By Dan Goodin in San Francisco
19th September 2007
Layered Technologies has been targeted by malicious hackers who may have
stolen passwords and other personal details on as many as 6,000 of its
clients, the Texas-based web host provider warned. It is advising
customers to change login credentials for all host details submitted in
the past two years.
The Monday evening breach was executed by attacking an off-the-shelf
application integrated into the company's support desk that manages help
tickets submitted by customers, according to Layered Technologies
President Todd Abrams. It remains unclear if the intruders actually took
the information, but the attack had the potential to expose names,
addresses, phone numbers, email addresses and server login details for
five to 6,000 clients.
"Based on the log entries I'd say it's very unlikely they took a copy of
the database," Abrams said. "It's not like a two-second download." He
said the company wanted to err on the side of caution by asking all
customers to change all passwords.
Payment details are stored in a separate system, so credit card
credentials were not exposed unless a customer had opened a help ticket
and included them in it, according to Abrams. Similarly, scanned IDs
that some customers are required to submit when renting a server were
also not routinely stored in the help-desk system. he said.
The perpetrators accessed the database by attacking an application known
as Cerberus. According to this page on Secunia, at least 11
vulnerabilities have been documented in various Cerberus tools, only one
of which carried a "highly critical" severity rating. It was unclear
what version of Cerberus Layered Technologies Layered Technologies uses.
(In Greek Mythology, Cerberus is the three-headed dog who stood guard
over Hades. So why would marketers name a support desk app after a
vicious canine responsible for tormenting damned souls trying to escape
their frigid confines?)
The attack on Layered is part of a growing trend in cybercrime in which
hackers target a single web host rather than the thousands of individual
sites that that rely on it for service. In May, Brinkster.com required
customers to change their login credentials after discovering many of
them may have been compromised. Other hosts who have been penetrated
include PlusNet and IPOWER.
Layered Technologies claims to be "one of the five largest global
providers of on-demand hosting and utility computing solutions" and
provides dedicated and managed server hosting services to small and
medium-sized businesses. The company has "launched a series of
initiatives to enhance and to protect," some of which are being
implemented immediately, it said without elaborating.
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com