Code Spaces Hosting Shutting Down After Attacker Deletes All Data 387
An anonymous reader writes Code Spaces [a code hosting service] has been under DDOS attacks since the beginning of the week, but a few hours ago, the attacker managed to delete all their hosted customer data and most of the backups. They have announced that they are shutting down business.
From the announcement: An unauthorized person who at this point who is still unknown (All we can say is that we have no reason to think its anyone who is or was employed with Code Spaces) had gained access to our Amazon EC2 control panel and had left a number of messages for us to contact them using a Hotmail address. Reaching out to the address started a chain of events that revolved around the person trying to extort a large fee in order to resolve the DDOS.
At this point we took action to take control back of our panel by changing passwords, however the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel.
At this point we took action to take control back of our panel by changing passwords, however the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel.
The cloud (Score:5, Insightful)
Good thing people hosted their stuff on the cloud...
Re:The cloud (Score:5, Interesting)
Single account to rule them all......the best approach is the separation of concerns (user management, server management, backup / restore, etc.) so that it is a lot harder to compromise everything.
Re:The cloud (Score:5, Insightful)
But that would have cost the company a little more money.
Re:The cloud (Score:5, Insightful)
More likely, actual planning would have to be involved.
Re: (Score:3)
To an owner planning is identical to cost.
Re: (Score:2, Interesting)
I don't think that was a money thing, rather it was an oversight of risk management. Hindsight is always 20/20.
(Besides, where does this "blame the victim" attitude always come from? It's ridiculous. This is equal to saying that wearing scantily clad clothing means a woman deserves to get raped.)
Re:The cloud (Score:5, Insightful)
Having an offline backup isn't 20/20 hindsight, it's the absolute basics of the basics.
This is equal to saying that wearing scantily clad clothing means a woman deserves to get raped.
It's more like saying that a guy who dies in a car accident because he was street racing while drunk, high, and not wearing a seatbelt got what he deserved.
Re:The cloud (Score:5, Insightful)
Re: (Score:3)
I think the offsite backups where not their own offsite backups, but managed by Amazon. Which is really not what I would consider an offsite backup.
"where's your data"
"in the cloud"
"where do you keep your backups"
"um, in the cloud..."
Re: (Score:2, Insightful)
Bad people exist. Plan accordingly, or don't come crying when you get hacked.
Otherwise, I agree with you, this looks more like an oversight of risk management: When wandering around the park at 2am in a mini-dress... don't.
Re: (Score:3, Interesting)
Re:The cloud (Score:5, Insightful)
And the company and it's owners should have their asses sued off for failing to take normal precautions for the data they promised to protect. I have sympathy and pity for the owners of the data (although I have always thought "the cloud" was a stupid idea), but none for the company. Unconnected archiving is a universally recognized good practice. Why in hell don't the new guys understand this?
Re:The cloud (Score:4, Insightful)
Your insurance agent would like a word with you.
Re: (Score:3, Insightful)
You'll notice that at no point did I excuse the criminal. I agree with you completely that we as a society should dedicate the resources to hunting him down and punishing him.
That doesn't change the fact that Code Space
Re: (Score:2)
Bad people exist. It doesn't matter if you cry, it does matter if you seek Justice or not.
Changing your life to accommodate them is ill advised.
Re:The cloud (Score:5, Interesting)
But since the topic at hand has nothing to do with rape, let's get stop with unfitting analogies. A company that is offering HOSTING must take have a solid backup plan and security policies in place. Otherwise, even if the criminal who attacked them is solely responsible for the act, the attacked company is 100% responsible in front of their clients, just as it should be.
In the business world being totally incompetent to offer the service you want to offer is not justified. It has nothing to do with rape, burglary or anything else, really.
Re:The cloud (Score:5, Interesting)
I see this come up a lot and honestly..... I mean.... is it really wrong to suggest that a person should think about self-protection?
Do you lock the door to your house? Your car? I do. I generally wont even leave my phone in the locked car unless I expect I will not be out of view of the car for more than a minute, I even look around first when making such a decision. Why? Because people I know, including myself, have had shit stolen from their cars!
