Welcome
Welcome
As this issue goes to print, news is circulating about a catastrophic hack on the mail provider VFEmail. According to reports, two decades of saved data for all US users is lost – totally wiped out.
Bricks and Spray Paint
Dear Reader,
As this issue goes to print, news is circulating about a catastrophic hack on the mail provider VFEmail. According to reports, two decades of saved data for all US users is lost – totally wiped out. Email providers are accustomed to getting attacked, and most of the attacks are stopped at the front door. Attackers sometimes get through, in which case, the most common scenario is that they encrypt some data and ask for a ransom. In this case, however, the attacker didn't seem to really want anything, other than a chance to go on a rampage and destroy all the data.
No attempt was made to deliver ransom demands. The crime did not look like extortion or theft but resembled something more like ordinary vandalism. The attacker careened around the network, reformatting disks and destroying data. Mail servers, file servers, VM servers, database servers, and even backup servers were lost. Although vandalism tends to appear random, this attack seems to have been carefully planned. According to reports, the attacker needed multiple passwords to access all these servers and therefore must have been lurking and listening on the network for some time to acquire the necessary access information.
I won't solve the mystery in the time it takes to write this column. Too much is unknown at this time. Was the attack from a disturbed loner who just wanted to destroy something? Was it a disgruntled customer or a former employee out for revenge? Was it an inside job? Another possible scenario is that the attacker was a customer with a secret who decided to destroy the evidence by destroying every account, rather than just deleting personal emails and risking leaving a trail.
The VFEmail attack caught the imagination of the high tech press because it was just so weird. Nefarious as ransomware attacks might be, we are at least able to classify them as being somehow related to the quest for money (which we all secretly understand). A wanton attack of vengeance or vandalism scares us the way we are scared by a tornado or a madman with a knife. This attack underscores the dark reality that the Internet really is an unsafe place. Criminals and sociopaths from all over the world can ride a magic carpet to your front door, and the onus is on you to find the right kind of lock – and to continually change the lock as new techniques render old locks ineffective. It is actually profoundly strange that our whole economy and trillions of dollars in business interests are based on this model.
Still, VFEmail deserves some heat for the failure of their disaster recovery plan. If you read down through the comments under the news stories on the attack, you'll find lots of notes from sys admins who are unimpressed that such a thing could happen. Without the details, it is difficult to see exactly what went wrong. At least so far, there doesn't seem to be an obvious gotcha-type mistake, such as an unpatched server or sloppy password policy. Two issues are clear at this time and should serve as a cautionary tale for other admins as they prepare for what we hope will not be a new era of stone-age-style, destroy everything attacks:
- Although the company did provide regular backups to backup servers located on the network, their backup process apparently did not include an offline storage component, which is often (though not universally) recommended by security experts.
- Unless the attack was an inside job, the intruder spent some time hanging out on the network snooping passwords. (Note that this is not a disaster recovery problem but is more of an intrusion prevention problem.)
Another question that no one seems to be asking is to what degree this story reflects a growing trend in our IT industry, which favors huge providers over small to mid-size businesses. Based on comments and responses that have appeared in the press, it appears to be a fairly small-time operation. Fifteen years ago, there were thousands of small businesses operated by the owner and a small team providing services on the Internet. Are we now approaching a world in which every company needs to be big enough to employ a professional security expert and full-time security staff just to watch for intruders?
Then again, it is worth asking if losing email to a cyberattack is actually any worse than losing your credit card number, which seems to happen quite frequently with big companies who have lots of money for security experts.
Joe Casad, Editor in Chief
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.
-
Fedora 41 Released with New Features
If you're a Fedora fan or just looking for a Linux distribution to help you migrate from Windows, Fedora 41 might be just the ticket.
-
AlmaLinux OS Kitten 10 Gives Power Users a Sneak Preview
If you're looking to kick the tires of AlmaLinux's upstream version, the developers have a purrfect solution.