Cyber criminals put porn on my website
The Anthology section features some of our best writing for clients. In this piece for Hiscox published in the Guardian, we look at the aftermath of an attack on a business website
AUTHOR: Rebecca Burn-Callander
EDITOR: Caroline Elderfield
Hackers are becoming more sophisticated with every passing year, as one small business owner recently discovered.
When Timothy Moore received complaints from customers that his website was displaying hardcore Russian pornography, he rushed to check it for himself. “I couldn’t see anything,” he says. “The website was loading fine, if a little slow. I thought it was a wind-up.”
Moore runs AMP Merchandise, a London-based agency that creates T-shirts, bags and other products for the likes of Adidas and the Glastonbury festival. Founded in 2009, the business is a two-person band, so it was down to Moore and his co-founder Louise Minter to investigate the issue.
“We get some strange calls at the studio sometimes, so I didn’t think much of it,” says Moore. “But when a longstanding customer rang and said, ‘You really need to check your website, something has happened to it!’ we knew there was a genuine problem.”
The hackers had flooded the AMP website with offensive material, but when it was viewed from the studio’s unique IP address, it still looked normal. “It was very clever,” admits Moore. “It was only when we called friends outside the studio to check that we understood what our customers were seeing.”
When AMP looked into the situation, they found their website had been compromised for almost three months. “The fraudsters had taken over the website to try to get malware on to visitors’ computers,” Moore explains. “Suddenly our emails were being blocked, so we couldn’t send out sales messages and our website was blacklisted by Google.”
Moore sought help from some white hat hackers – coding professionals who use their hacking skills to help prevent online crime.
“We’d been completely taken over,” he says. “I don’t know what we would have done if we hadn’t had friends who could help. We had to go back to a really old backup of our site.”
It took three weeks to get the site back to normal, but even three months later, Google search results highlighted AMP’s website in red, warning: “This website may have been hacked.”
While some customers found it funny, others disappeared for good. “Luckily we don’t hold much customer information,” says Moore. “And we used MailChimp to try to warn as many as possible about the hack. It was so useful to be able to email using a third-party service.”
The website has now been restored and AMP uses a service called Wordfence to protect its WordPress website. “It acts like a firewall, but it can cause problems,” notes Moore.
“Sometimes it blocks our own emails. But Wordfence does have an interesting tool that shows all the attempts to log in to your site. We see four or five hack attempts coming from the US, Russia and all over the Far East every minute. It’s relentless.” These hackers are continually “force testing” all kinds of passwords to try to gain access to the site.
Stephen Ridley, head of technology, cyber and data at Hiscox, warns that no business is too small to be attractive to hackers. “Small firms are seen as a soft target,” he reveals. “They need to build in security at the very start. Make sure all passwords are updated and aren’t used as standard across multiple accounts.”
In the event of a breach, a good insurer will help contain the problem and source IT professionals who can restore the website quickly, with minimum damage to brand or customer relationships.
“Cyber cover is becoming a contractual requirement for companies now, especially where there is a transfer of data,” adds Ridley.
Because of the nature of AMP’s business, it isn’t clear whether they lost any sales during the hack, but the lesson learnt was still a hard one. “Ninety per cent of our sales come in through the website, so the experience prompted us to change our business practices,” Moore says. “We’ve brought back a lot of face-to-face interaction with customers, inviting them to visit us at the studio.
“The website will always be an important sales channel, but the hack showed us how easy it is to disrupt our relationship with customers.”
FURTHER READING: Hiscox case study