Friday, June 22, 2012

Here's What Happens When Chinese Hackers Hit Your Blog

Jessie Cross has been running a food and cooking blog from her home in Salem, Mass. for four years. She's amassed quite the audience, pulling in 200,000 visitors every month. Her blog became so popular, she was given a deal to publish a cookbook: and that's when the hackers hit.

On April 15, when her TheHungryMouse book was supposed to come out, Cross logged in to her Wordpress-based blog to do a slew of promotional posts. It's something she had done a thousand times, but on that day, something went wrong.

[More from Mashable: More Password Hacks? Last.fm Looking Into Security Breach]

"I couldn't get into the back-end of Wordpress," said Cross. "So I knew I either got a bug or I did something wrong."

Cross, who describes herself as "pretty technically proficient," contacted her host, who had nothing but bad news.

[More from Mashable: Trade Valuable Goods for Unique Travel Experiences]

"My hosts told me the domain registration no longer sat with me, but it looked like it was owned by some dude in China," she said.

The domain transfer actually happened around the beginning of March, but the hacker(s) didn't take Cross' access away for several weeks, so she wasn't able to immediately detect the attack.

Cross' host said they'd investigate the incident, but then came back and said it was Google's problem. Google initially pointed Cross back to her host, but the company reversed course and took up her cause after the hackers replaced Cross' Google AdSense code to sap the (relatively small) profits she was making from advertisements on her blog, which constitutes fraud.

Next, Cross tried to get in touch with the Attorney General's office, but she didn't hear back. Next, she tried Sen. John Kerry's office, which called back a week later and said neither the Senator nor the Attorney General could help because it was an international case. They pointed her to the FBI, which assigned an agent to the case.

"This was totally out of character for me to do," said Cross, "but at this point, I just wanted my stuff back."

The FBI agent originally assigned to the case was a specialist in national security. Cross believes that was because the FBI was initially "trying to figure out from a national security point of view if this was some attempt to infiltrate the [U.S.] national security infrastructure."

SEE ALSO: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Finally, with the help of her host, Google and the FBI, Cross was able to recover ownership of her domain. Immediately afterwards, she took steps to make sure she never had to go through the ordeal again.

"I learned a lot about two-step verification for Gmail and other security stuff on my backend," said Cross. "I changed all my bank accounts, usernames, everything."

The FBI didn't immediately return a request for comment, and the fate of the Chinese hacker(s) remain unknown, leaving Cross without any clues as to their motive for hacking her site.

"My website makes a small sum from Google ads -- I do this because I want to help people learn to cook, not because financial reasons are a motivating factor. I'm 35, well-educated and I had no idea this could happen. Thank god I have a day job, and thank god they didn't destroy everything I had."

How can Internet users protect themselves better against hackers, especially with the recent flood of leaked passwords? Share your ideas in the comments below.

Image courtesy of iStockphoto, selimaksan

This story originally published on Mashable here.


View the original article here

No comments:

Post a Comment