On Monday, the 16th of December 2014, Shape Networks was assaulted by multiple (and possibly co-ordinated) hacking attempts to our network from about 20 different IP addresses located in 4 different countries.
Those attacks were hitting our network with hundreds of registration requests per second, in an attempt to find a valid username/password combination in order to be able to access our network and start rooting fraudulent calls through it.
This method of hacking, known as a “brute force” attack, basically consists of trying hundreds of potential common login details such as “password” or “123456” in the hope that someone is actually using one of these. If not successful with common passwords, they would have normally begun testing for names and then run through the dictionary.
As our network is secured with extremely hard passwords to hack, it would have taken this group of hackers years, if not decades (even with today’s computers) to successfully guess one of our highly secured passwords. Furthermore, in the event of the hackers correctly guessing one of our highly secured passwords, giving them access to our network, they still would have not been able to root calls as their devices (soft or hard phones) would have not been recognised as registered ones by our network, which therefore would have rejected any call attempts made from these unregistered devices.
Our team of technical experts immediately became aware of the attack and responded quickly to it by rejecting the traffic coming from these offending IP addresses. However, as these hacking attempts started to come from several different IP addresses at a fast pace (hundreds per second), it quickly became impossible to block every single attempt – reiterating that there was no danger of these hacking attempts gaining access to make calls. Therefore, our team of technical experts simply blocked all traffic coming from unregistered IP addresses, only allowing our registered customers to access our network.
At this point, for anyone who was not one of our customers, our network effectively disappeared from the Internet and approximately 20 minutes after blocking all unregistered incoming traffic, the hackers got bored of being repeatedly blocked by our network and finally gave up and ceased their attempts, allowing our network traffic to fall back to normal.
As a result of this attack, we have now assessed this event and improved our network so that from now on, no hacking attempt would cross a single bit of our network. We have also enhanced the redundancy configuration meaning that in the event of one of our many security appliances failing, our services would be completely restored in less than 10 seconds, allowing our customers a seamless business continuity and security.