And you know what.... I, the victim, was stupid for thinking it was going to be ok to leave my GPS on the cradle in the car overnight. The person who stole it is still an asshole, still deserves to be punished, but you know what....that doesn't make me smart for exposing myself to his actions.
Should a woman be able to wear what she wants? Should she be able to walk down the street at night alone? Yes. Absolutely. However, when my wife clips a knife on her belt before going for walks at night, when she tells me what streets she avoids at night because she knows its where alot of the rapes are reported.... it makes me think I married a smart girl.
But hey maybe I am odd, I don't say "don''t wear that" I say "don't forget your knife"
Because its true, she shouldn't ever have to use it, and I hope she never does.... but if it ever happens, I hope she spills entrails on the sidewalk.
Re: (Score:3)
I see this come up a lot and honestly..... I mean.... is it really wrong to suggest that a person should think about self-protection?
No, it is wrong to claim that they're expected to. See the difference? No?
Why bloviate for dozens of words if you're going to fall on your face in the first sentence?
You can't even tell the difference between prerogatives and coercion, so you have no moral or ethical foundation to build anything on. You have no points, because they're suspended in space and everybody else is on planet Earth.
And yes, it is really "very" wrong to attempt to exercise other people's prerogatives. It is a less extreme example of
Re: (Score:2)
You obviously missed the comments I made to the same effect back in April and had folks respond that yes, the victim is partially to blame no matter what.
Here, [slashdot.org] read the torturous and twisted excuses people make trying to justify why the victim is to blame, whether a hacking event such as this or having your house broken into.
Re: (Score:3)
I don't think that was a money thing, rather it was an oversight of risk management. (...) Besides, where does this "blame the victim" attitude always come from?
Because it's pretty hard to criticize/discuss/improve someone's risk management without at the same time assigning part of the blame to them. I mean if I was entirely without fault that means I did nothing wrong which means I don't have to change my ways, yet here you are arguing I should take greater precautions which means I did do something stupid which means it's partly my own fault right? It's pretty hard to say that you could and should avoid danger, yet it doesn't matter if you sought and exposed you
Re: The cloud (Score:5, Insightful)
At some point, you have to ascribe *some* responsibility on the [victim], no?
No.
Re: The cloud (Score:5, Insightful)
Good job shifting the goalposts, but that's pretty much totally unrelated. See, the lions are generally not considered to be moral actors. Humans usually are.
Re: The cloud (Score:4, Insightful)
Of course she's responsible for how she looks and dresses, it's just that neither of those can ever be, in any way, a justification for rape. They're totally irrelevant. She's also responsible for what she has for breakfast, and that's every bit as relevant to your decision as to whether or not you want to be a rapist. Which, given that you're playing apologetics for it, presumably you do.
Re: The cloud (Score:5, Insightful)
I don't think it's that, it's that in some people's minds, the pendulum has swung too far. I read that some beauty contestant is getting lambasted for saying women should learn self defense. Claims are being made that that promotes "rape culture". It doesn't, it's just the commonsense realization that while in the ideal world there wouldn't be bad people, in the actual world, there are. It's fine to work towards the ideal world, but we also need to live in the real one.
To put another spin on it, there's a trail around here that used to be a great place to run. It's become a great place to get a beating and your phone/ipod/wallet stolen. I could go run there with my expensive earbuds and $600 phone, secure in the knowledge that I have every moral right to do so unmolested, but I don't. I run with my cheaper earbuds and an iPod shuffle in places muggings don't happen.
The cloud (Score:3, Funny)
Normally things form clouds AFTER going up in smoke. With the 'new technology' it is the opposite.
Re:The cloud (Score:5, Interesting)
The concept was good but the people in charge were in way over their heads and it became suddenly clear to them that they had no business securing other peoples data. Good for them. At least they know what they suck at.
