Monday, May 16, 2011

How I was hacked, and how justice was done.

Two years ago my web-hosting business was annihilated by a malicious hacker, and as a result was out of action for a considerable amount of time.  This happened after a period of extreme 'hardening' (securing) activity had been carried out by myself and my infrastructure providers.  At the time I tried to explain to my clients just how extraordinary this attack was in light of the phenomenal efforts (and not to mention hours) I had put in tightening the security on the server.  The impact of this attack was exasserabated by a mocking email I received at the time of the final attack from the lead attacker - a person calling himself 'Colonel Root'.

This attack was viewed as particularly grave by the Metropolitan Police e-crime unit and as a result they launched an intensive investigation.  Last Friday as a direct result of the evidence we were able to gather following my own fast thinking (in shutting down the server), and as a result of the remarkable work carried out by The Metropolitan Police two individuals (Zachary Woodham and Louis Tobenhouse) were sentenced for this crime.

This attack severely damaged my professional reputation and directly led to me having to give up my hosting business.  In addition to the financial impact this attack had the complex loss of service that it caused also irrevocably damaged some very long standing relationships I had with clients.

Now that this horrid case has reached a conclusion I owe a huge debt of thanks to the astoundingly understanding and dedicated team at The Metropolitan Police Central e-crime unit, my infrastructure provider (who was taking a well-earned break after recovering from cancer at the time of the attack) and also to a business associate who kindly put me in touch with a world-leading security industry expert who was able to assist me in gathering the evidence needed to bring these criminals to justice.  You know who you are, and I am forever in your debt.  I am also extremely grateful to clients who assisted in this investigation by being willing to give statements to the police.

The Metropolitan police have issued an official statement on the conclusion to this long and difficult case on their website -
http://content.met.police.uk/News/Teenage-internet-hackers-prosecuted/1260268939286/1257246745756

There is no victory to be had here, the last two years have been horrific and deeply upsetting on many levels, and I sincerely wish the entire episode had never happened.  I was (and still am) a stranger to my attackers, this was a vicious and malevolent crime that appears to have been motivated purely by random malice.  That being said I am pleased that Zachary Woodham and Louis Tobenhouse will not be going to prison; instead they have been given an opportunity (via their community service orders) to do something positive and constructive.

Cyber crime is grossly damaging British business, and it is encouraging to knew that The Central E-crime unit are hot on the heels of those who wish to destroy the hard work of companies who ultimately are just trying to get by in the current difficult climate.

Part of the evidence/ witness statement used in court was this blog post written a few months after the attack - http://lawsie.blogspot.com/2009/08/to-you-hacker-my-attacker.html

Press coverage


NOTE - I would like to make it clear that while my involvement with PunkyHosting.com came to an end it is still very much a going concern.