back to article Holy ship! UK shipping biz Clarksons blames megahack on single point of pwnage

British shipping services firm Clarksons has revealed a high profile data breach last year stemmed from a hack on a “single and isolated user account”. shipping container Hacked Brit shipping giant Clarksons: A person may release some of our data today READ MORE Criminal hackers stole employee information from the shipping …

  1. JimmyPage
    Happy

    Clarkson hack ?

    Was it just me that remembered Jezzas red-face moment a few years ago ?

  2. Lt.Kije

    Help

    ...or, they had help on the inside on who to target, and how.

  3. Anonymous Coward
    Anonymous Coward

    Hardly "getting lucky" or inside knowledge

    The data they refer to as stolen would only be held on an HR/payroll database, and only the HR administrators and reporting staff should have access. It's fairly easy these days to find the name of people doing particular jobs, whether through a browse of LinkedIn, or simply a telephone enquiry to the switchboard - work out the target's email address, then spear phish them. Given that multiple people usually have that access, the crims probably had multiple targets to try.

  4. LeahroyNake

    Copies

    'Clarksons were then able to successfully trace and recover the copy of the data that was illegally copied from its systems.'

    The only copy ? Also recover the copy ? In this instance I would agree that the data was stolen but to recover the copy is a bit of a stretch unless they copied it back to systems within their control then deleted the stolen version.If they deleted the stolen version by accessing someone else's computer system without their consent... meh I wish it was Friday.

    1. frank ly

      Re: Copies

      "... hackers who made off with data before demanding a ransom for its safe return."

      This seems to imply that the hackers slurped a copy of the data and then deleted the data from the Clarksons computers. Is that what happened?

      1. LeahroyNake

        Re: Copies

        I think it's probably more likely that they were blackmailing to not release the data... unless Clarkson had never heard of backups.

        1. Dave_uk

          Re: Copies

          whats a backup?

    2. Mark 85 Silver badge

      Re: Copies

      I too am surprised at this statement particularly the word "recovered". Is it the thieves didn't make a backup copy? If they parked it somewhere on the internet such as AWS, are they certain that the data wasn't hacked by someone else? Once the data is in the wild, all bets are off, IMO.

      1. yoganmahew

        Re: Copies

        The whole response publication is idiocy. One isolated account = they only used one account, the information was loose on the intranet and once you could log on to the VPN you could get any of it.

        Immediately = After six months (May to November)

        As above, the whole "stole the data", "got the copy back" lark.

        I wouldn't trust them to float a boat, never mind run an IT system.

        Oh wait...

        edit: I see AB Hands made the same points! Sorry!

    3. dnicholas

      Re: Copies

      Reminds me of this

      http://www.27bslash6.com/overdue.html

      Still worth a giggle after all these years

  5. rdhood

    How nice...

    Your employer loses your info and declares : "watch your credit records!"

    1. Anonymous Coward
      Anonymous Coward

      Re: How nice...

      Even in the US if your info is hacked you'll typically be given a year of free credit reporting. If it is your employer that loses your info - which is generally a lot more info and a closer relationship that to a customer - they'll sometimes offer more.

      Is it possible there's really a country with worse privacy protections than the US?

  6. israel_hands

    So much of this doesn't make sense. How did they locate the copy of the stolen data? And how can they be sure that was the only copy of it?

    If it was an inside job and the data was exfiltrated to a single machine that was subsequently seized during a police raid then it would maybe make sense. Possibly. But even then you couldn't be sure it hadn't been uploaded to a hosting service or distributed to others.

    And what's the point of taking out an injunction against the hackers? Their initial action was illegal, so I don't think they're going to be phased by a civil action against them. That's like taking out an injunction to stop someone committing murder.

    Also, don't you need to name the respondent in an injunction? If they knew who they were taking an injunction out against then why would they not just let the criminal case proceed?

    So much iffy info released by the company.

    Or maybe they just don't have a fucking clue how computers or criminals operate.

    1. Brewster's Angle Grinder Silver badge

      You don't need to name the person whom the injunction is against; when the local bypass was being built, they got generic injunction that amounted to "anyone protesting".

      1. Sgt_Oddball Silver badge
        Paris Hilton

        what?

        Even the local nutter protesting against common sense?

  7. Anonymous Coward
    Anonymous Coward

    I now have so many "single year of free credit reporting" offers to my name that I will die before I can use them all.

  8. Dave_uk

    Where is the encryption again???

    No mention it was encrypted, therefore, we can safely say it wasn't.

    Raw data free for the taking yet again.

  9. Anonymous Coward
    Anonymous Coward

    i guess i was the only one...

    ...who was hoping for a "grand tour" special out of this... unfortunately wrong clarkson.

  10. sanmigueelbeer Silver badge
    Happy

    in this particular instance it appears they hit the jackpot account with their first try - or they have a good passive assessment so they knew which user account to target.

    admin/admin?

    1. Anonymous South African Coward Silver badge

      He added: "However, in this particular instance it appears they hit the jackpot account with their first try - or they have a good passive assessment so they knew which user account to target."

      Insider information - the third option.

      Can be anything from overhearing from a casual remark to sending in an spy (cleaning staff, contractor sent to fix that overhead light etc etc) to sniff out prospective marks.

      Never, ever underestimate the ingenuity and willingness of a ne'er-do-well...

  11. pig

    I wonder if their HR database was accessed via Active Directory automated login?

    A lot of places authenticate internal systems like this now.

    Yes, it saves you typing more passwords but it also means once an attacker is in they are in.

    Of course, since most users would just use the same password for both previously anyway.......

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022