Firms lose thousands as hacking nightmare continues

By Helen Twose

Five days after a hacker attacked New Zealand websites, businesses are slowly getting their internet presence restored - but it has cost them thousands in lost revenue.

Auckland-based Just Hardwood Floors was one of the victims of a notorious Turkish hacker, operating under the name Iskorpitx, who hacked into the US-based server and defaced the websites of approximately 600 New Zealand companies.

The problem has affected customers of internet service provider ihug who were previously with internet company Quik.co.nz. Last year ihug purchased Quik.co.nz, a New Zealand franchise of United States-based internet service provider Quik.com.

Jonathon Cooke, operations manager at Just Hardwood Floors, said he was alerted to the problem on Monday morning when he got to work and is still waiting for it to be fixed five days later.

Mr Cooke disputes claims website customers should have taken responsibility for backing up their websites.

He said the company was using an online website development programme to upload text and pictures into a website template designed and hosted by Quik.

"With their online system you couldn't back it up - everything was done on their server. You basically logged on to their servers. So you had no hard copy of your website at all in-house," said Mr Cooke.

Not only has Mr Cooke lost his current website, development work on a new website done by Quik prior to its sale to ihug has also been lost.

"It appears that we have completely lost that website - they had not backed it up. We are starting from scratch.

"Basically we have just lost $3000 odd dollars worth of re-development work and ihug cannot tell me anything. They can't tell me squat," said Cooke.

Mr Cooke also estimates his business is down 10 to 15 per cent this week.

This afternoon he is still without a website but has received numerous offers from IT experts and internet service providers - including ihug, who say their team will talk Mr Cooke through getting his website working again.

"Why does it have to get to this state before a corporate sits up and takes notice," said Mr Cooke.

When the Herald talked to Gillian Richardson from Automotive Security Systems yesterday she said she'd lost 80 per cent of her business through the company website being offline.

This afternoon her caralarm.co.nz website up and running thanks to an offer to help by an ihug competitor - but not before sending some of her staff home due to lack of work.

"They are now in the process rebuilding it for us - no charge - and they are also taking over our domain name and they're going to do the hosting for us, so it's being moved today from ihug," said Ms Richardson.

"I don't understand why ihug couldn't look after their web customers better and do what this company have offered to do," said Ms Richardson.

When asked about the response from ihug she said: "In a nutshell - pathetic. I finally phoned ihug again this morning and they have said to me that there is absolutely nothing they can do. They have no copies of anything. Everything's been defaced. There's really no point in calling them any more because there is nothing they can do."

Ihug spokeswoman Annabel Gould said the company is working with the website development division of Quik - Quik Web Design - which they didn't purchase when they bought the hosting service last year, to restore some customer websites from their backups.

"We are just working to get everyone's site back up online now," said Gould.

She said that despite the fact this incident was outside ihug's control and the Quik service did not provide back-up facilities, ihug still wanted to make sure all the affected customers have the problem resolved to their satisfaction.

"None of these customers will be paying for their hosting this month and as planned, we'll be progressively moving them on to ihug's secure servers, where regular back-ups are done," said Gould

"However, its also best practice for businesses to keep their own copy of their website, either themselves or with their web developer and we encourage our customers to do that as an additional safety measure.

One of ihug's rivals has come out today claiming many internet providers are running insecure and outdated systems which are vulnerable to hacking.

Web hosting provider PrimeHost said news that New Zealand websites were hijacked does not surprise PrimeHost operations director Dale McIsaac.

"You would be shocked at how many internet companies are still using vastly outdated operating system distributions to host commercial customer websites."

PrimeHost customers had not been affected by the latest round of hacking, because it was ran advanced anti-hacker technologies , Mr McIsaac said.

"Many successful hacking attempts are due to internet providers running outdated software on their servers, and customer installed-applications such as bulletin boards, forum software and mailing lists are commonly exploited by internet hackers."

With so many vulnerabilities and exploits being found in server software applications, it was essential that internet providers maintained a high level of server security, he said.

Ihug was yesterday advising customers to re-upload their webpage as a "quick-fix" while the company moves affected websites to its own server.

The problem does not affect ihug customers hosted on the company's own servers.

- with NZPA

© Copyright 2014, APN New Zealand Limited

Assembled by: (static) on red akl_a2 at 17 Sep 2014 22:52:57 Processing Time: 948ms