cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
21,254
Dell has announced that its cybersecurity team foiled an unauthorized intrusion into its network that attempted to extract Dell.com customer information; limited to names, email addresses and hashed passwords. The Dell security team stopped the hackers by immediately implementing countermeasures. Dell also hired a digital forensics firm to conduct an independent investigation and notified law enforcement. Although the investigation concluded that no customer information was taken or sensitive data targeted, Dell took the extra step of proactively resetting Dell.com customer passwords to further protect customer data. Thanks Schtask !

We are committed to doing everything possible to protect our customers' data. Dell will continue to invest in our information technology networks and security to detect and prevent the risk of unauthorized activity.
 

nutzo

Supreme [H]ardness
Joined
Feb 15, 2004
Messages
7,380
They did require me to change my password a couple days ago, so if this is just PR, they planned it well.
 

britjh22

Limp Gawd
Joined
Oct 15, 2014
Messages
387
Hmmm, a company that went private spends enough to actually be able to prevent shit like this, while countless massive public companies have had breaches, probably because they think of IT as only an expense.
 

NoOther

Supreme [H]ardness
Joined
May 14, 2008
Messages
6,468
Hmmm, a company that went private spends enough to actually be able to prevent shit like this, while countless massive public companies have had breaches, probably because they think of IT as only an expense.

I don't think it has to do with private vs public. I know plenty of public companies that employ similar protections. Also, Dell is going public again.
 
D

Deleted member 184142

Guest
1WapdGc.png
 

velusip

[H]ard|Gawd
Joined
Jan 24, 2005
Messages
1,579
Someone give that Dell PR guy a raise. WIth all of the negative press about constant hacks and data loss this sounds amazing. The sceptic in me says, easy to fake, impossible to disprove, great PR!
Hehe. Lets spin this intrusion, born of lackluster policy and incompetence, into a heroic victory!
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,831
Interesting to contrast how quickly Dell made a public announcement with how quickly Atrium Health made one.
 

Chebsy

Gawd
Joined
Jan 24, 2013
Messages
523
This is news.
This is news because usually we only hear about this kind of thing after 1000's of personal details have been stolen by hackers. Kudos to Dell for taking proactive action and protecting it's customers.
 

NoOther

Supreme [H]ardness
Joined
May 14, 2008
Messages
6,468
Interesting to contrast how quickly Dell made a public announcement with how quickly Atrium Health made one.

Different companies with different types of data and in different scenarios. The more important the information, the greater the penalty for the crime, the more likely a company is going to delay so they can try and catch the criminal. If they immediately report the breach, the criminal knows they are onto them, the more likely they will start to cover their tracks.
 
Joined
Jun 1, 2018
Messages
691
Doubt it, as it is fairly easy to change and/or mask the IP. Likely they created a fingerprint to filter traffic and blocked based on the signature of that fingerprint.

not sure if your trying to impress anyone or just giving security professionals way too much credit lol
 

Ihaveworms

Ukfay Ancerkay
Joined
Jul 25, 2006
Messages
4,519
My guess is they saw an unusual spike in failed login attempts to a database, database sent out an alert email of this condition to the IT team. Team turned off the database quickly just in case. Big PR celebration.
 

Kardonxt

2[H]4U
Joined
Apr 13, 2009
Messages
3,595
My guess is they saw an unusual spike in failed login attempts to a database, database sent out an alert email of this condition to the IT team. Team turned off the database quickly just in case. Big PR celebration.

I was thinking similar but even more cynical. Several failed login attempts, account automatically locked by policies, notification sent to admin. admin googles incoming IP to chinese isp, lets everyone know he successfully foiled chinese hackers.
 

FrozenSteel

Limp Gawd
Joined
Oct 24, 2011
Messages
193
This should be expected of an IT company, especially one who played in the Network Security space (Dell used to own Sonicwall.) Dell also still has a strong relationship with Sonicwall so I'd be worried if someone got in...
 
Joined
Jun 1, 2018
Messages
691
Impress anyone with what? This is common practice for perimeter security these days.

They clicked on an event on their WAF and then clicked again to add the signature to the blocking behavior. Regardless of platforms I'm estimating up to 6 clicks lol. Thats it. Again, Yippppeeeeeee.
 

NoOther

Supreme [H]ardness
Joined
May 14, 2008
Messages
6,468
They clicked on an event on their WAF and then clicked again to add the signature to the blocking behavior. Regardless of platforms I'm estimating up to 6 clicks lol. Thats it. Again, Yippppeeeeeee.

Maybe, maybe not. Might have been that the system they used created its own signature and automatically blocked it with nobody clicking anything. But even if they clicked on an event, something was using a special algorithm to generate an alert that matched that attack. In either case, that is far more than just blocking an IP, as blocking an IP rarely does too much, and in fact, can end up hurting by blocking a lot of good traffic.

Also to find something like this where it is actually finding activity which is stealing data, they probably used deep packet inspection. They matched that to other various activity alerts and generated a countermeasure specifically for that activity. So more than just using a WAF.

As for it being big news, I see this kind of thing done quite a bit, but probably not something most people are aware of. Most of the time companies do not even put out a notice when they successfully block an attack. In this case it is likely Dell doing cya just in case some data was taken.
 
Last edited:
Top