Re:The cloud (Score:5, Informative)
AWS has one of the best security systems out there. IF you decide to enable the features. The production AWS configs I've used have mandated multi factor auth (using the number generator on the phone) as well as network source network restrictions. You can also setup a large number of ACLs to restrict things like the ability to create additional accounts.
It's hard for me to feel bad for these guys.
Re: (Score:2)
Isn't the real problem the criminals that made the attack?
Re: (Score:2)
So you have to take some responsibility for the security of your users data in spite of the fact that there are criminals out there.
Re: (Score:2, Insightful)
Re:The cloud (Score:5, Insightful)
"Much like the US president can only run for two terms, wouldn't it be grand if there was something similar for the politicians lower down the tree! Politicians _should_ be people who've been out in the real World."
Unintended consequences -- you don't have people in office long enough to be RESPONSIBLE for anything. All "bombs" get pushed off until the next election cycle when Councilman A is termed out and becomes State Senator A, or Assemblyman A.
Look to California for everything you need to fear.
Re: (Score:2)
Secure. Responsive. 24/7/365. the Cloud. (Score:2)
and our admin password is "letmein"
Re:Secure. Responsive. 24/7/365. the Cloud. (Score:5, Funny)
My password is "invalid" so when I type it wrong I get a message: "Your password is invalid."
Re: (Score:3)
Good thing people hosted their stuff on the cloud...
No kidding. Their backups also, apparently.
Re: (Score:3)
You should always have an offline backup (even if slightly out of date).
In this case, they could have used a separate "cloud" provider just for backups.
Cloud or not, everything under one umbrella was the problem.
Re: (Score:3)
Re:The cloud (Score:5, Interesting)
Good thing people hosted their stuff on the cloud...
I don't think their problem is necessarily because it was "on the cloud" - the same thing could have happened if someone penetrated a corporate network and got hold of a VM farm. A bigger obstacle to be sure, but if your corporation has partner/vendor access and a not-so-sharp security guy...
One question I have though - instead of changing a password, why couldn't they have called Amazon, had the thing universally locked out for that company, replaced all root-level access with a new account, and sent the new username and p/w by phone back to the company?
Also, why didn't they have an offline (think: off-cloud) backup of the stuff? Sure it costs time/money/skull-sweat to do that, but it's worth the time and trouble in the end. After all, if your family jewels are hanging out there, it always pays to have a DR plan for 'em...
If nothing else, they could have set up a separate and distinct AWS account/rigging as a "DR" of sorts, with DB replication and the works feeding it as a warm DR site. That way if some jackass compromises the first, you only need to stop DB replication, turn on the rest of the DR servers, do a quick test, and shift your DNS to the backup site - 15 mintues later, you can delete the objects yourself in the original site if you want (while you set up yet a different site and build a new backup site to replace the one you just put into production.)
We have a sizable AWS setup where I work, and first/foremost we back that shit up (the DB contents) to machinery that we control. We also have a means of re-deploying/rebuilding if necessary; sure it takes time, but it's better to have it and not need it...
Re:The cloud (Score:5, Insightful)
I don't think their problem is necessarily because it was "on the cloud"
No. The cloud was a key part of the problem. They had as much access and control over the system as the hacker did with no physical fall back.
A VM farm on an onsite rack or even a colo rack? You knock out the hacker by unplugging it from the router to the internet, and then audit and reset security to your hearts content.
Re:The cloud (Score:5, Informative)
Re: (Score:2)
Not so easy with a corporate network... (Score:2)
Re: (Score:2)
Re:The cloud (Score:4, Insightful)
It has nothing to do with the cloud. It could have been any un-managed hosting.
The fact that they went with un-managed hosting in the first place is what really screwed them. If they had a real support team they could turn to, steps could have been taken to keep this from happening as soon as the DDOS started, and they would have had "offsite" or at least "offline" backups.
This happened because it appears that code spaces had some knee-jerk reactions and didn't think through how they were handling this (like changing the password before making sure there weren't other methods of access already established). They should have straight-up called amazon, explained what was going on, and paid for support for amazon put access to their account and instances on lockdown until the situation was resolved. Shoulda, woulda, coulda though...
