Distribute.IT cyber attack prompts backup warning

A massive cyber attack on web hosting company Distribute.IT has resulted in the loss of more than 4800 Australian websites, prompting stark warnings for start-ups without data backup.

Distribute.IT has belatedly revealed the full impact of the attack, which supposedly took place on June 11, confirming data belonging to more than 4800 accounts has been destroyed.

The company has labeled the attack a deliberate attempt to take down the Distribute.IT business, with the hackers setting out to damage the company’s systems as extensively as possible.

“While every effort will be made to continue to gain access to the lost information from those hosting servers, it seems unlikely that any usable data can be salvaged from these platforms,” the company wrote in an online update.

“Our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data.”

The company advised customers that it no longer had sufficient resources within its web hosting platform to transfer the affected domain names and accounts that were using the shared servers.

“This leaves us little choice but to assist you in any way possible to transfer your hosting and email needs to other hosting providers,” it said.

Distribute.IT is understood to have a number of resellers located throughout Australia who have also been affected by the hack.

Rob Forsyth, director of the Internet Society of Australia, believes tougher laws are necessary to force companies to tell users their information has been stolen or destroyed.

“I think Australia continues to need mandatory disclosure legislation, which has been suggested in law reform recommendations and has also been recommended by the privacy commissioner,” Forsyth told News.com.au.

He said the security violation appeared to be a result of lax security.

“It seems really that there were inappropriate security settings within a number of their databases. It appears that some of the data was not encrypted and, once the servers were cracked, was available in clear text.

“I would imagine that many of the users of this service would be keen to see someone brought to account.”

Milan Rajkovic, who runs hosting and domain name register company Milan Industries, says he has already lost clients over the debacle.

“We use Distribute.IT as a wholesale domain provider, although we have our own infrastructure,” he told SmartCompany. “It has caused us to lose two clients now, because we can’t make any changes on domain names.

“We had signed up a few new clients just on Friday before the attack, and were going to set them up on Monday for email services and so on. Of course, when we went to assign IP addresses, it couldn’t be done.”

The issue has generated an extensive thread on online forum Whirlpool, with more than 75 pages of complaints and discussion.

One user wrote: “Why didn’t [Distribute.IT] have outside tape backups? How can a company with six large shared web servers not even bother to do that?”

But another user said people affected by the breach needed to accept some of the blame.

“If you are so worried about your backups, you should have checked them yourself, done them yourself or paid for a backup company with an SLA to back up your data and pick up your tapes and provide backup reporting,” the user wrote.

“The main lesson is it doesn’t matter what server you are using – if you personally have not checked the [backups], then it doesn’t matter who backs up your data.”