Hitsniffer ceases trading because of a malicious-insider data leak

A malicious insider, should all employees be considered guilty by default?
A malicious insider, should all employees be considered guilty by default?

Hitsniffer, a website analytics company, has gone offline after an internal data breach which it claims was carried out by a former member of staff who helped set the company up.

According to the company, the member of staff stole a database of all of its clients and is now emailing them under a new company name. Hitsniffer has warned customers not to interact with the new company.

Hitsniffer has cancelled all recurring PayPal payments from customers and is no longer functioning or responding to emails.

Matt Middleton-Leal, regional director for UK&I at CyberArk, told SCMagazineUK.com: “While disputed by the alleged ‘rogue insider', if true, the revelations from Hitsniffer are a reminder – if it were needed – of the insider threat faced by all organisations. It is wise for enterprises to ensure that they are actively monitoring and controlling their networks in real-time, in order to spot any malicious activity immediately and intervene before damage can be done. The threat of losing operational control and exposing customers to fraudulent activity should provide a stark wake-up call to any complacent organisations.”

Hitsniffer has taken to its website to release the following statement:

“Hitsniffer was compromised by a programmer who had worked for the company since its inception. This programmer has stolen all databases. The customer database is now in his hands. You will probably have received an email from a company called Hitsteps, this company has no relationship with Hitsniffer, Hitsteps is now using our customer database to contact our customers.”

The company continued: “We have made allegations of theft and fraud regarding this matter and it is now being investigated by the police. We have cancelled all recurring Paypal payments to our company as we certainly do not wish to receive any payments from our clients when we cannot provide service. We cannot apologise enough for your loss of service. Please be aware that a company called Hitsteps have been emailing our customers using our customer database without our permission.”

Unfortunately, data leaks of this type are very difficult to stop if they are carried out by  programmers with broad access rights.  

Tools to manage privileged access remain expensive, meaning smaller organisations are unlikely to deploy them. This is a problem which a larger company could solve with processes and products.

The ex-Hitsniffer, who has not been publicly named, is disputing claims of theft.

Justine Cross, regional director at Watchful Software, told SCMagazineUK.com: “The Hitsniffer data breach demonstrates the fact that privileged users with seniority in the company pose the biggest threat of malicious insider activity, and are one of the most difficult to guard against.”

Cross continued: “A basic step that all companies should be taking is to use data classification to ensure that all files are automatically labelled with the ability to add the right security level. All confidential files should be classified and potentially encrypted on creation and can only be opened by authorised users, making it much more difficult to successfully exfiltrate sensitive or mission critical files outside of the network, or to non-authorised users.

“Even better, authorised users of encrypted documents permissions are temporary and as soon as a user's rights are revoked, no matter where that document has travelled or is being stored, that user will no longer be able to view the content.”