Monday, May 16, 2011

How I was hacked, and how justice was done.

Two years ago my web-hosting business was annihilated by a malicious hacker, and as a result was out of action for a considerable amount of time.  This happened after a period of extreme 'hardening' (securing) activity had been carried out by myself and my infrastructure providers.  At the time I tried to explain to my clients just how extraordinary this attack was in light of the phenomenal efforts (and not to mention hours) I had put in tightening the security on the server.  The impact of this attack was exasserabated by a mocking email I received at the time of the final attack from the lead attacker - a person calling himself 'Colonel Root'.

This attack was viewed as particularly grave by the Metropolitan Police e-crime unit and as a result they launched an intensive investigation.  Last Friday as a direct result of the evidence we were able to gather following my own fast thinking (in shutting down the server), and as a result of the remarkable work carried out by The Metropolitan Police two individuals (Zachary Woodham and Louis Tobenhouse) were sentenced for this crime.

This attack severely damaged my professional reputation and directly led to me having to give up my hosting business.  In addition to the financial impact this attack had the complex loss of service that it caused also irrevocably damaged some very long standing relationships I had with clients.

Now that this horrid case has reached a conclusion I owe a huge debt of thanks to the astoundingly understanding and dedicated team at The Metropolitan Police Central e-crime unit, my infrastructure provider (who was taking a well-earned break after recovering from cancer at the time of the attack) and also to a business associate who kindly put me in touch with a world-leading security industry expert who was able to assist me in gathering the evidence needed to bring these criminals to justice.  You know who you are, and I am forever in your debt.  I am also extremely grateful to clients who assisted in this investigation by being willing to give statements to the police.

The Metropolitan police have issued an official statement on the conclusion to this long and difficult case on their website -
http://content.met.police.uk/News/Teenage-internet-hackers-prosecuted/1260268939286/1257246745756

There is no victory to be had here, the last two years have been horrific and deeply upsetting on many levels, and I sincerely wish the entire episode had never happened.  I was (and still am) a stranger to my attackers, this was a vicious and malevolent crime that appears to have been motivated purely by random malice.  That being said I am pleased that Zachary Woodham and Louis Tobenhouse will not be going to prison; instead they have been given an opportunity (via their community service orders) to do something positive and constructive.

Cyber crime is grossly damaging British business, and it is encouraging to knew that The Central E-crime unit are hot on the heels of those who wish to destroy the hard work of companies who ultimately are just trying to get by in the current difficult climate.

Part of the evidence/ witness statement used in court was this blog post written a few months after the attack - http://lawsie.blogspot.com/2009/08/to-you-hacker-my-attacker.html

Press coverage


NOTE - I would like to make it clear that while my involvement with PunkyHosting.com came to an end it is still very much a going concern.

      6 comments:

      1. Anonymous3:41 pm

        I am glad you have come through this Andrew and it shows what a wonderful, caring person you are to be glad for the punishment they received when so many could and would expect much more. I never knew you were going through this and it does make me sad to read it, but I am happy it is behind you now.
        Chin up fella ;-) x

        ReplyDelete
      2. Anonymous5:47 pm

        Hou sound like someone has died.

        ReplyDelete
      3. I'm really glad I found this after covering the story for the Web Host Industry Review today. I think this is a really honest reflection of the ordeal from the point of view that isn't usually covered in the media. I know you tweeted you would stop talking about it, but I'm hoping you might be up for an interview this week as I'm writing a feature on web hosts and their involvement in cybercrime investigation. The US is moving towards harsher punishments for hackers, and I would be interested to learn your take on this as someone who has gone through it, and maybe learn a bit about what you went through.

        If you are interested, please let me know by emailing me at nicole@thewhir.com or DMing me your email (@NicoleHenderson). Thanks!

        ReplyDelete
      4. Good for you, Andrew. And all the more thanks for your generous and invaluable help when you sorted out my own much more minor but still horribly stressful hacking incident recently.

        ReplyDelete
      5. good for you mate mine were also hacked recently and also have jacked in the trade for now! luckily i had back ups to provide the customers with and provided new hosts and support. Andrew you are a greater man than I especially with your CofE upbringing no fire and brimstone retribution for these buggers - i am amazed. chin up fella - Welli

        ReplyDelete
      6. I'm glad to hear someone getting prosecuted for hacking. It's amazing what some people do to get their kicks! Well done for tracking them down and bringing them to justice. Best Heidi T-Shirts.

        ReplyDelete