NTEN Change Issue One: March 2011 : Page 38
WHAT WOULD YOU DO? You’re an Accidental Spammer: What Do You Do When You’ve Been Hacked? Digital Dispatches from the Desk of Gavin Clabaugh NTEN: CHANGE · MARCH 2011 · PAGE 38
What Would You Do?
You’re an Accidental Spammer: What Do You Do When You’ve Been Hacked?
EFFECTIVE IT MANAGEMENT IS MORE ABOUT WETWARE THAN IT IS ABOUT HARDWARE AND SOFTWARE. IT’S ALL ABOUT MANAGING THE INTERSECTION OF TECHNOLOGY AND THESE RATHER STRANGE THINGS CALLED PEOPLE. MOREOVER, IN THE FORMULA OF HARDWARE + SOFTWARE + WETWARE, THE TECH IS EASY; THE PEOPLE ARE TOUGH.
We know what to expect from the tech, but people come with foibles and idiosyncrasies. People will surprise you. They will do things with tech you never imagined. They will do things you’d never expect.
Because people are so ingenious, nothing is foolproof. If you think otherwise, Pollyanna is going to bite you in the butt. Avoid that bite by thinking the Unthinkable; by imagining what might go wrong and planning ahead.
Scenario: Spam, spam, spam, spam, spam, bacon and spam.
The following is real (or should I say, sottovoce, the following events occur in real time). The names have been changed to protect the paranoid.
Suddenly you’re a spammer.
One of your web servers has been hijacked and has been sending out hundreds of thousands of messages from some fellow named “Wilson.” Wilson is offering a “Free Video on how to earn $251,283” from something called an “affiliate strategy” with, of course, links. The links connect to a malware site that installs a drive-by Trojan. It’s been going on for a few days, at least. And, now, all of your messaging queues are overflowing with bounces and undeliverables (and nasty notes from former friends and colleagues).
Moreover, your bandwidth is pegged as the poor abused SMTP server loops through the other eight hundred thousand pending messages; seemingly unable to deliver anything to anyone, including all the bounce back notifications, which are, in turn, generating more and more notifications. Everything is spinning out of control. It’s a server gone rogue.
What happened? It seems your baby steps into the world of user-generated content and social networking have turned on you. Perhaps that innocuous “Share this Page” widget on your web site—through no fault Of your own—has been turned to the dark side. Perhaps it’s something else— regardless the cause, some ingenious script-kiddy has turned the tables and suddenly you’re responsible for thousands upon thousands of spam messages.
If that’s not bad enough: right smackdab in the middle of every [*ahem*] message is a reference to your web site, testimony to the time you spent setting up those nice tag lines “Follow us on Twitter” and “Friend us on Facebook.” Worse, there are a couple of thousand anti spam- bots gunning for you now.
As a result of this mayhem, your email service has been blacklisted by every anti-spam system in the universe. Your email reputation is so far in the toilet that no one will accept delivery of your email. Staring at your rogue server, you consider “pulling a Palin” and quitting right there. All the while, the refrain from Alice Cooper’s Talk Talk echos unbidden through your head:
My social life’s a dud. My name is really mud.
I’m up to here in lies. I guess I’m down to size.
The only saving grace is the fact the spam is coming from your web server and not your primary email system. On the other hand, it is the one used by everything on your web site, including your extranet. Consequently, none of your closest constituents, your membership, your friends and family and board, are getting any of the normal transactional messages— little things like password change confirmations, or perhaps receipts or other administrivia that makes the world go ‘round.
What’s the fix? Sure, there are tech fixes here— holes to patch in your internet armor—but there are bigger problems too.
• How do you get your good reputation back? How do you take responsibility without taking the blame?
• And, finally, what’s an avoidance strategy for the future — one that anticipates what might be, but communicates that nothing is foolproof.
This is the first in a series from guest contributor Gavin Clabaugh, Vice President and Chief Information Officer, Charles Stewart Mott Foundation. Every issue, Gavin will provide hypothetical scenarios that could—and maybe already have—happen to your nonprofit. Now, it’s your turn to respond: what would you do? Please share your stories by clicking here.
RESPONSES FROM THE COMMUNITY:
One of our long-time member’s AOL account was hacked. He has started spamming our rather tightly knit and generally non-technical (members only) Google Groups. We don’t want to block him, but we don’t want his spam in our Google Groups, either, particularly if the links are going to some malware site. From our perspective, we need him to fix it so others aren’t put into the line of fire but [. . .] of course we don’t want to alienate him in any way, either. We finally got in touch with him and talked to him about what was going on and he changed his (admittedly weak) password. Everything is sunshine and roses again. Everyone was reasonable. I will go back this week and send messages to all our groups about Passwords, what happened, reassure them, and educate them a little bit. (from Beth Camero, in our NTEN Members’ Group on Linked In)
I think that this scenario is just about every network admin’s nightmare (and it happens whether you work in an non-profit or a tech company—true story). Finding your company on a blacklist is bad news; there are too many blacklist servers to review all the delisting procedures, but for some of the most commonly-used RBLs and their methods for removal check this article out. (From Sophie N. on our blog) A side from a small set of nonprofit orgs working on sensitive political issues, I think nonprofits—and foundations, for that matter—should OUTSOURCE email to a service provider. Choose Microsoft, Google, or another hosting provider but stop running your own mail servers. Please. Focus on tech where it adds value, not on commodity functions. Email should be a service, not a server. (From Andy Wolber, on our blog)
Read the full article at http://bluetoad.com/article/What+Would+You+Do%3F/658163/62965/article.html.