Security company attempts hacking



In a recent report it came to light that the Dutch Security Software
company Alfa & Ariss has been making unauthorised attempts to break in to
both private and corporate computer systems.

Alfa & Ariss, who made name for themselves by developing software for both
the Open Source and Corporate markets for secure login procedures, as well
as being contracted to implement this software in central Dutch government
and banking agencies, have made confirmed attempts to at least gain access
to several systems without obtaining authorization first from the owners
and operators of those systems.

The most disturbing attempts are the clear and verified, targeted attempts
to access a Scandinavian company by probing for available services,
including but not limited to telnet, SSH, FTP, LDAP, VPN, SSL and SMTP.
These were made from the main IP address registered to them (82.94.105.130)
in late October. The company's data wasn't compromised due to a good
security setup, but the attempts themselves are an indication that Alfa &
Ariss is apparently doing more than just develop software, and not all of
it desirable.

Next to this, the private user is apparently also not safe from them, as an
ex-employee found out. His home-connected computer had its Internet
connection flooded around the same time, and by checking access logs found
out that the company had been snooping on his Livejournal (even after he
left the company) as well as making complete copies of his personal and
business related web pages.

Even though invited to do so, no comments have been made by Alfa & Ariss so
far, but the ex-employee states:
"Yes, there have been problems with my connection. My modem complained
about not being able to handle the traffic correctly, and probably a bunch
of connections were dropped because of that. I'd say that is a clear
example of Denial of Service right there. It didn't last long, but still..."

"I also put a few blocks in place after that, and started keeping an eye on
the IP. Surprisingly, it didn't end there, but instead, I found I got
continued connection attempts from the office at just about every business
day, and even some in the weekend and at night times. To this day they keep
checking up on me, apparently."

As to the reason why, there seems to be some confusion:
"I'm a little limited in what I am allowed to say under my NDA, but I can
tell you that even though I left the company in September on less than
agreeable terms (having had the rights needed to do my job as security
officer and network administrator revoked, forcing me to quit, next to lack
of pay), I didn't have any negative consequences to speak of because of
this. I, myself, was just glad to close it off this way, I have no desire
to be in any way in touch with the people there, and as a matter of fact,
the CEO demanded no further contact, himself. I even returned a few letters
after they got sent to my address regardless of their own command.
There is also nothing of interest for them to be found on my home system,
apart from personal data for me and a few friends which they have no
business in knowing or having access to. Although I can guess as a motive
they might be searching for information to try and fine+sue me over the
NDA; it would not surprise me if so, at all. Having set up a lot of the
network stuff there myself though, I can tell you that if something like
this originates from that IP, it's not been someone else or a system that
got compromised and abused by someone else outside the office. Unless of
course they really messed up their setup after making me quit, but I
somehow doubt it."

Further specifics are not known at this time.


[from our security news correspondent]

.