Re: (Score:2)
Hosting stuff on the cloud wasn't the problem. It's really no different from hosting anywhere else. The problem was a lack of off-site backups.
Something as simple as s3cmd and cron would have protected them. Or if really necessary they could have backed up servers to an independent s3 account.
This is a simple case of someone keeping all their eggs in a single basket, breaking the fundamental rule of backups needing to be independent of their source.
Backing up your cloud in your cloud... (Score:5, Insightful)
...doesn't seem to work so well.
Re:Backing up your cloud in your cloud... (Score:5, Funny)
Yo dawg, I hear you like clouds.
Re: (Score:2)
Yo!
I like big clouds and I cannot lie...
Just unplug your server from the internet... (Score:5, Funny)
So you just unplug your server's network connection from the internet while you fix the damage... oh. cloud stuff needs constant internet connection? hm. well I guess that's it then. It was an honor to serve with you. BOOM!
Re: Just unplug your server from the internet... (Score:2, Insightful)
Well, sounds like they first attempted to fix it themselves using ther mad 1337 skills. Amazon cloud is run by adults, and they must have a large staff of top notch security experts. This might sound like monday morning quarterbacking, but if they really feared this threat, they should have called amazon so that not only could they put their instance on ice, they might have gotten some help in hunting down the creep.
Re: (Score:2)
Unless you're one of Amazon EC3's largest customers (e.g. Netflix), you're one of thousands of low-paying customers with rudimentary authentication. Amazon should have an "oh shit" master key that relies on old-school technology, like a RSA number keyfob that the client's pres
Re: Just unplug your server from the internet... (Score:5, Informative)
Who do you "call" with most cloud vendors? After all, sounds like whoever was doing the DDOS to extort Code Spaces could have also "called" Amazon to do any number of things, as whoever it was had the passwords, other accounts, etc..
I've actually worked with them once - sure someone could impersonate them, but you could just as easily call up, explain the situation, and then prove you're the rightful owner of the account (using info that most script kiddies aren't going to think of gathering in the first place, let alone spoof the original contact phone #.)
To their credit, Amazon is actually fairly intelligent and responsive, even to small accounts.
BTW - if you use/handle it right, each instance comes pre-made with a specific SSH auth keyset for root, and you're the only one with the private key (even Amazon doesn't have it) - store/use that as your proof by logging into an instance with one (it's something the script kiddie definitely won't have).
Re: (Score:2)
By comparison, I can get to our server center and completely isolate us and all our data from the Internet in under 10 minutes.
Picard and Dathon at El-Adrel (Score:2)
I can't think of a better argument... (Score:5, Insightful)
Re:I can't think of a better argument... (Score:5, Insightful)
If your backups are sitting right next to your active files they aren't backups. They're just copies sitting there.
Re:I can't think of a better argument... (Score:5, Insightful)
If your backups are sitting right next to your active files they aren't backups. They're just copies sitting there.
I think that's an oversimplification. They're still backups. They're just not backups against some failure modes that people would have expected.
Re: (Score:2)
There may be better ones but this is sufficient all on its own. As the poster above me says, if it's not offline, it's not a backup.
Re: (Score:2)
Or for in-house networks.
Pretty trivial to just pull the cable when your kit has been compromised and you're facing extortion.
Re: (Score:3)
Why isn't this standard procedure for all data repositories?
Doesn't matter how efficient and secure you are, if one person can wipe absolutely everything from one control panel then you have a risk that is not being addressed. And one that isn't even difficult to address.
Re:I can't think of a better argument... (Score:5, Interesting)
for air gapped backups.
It has to be more than that. We had a policy of air gapped backups that everyone followed. But we had several different sites with several different admins. There was a large hurricane and we found some flaws in the system to say the least.
In several cases, the backups were kept IN the drive... they were gone.
In others, they removed the backups, put them on top of the server or in a desk draw.... gone as well.
