Places to go when you are attacked online
It became obviously clear that an individual was attempting to force themselves into one of our clients web sites Sunday night. Luckily, we caught the individual in the process and quickly followed procedures to make sure that they weren’t able to access any information they weren’t welcome to. Here is the process that we followed to make sure our systems remained secured:
- Make darn sure you have the access logs showing every step of the process the attacker took. If you can, make a backup of the backup and place it someplace else. This is your hard evidence that something fishy took place. You are going to need to know what IP address the attacker is using.
- Block the user out of your entire network at your corporate (or personal) firewall immediately.
- Use ARIN to find out where the attack is coming from (http://www.arin.net). ARIN will provide you with some useful information, such as the Internet Service Provider of the IP address that the attacker is using, and who to contact to report the abuse.
- Use the contact information you find in ARIN to contact the ISP to alert them of the attack. Depending on who the ISP is of the attacker, you may or may not receive a response back.
- Gather up all information you have about the attack and send a fairly detailed description of the attack to your local FBI office (http://www.fbi.gov/contact/fo/fo.htm). Remember to include information such as the access logs showing the attack or attempted attack, potential damage caused by the attack, contact information for getting in contact with you, and any additional information you can think of.
If you want more information on what to do, the Department of Justice has information on how to handle all different types of attacks, including hacking attempts. You can find this information here: http://www.usdoj.gov/criminal/cybercrime/reporting.htm
