Have you ever watched one of the cyber crime tv shows such as CSI:Cyber or Scorpion and wondered how much of it is fact and how much is fiction?
Since Monday January 11, 2016 our Sherwood Park Gyro Club website — spgyro.org — has been under what is termed a “Password Guessing Brute Force Attack”. There have been 43 unsuccessful attempts to guess the password and logon to our website. Thanks to the information provided by Sucuri Alert, the security firm that the Club hired to monitor our website after being hacked back in October of 2015, we know the IP address used in each attempt. (An IP address is the internet world’s equivalent of a telephone number.) And, we know the userid that they attempted to logon to.
Using tools freely available on the internet, I have been able to determine that all but 1 of the 43 attempts originated in Russia. The one that didn’t was from Indonesia. In fact, we can trace the exact location of each attempt, eg.
When I was in high school we were taught the 5 W’s of good journalism — Who, What, Where, When, Why, and How. We now know what (unsuccessful logon attempts), where the attempts are originating from (locations in Russia centring around Moscow) and when (starting January 11 @ 11:49 PM) the attempts were made. What we don’t know is who or why.
Was it the KBG wanting to spy on the Sherwood Park Gyro Club? Not likely, I think they have more important things to do. Was it some lonely Russian teenage nerd camped in his bedroom looking for attention. Based on the number of different locations where the attempts originated from, not likely. Some of the attempts have originated from what we would consider the equivalent of our internet cafes or McDonald’s free wifi hotspots.
My guess, again; based on the locations where the attempts have originated from, is that it is a group of young Russian university students either working on a computer security class assignment (highly unlikely) or much more likely that same group of likely male students have a bet on as to who can “hack” in to the largest number of websites in a given period of time.
Why is all of this of concern to the Sherwood Park Gyro Club? The last time the Club website was hacked back in October of 2015, there was an attempt to install a “redirect” on the website.A redirect is used to redirect someone to a location other than that which is shown usually for nefarious reasons such as phishing (phishing is form of fraud where a user is “redirected” to a website where the user is duped into revealing personal or confidential information which can then be used for illegitimate purposes.) To prevent this from happening again, the Club hired Sucuri Alert to monitor our website 24/7/365.
What is our next step in this cyber chess game? Sucuri Alert is in the process of installing a “cloud firewall” on the site which will block all access attempts from Russia. Hopefully this will result in “checkmate” and I will be able to get some sleep.