NEWS FROM THE LAB - Wednesday, September 21, 2011

Getting Hacked Out of Business Posted by Mikko @ 12:54 GMT

DigiNotar — the CA that got hacked — announced bankruptcy yesterday (read the release).

This is a very clear case where a company folded because it was hacked.

However, this is not the first time something similar has happened.

Earlier this year an Australian hosting provider called Distribute.IT was badly hacked and had no recoverable backups (read the full story). As a result, the company folded and the customer base was acquired by a competitor.

Diginotar, Cloud 9 Communications, Blue Frog, Distribute.IT

Victims of wide-spread and long-lasting distributed denial-of-service attacks include an ISP called Cloud 9 Communications (read more) and an antispam outfit called Blue Frog (Wikipedia entry). In effect, spammers forced Blue Frog out of business.

So does getting hacked always equal going out-of-business? Well, no, not always.

Sony's PlayStation Network was severely hacked earlier this year, but they're still in business. So what's the difference between Sony and these other guys? Well size and notoriety for one thing. Sony was so publicly humiliated that public opinion actually turned against the hackers, and gave Sony PSN some time to recover its footing.

DigiNotar, Distribute.IT, Cloud 9 and Blue Frog weren't big enough for all the details to come out during their troubles — and they failed to win public opinion (trust) as a result, and then they suffered the consequences. It's something that all smaller companies should take into consideration and prepare for.

Or else, they could be the next one to be forced out of business.

Updated to add: Submitted by a reader — Going out of business is not always the worst possible result of a hack. HyperVM software founder, K. T. Ligesh (a man with known personal issues), committed suicide after an attack on budget webhosting company VAserv was linked to apparent vulnerabilities in HyperVM software. The hackers later posted to pastebin.com that the attack was the result of VAserv's poor password management rather than any HyperVM vulnerabilities.