img img img img

Marry Hackmas and Happy NoBreach

Marry Hackmas and Happy NoBreach

When is a business most vulnerable in terms of cyber security and when are cyber attacks most effective? This is a question with many and comprehensive answers.

As a co-author and co-owner of a service and a mobile app, I’ve always thought that the moment when someone will play with the service without permission in an unaccepted and unexpected way is on the one hand inevitable, alarming, and on the other hand somehow abstract, imaginary fruit of some vague, distant future moment.

However, past previous experience and to save ourselves headaches, great care was taken from the outset and many of the risky stages, modules and integrations were carefully designed, crafted and prepared for ‘X’ day. Other parts were written as if in the midst of an obsessive compulsive disorder and preparation for the Apocalypse.

Alas, the “X” day came – on Friday night, before Christmas. To put it metaphorically, someone dared to play with our excavators and dump trucks on our sandbox – “yesterday” – while we watch the results of the game from the sidelines. Reports of anomalies started raining in at a nice Christmas moment. After analyzing the time slice of logs, it became clear that besides invalid sessions there are valid ones, which in turn show illogical behavior of real users and attempts to exploit parts of services in the server side in an attractive way that does not match the source code, but also testifies to automation and possibly compromised mobile application, and maybe reverse engineering.

Fortunately, past the accompanying analysis, we can conclude that there are currently no traces of a data breach, and no traces indicating unauthorized access to data over a sufficiently large time span.

What conclusions we drew:

  • A recent library update has protected us from another critical vulnerability in the server side
  • Better with forethought and anticipation of the apocalypse than assuming “it” won’t happen to us. The apocalypse never came, but the preparations kept us out of further trouble.
  • Bugs and vulnerabilities exist and must be accepted, respected and eliminated, and critical ones as soon as possible. The opposite is a game of Russian roulette and a race against time.
  • “What if ….” is a magical question and a great practice that saves lives, servers and data. Minor additional checks have proved unexpectedly effective and have limited the theatre of action at this point.