he had been guilty of the cause. However when he finally gave up the backup of the data he had spiked it with extra code meaning it didn’t work and had broken a routine that the client was currently relying on.

Needless to say that cunning plan” didn’t completely work as the site is up and running and the client and ourselves are licking our wounds from the three day war that we ended up in because of an unprofessional and petulant developer who had lost the client long before he chose to wreak revenge because he was no longer employed.

So here is my simple advice on how to avoid most of the above happening to you in the future:

Enter into a contract with your developer requiring him to deposit an up to date copy of the database into a site where he has write only access. Check that it is done regularly and have it tested to make sure it works occasionally. Check that they have done it often and pull them up if they don’t do it.

Keep the copies so that you have the latest working backup to hand and several from before. It’s not fool proof but I suspect that 90% plus of the issues we faced would have been circumventable with more ease if the client had done this. Slightly paranoid? Possibly but how important is your website these days? What is more how many of you have access to and a sound relationship with, a Professional company such as ourselves who are capable of responding to such events?

03 Jun 2014

Major Security Threat

Posted by with - in Security Read More →

If you are not already aware there has been a very serious virus threat detected, but fortunately there is something we can do about it. (http://www.bbc.co.uk/news/technology-27668260). This comes in the form of a Bot-Net. I won’t bore you with the details of how this particularly nasty piece of malicious viral software works, but essentially it will lie dormant until a preset date, then it wakes up and becomes active, which will be in about 2 weeks. (http://thenextweb.com/uk/2014/06/02/uks-national-crime-agency-two-weeks-protect-gozeus-cryptolocker-malware/)

When this virus activates it will encrypt all of your personal files and force you to pay the virus owners money to unlock them and / or access your personal / corporate bank accounts if you use online banking and then fraudulently transfer your money out of your bank accounts into their own.

We implore you to take steps to prevent a potential disaster to your company. Any Windows based computers should be protected immediately, if they aren’t already. Please make sure that all Desktops / Laptops and Servers have up-to-date Anti-Virus software as well as Anti-Malware software. We currently recommend Avast Anti-Virus protection as well as Spybot S&D for malware. Once you have updated and scanned your machines we also recommend you use a specially designed scanner to scan for this specific virus. On the website (http://www.getsafeonline.org/nca/) is a compiled list of BESPOKE scanners. We recommend the Symantec scanner found here (http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network). Symantec are a well known and trusted Anti-Virus company. This link will explain more about the scanner, but effectively you download the file and open it and follow the instructions and it will scan your computer for the virus in question. If found it will act appropriately. If you do not get on with this scanner we can help you with it or try one of the other ones from the list.

If you need any help at all with any of this please get in contact with us.

12 May 2014

Security Concerns

Posted by with - in Security Read More →

Now more than ever we need to be with security. Security of our data and our preferences but especially the data of our clients. Since the internet was invented people have dedicated their time to breaking and disrupting computers that are connected to it. To combat this network administrators have also dedicated their time to prevent these attacks. The continual battle between ‘white hats’ and ‘black hats’ has lead to more advanced technologies for protecting the ever increasing amounts of data that people and companies store. Eventually newer and more powerful defensive technologies are created to defend against hacks and attacks that seem almost impenetrable. The black hats will eventually find a way around these it is just a matter of time.

Over the course of the last decade HTTPS has become used more and more, being seen as the most secure method of transmitting secure data. However after a combined effort from researchers from UC Berkley and Intel Labs they have discovered HTTPS isnt as secure as everyone once thought (http://www.net-security.org/secworld.php?id=16485). They showed how anyone can intercept and analyze data using this protocol with accuracy around 89%. Fortunately for us they have already begun working on the next level of security, “they have thought of several defense techniques which, if implemented, can drastically reduce the accuracy of such an attack”. As I said earlier the constant digital war promotes growth as each side races to outdo the other.

Here at Semaphore we are always very concerned with our clients data, we will do our utmost to enable you to secure it. With backups in case of damage or loss, appropriate security measures to keep your data safe and making sure all of your passwords are the most secure they can be.

With our help your company can be the most secure and protected that it can possibly be, but this can only be achieved with your help. We all need to work together to stop the bad elements.