In others, they actually removed the tapes from the site, but often they were taken home by the admin or other staff... in those cases we faired slightly better because both the site and the staffs house would have to be under water. Hurricanes are big however, so we had about a 50% success rate there.
In some cases they had a safe on site. This proved marginally better... the tapes were safe in most cases. In one instance we had a rather brave Admin fly across the country, take a cab out to the site and the literally SWIM to get the tape. But in a lot of cases the tape was OK, but the safe was under water. So we weren't able to retrieve it for days.
The sites where local admins stored the tapes at local banks faired the best. So now that's our policy. Backups get stored off-site, in a vault. Technology is better now so we also do remote backups across the net now as well in case the bank is under water as well. But no matter what, we can always head to the bank vault. Ok, I guess a meteor would ruin our day, but you cant plan for everything.
Re: (Score:3)
There was a large hurricane and we found some flaws in the system to say the least.
That's why you have backups in different geographical areas.
The sites where local admins stored the tapes at local banks faired the best.
Have you considered a service like Iron Mountain? They'll send out a truck to pick up your backups every day, if you like, and store it in a very safe location.
Re: (Score:2)
There was a large hurricane and we found some flaws in the system to say the least.
That's why you have backups in different geographical areas.
The sites where local admins stored the tapes at local banks faired the best.
Have you considered a service like Iron Mountain? They'll send out a truck to pick up your backups every day, if you like, and store it in a very safe location.
Iron Mountain doesn't serve most of the areas involved. We have dozens of VERY rural sites. Like the top of a mountain, or out in the desert, or along the Mexican border kind of rural. One remote on a mountain gets so much snow build up on it we have a local guy contracted to shovel snow off of it weekly so it doesn't overheat. Another is at the bottom of a canyon on an Indian reservation. The tech has to ride once a week on a helicopter to get to it. In the event of an outage he literally takes a mule down
Site gap, not air gap (Score:2)
IMHO:
1) Backups that don't get done automatically often don't get done regularly, so they should be automatically performed via scripts.
2) Offline isn't as important as offsite. Buildings catch fire, get flooded, disappear into sink holes, get hit by falling jet airplanes.
3) Security matters. Paranoia should be the order of the day.
Whoever pulled this off (Score:4, Funny)
would you mind going into ebay.com & deleting my account?
Ebay refuses to close it.
Re: (Score:3)
would you mind going into ebay.com & deleting my account?
Ebay refuses to close it.
Move to Europe and sue them under your new right to be forgotten.
Well that escalated quickly (Score:3)
No offsite backups? (Score:2)
They didn't have offline backups? tapes? I'm not familiar with codespaces service, but how come the backups could be deleted remotely?
Re:No offsite backups? (Score:5, Insightful)
No, because it was all in Amazon. Who needs tape when you have the cloud, right?
So the stuff they had backed up from Amazon to Amazon, was still controlled by the same logins (or the ones the hacker had created).
So when he/she/they started deleting stuff, the backups also got deleted.
Sounds like a brilliant strategy, and an epic demonstration of what can go wrong with the cloud.
If you host your own stuff, you do your own backups. If you backup your cloud data to the cloud using the same stuff as the rest of it ... well, your backups are hardly secure, are they.
So unless Amazon has offsite tape backups (which I highly doubt) ... they're pretty much screwed.
I think this is about the same as backing up your hard drive to itself so you have a spare copy.
Re: (Score:3)
No, because it was all in Amazon. Who needs tape when you have the cloud, right?
A rule of thumb that I've heard was "It's not backed up until on at least 2 different media types, at least 2 different file systems, and stored in at least 2 different physical locations".
Re: (Score:2)
If its worth money:
Hve three copies, on three media types in three locations.
Not so sure about file systems. If you have proprietry backup software, then you will never get the data when you really need it. tar loves you!
Re:No offsite backups? (Score:5, Insightful)
No, it's just an example of what can happen to incompetent people. There's no reason to believe that these people would not have also failed to have offline backup with local servers. There was nothing to prevent them from keeping backups locally or on another cloud.
