Business
Members
Advertisement
Photos Categories
Rules of engagement
Take time to review our rules of engagement on this site. Basically, we have zero tolerance to insults.
Learn more
Learn more
1 of the 25 banks in Nigeria gets hacked into - lesson for all
Posted by Afam on August 30, 2007, 3:59 pm
Viewed 32 times
As the official website of one of the 25 big banks in Nigeria gets hacked it is now another reason to revisit the issue of website owner's interest on what happens on their websites.
A visit to the website simply displayed the following message - hacked by darkdewil&Cazanova//1923turk -Grup
Server hardening seem to be taken for granted in this part of the world as many are just cool with the default configurations of servers or any communication tools for that matter.
While default configurations work just fine for the first time user it is certainly not enough, in fact the idea behind most default configurations is to make the end user equipment easy to setup the first time. Once the equipment is setup it is the duty of the administrator to take steps to protect the equipment from abuse, viruses, threats (both within and from outside) etc.
Now, on the web many (including myself) rely on servers sitting in some developed nations. The major reason for this being power supply and reliable bandwidth. Today I see bandwidth as the major problem as one can easily setup a backup for up to 5 days incase of power failure.
So, that leaves the majority of websites at the mercy of what the web hosting companies do to harden their servers against threats and intrusions like the one that just happened to this bank website.
I do not know if only the website with basic information has been hacked into or if it includes any database that may store sensitive financial and customer information. If the case is the later then there is a huge problem as those behind the hacking will definitely do something with the information they may find.
Can this be prevented? Yes. Corporations and even small and medium scale businesses should get proper professional assistance to harden their servers even with intranets or outsource this task to companies dedicated to providing protection against all manner of threats.
The following steps can be taken to quickly get the site up and running
1. Change the DNS information to point to any existing record but the one pointing to the hacked site
2. Setup a hosting plan with new DNS records
3. Transfer everything back to the new site (this assumes that the bank had a good backup program)
4. Change the DNS information to point to the newly created site. 4 hours is enough for the same domain name to point to the new site and in the process bypassing the hijacked website.
Just like they say, it is usually a difficult task to justify huge spending on disaster recovery plans since it takes a serious problem to highlight the real impact of a major computer or network crash.
I hope others will learn from this unfortunate incident and allow professionals to help them as IT is not the type of industry why eye service can work because it is either something is done right or done wrong, there is no middle ground here.
Comments
No comments yet. Be the first to comment on this article.Post comment
You must be logged on to post your comment. Not a member yet? Login or Register, it is fast and free.