When LulzSec attacks: A survivor's story
Security start-up Unveillance fell prey to LulzSec. In this interview, founder Karim Hijazi talks about how the hack unfolded and what lessons he sees for companies.
By Robert Lemos
June 10, 2011 — CSO —
Between LulzSec's hacking of major organizations, such as Sony and PBS, the group found time to go after the four-person startup Unveillance. On June 3, the vandals posted documents from Unveillance CEO's Karim Hijazi as well as a recording of a conference call that they managed to join.
In this interview with CSO contributor Robert Lemos, Hijazi discusses the breach and what lessons he takes from the incident.
CSO: When did you first find out what had happened?
Hijazi: We sensed something impending. There was a lot more activity based on the logs. We instituted some strong security measures that were really intense, meaning whitelisting the access to the environment entirely, which means that you had to be explicitly known to get in. And that completely stifled any effort to get in to the systems. And then I guess they started working on my email environment, because that was not hosted by me, but by Google. Yet, again. They were able to solicit my work email and what they claimed to be my personal email as well. My mistake was not using two factor. The facility was available. I'll be really honest, had I used that, it may have been a different story. The problem is that ultimately, these guys were pretty adamant about trying to get in. There are a lot of accusations made here, but the reality is that they were extorting me, whether for money or for our botnet intelligence.
When did LulzSec first contact you?
We sensed some strange activity prior to the 25th of May, but the official first contact, if you will, happened late in the evening on the 25th at 3 a.m., so very early morning on the 26th of May. And it was an email that came in via a Hushmail address that was fairly ominous, that had in the subject line one of my passwords. It got my attention, basically. It was a very innocuous first email, but scary enough to make me pay attention. It was, "Let us talk."
Any other signs, besides the log traffic, that something was going on?
The only reason I wasn't caught off guard was because earlier that evening, I could tell that my emails were going from "unread" to "read" and back to "unread." So, I knew something was up.
I went into Google's Web interface and they have a facility to show which IPs had hit it, and that is when I discovered that the iPredator VPN had dinged my email. And so I knew something was up. It's a free VPN tool out of Sweden that is notoriously anonymous. The encrypted VPN helps them obfuscate themselves quite well. That is what spurred me on to change the passwords on my email and go through my security checklist right then.