Blaming cloud computing for this is completely idiotic, and about what I expect on the dumbed down Slashdot these days.
Re: (Score:2)
I don't think you necessarily need to backup to tapes yourself. If you backed up your Amazon stuff to Rackspace, for example, you would be protected both against someone gaining access to your Amazon account, as well as a systemic problem with Amazon. Just so long as there's nothing in your Amazon account that would allow an attacker to access your Rackspace account, that should be a pretty good solution.
No solution is perfect. You're just looking for one that's extremely unlikely to break.
Re: (Score:2)
Re: (Score:2)
You know, I've actually heard people championing cloud stuff saying "we don't need to keep backups, it's in the cloud".
People act like the cloud is full of unicorns and rainbows, and makes all problems go away, and then they do really stupid things like this and realize that isn't the case.
The problem, is that people buy into it, and then when they realize they've made poor decisions, it's too damned late.
It sounds like Codespace more or less created their own mess, but it's their clients who are really get
If your operation is compromised, shut it down (Score:4, Insightful)
The guys behind Code Spaces should be issued a citation for Operating While Pwned. If you know admin access is compromised, shut it down out-of-band.
So what to do about it (Score:2)
The dog ate my homework. (Score:4, Insightful)
I must be a cynic but my first reaction is to think:
1 - Create cloud based system.
2 - Sell subscriptions for hundreds of $.
3 - Announce hacker attack!
4 - Profit.
Not a Great Response (Score:5, Insightful)
If you're a hosted site with important data and your site is compromised, the first & best move is to cut the cord immediately. Contact Amazon (or whomever is hosting the data) and get all access shut down instantly and immediately, thereby ending the attacker's ability to do anything further. This will cause an outage, but at least everything is safe.
Working with Amazon, they can create a new account, give it a strong password, and begin cleaning up the mess with the new account (which the hacker will be unaware of). Now they can, at their own leisure, change passwords, administer accounts, delete crap created by the hacker, etc...Trying to outpace a professional hacker at their own game is a gamble that isn't worth it---especially if no offsite backups exist!!!
Lastly, they should be forwarding all of the email/attacker info to Amazon, Microsoft (Hotmail), and to the authorities. Whether they can be caught or not is up in the air, but odds are almost certain that this attacker has hit other sites and would eventually have different cases correlated to each other.
Safety & security of data is #1, fixing damage caused is #2, and accountability is #3. Securing the site against future attacks is part of #3---there's no reason to put the site up (or leave it up) and risk further attacks, thereby risking data loss or a security breach.
Re: (Score:3)
Contact Amazon (or whomever is hosting the data) and get all access shut down instantly and immediately, thereby ending the attacker's ability to do anything further.
But what if the attacker is the one contacting Amazon to shutdown everything? Do you want your business shut down by random teenagers calling Amazon, telling them to shut everything down?
Re:Not a Great Response (Score:5, Insightful)
Re: (Score:2)
How do you propose Amazon distinguishes between the owners and the hacker impersonating them, once the hacker has obtained their logins and passwords?
The same way literally everyone else on the planet does it, by verifying the billing information.
shut down immediately and lock up (Score:2)
If someone has penetrated your system so that they have root or admin privileges over all your machine, you shut down immediately. In the physical world, you pull the plug. On Amazon, you immediately tell Amazon to lock things down, disable all passwords and administrative control, and then work back up to fixing things.
Re: (Score:2)
But that's so 20th century! I mean, in the 21st century, if you can't do everything yourself without having to deal with another human being, then it's broken! Interacting with other humans
Facking Idiots (Score:5, Interesting)
Re: (Score:3)
nothing to do with being cloud based or not, just proper attention to good systems operations practices was lacking.
even not doing the obvious and blocking all newly created accounts after certain time is just incredibly irresponsible.
Git (Score:5, Interesting)
Re: (Score:3)
Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it ;)
Torvalds, Linus (1996-07-20). Message. linux-kernel mailing list. IU. Retrieved on 2014-04-26.
I guess we should update that quote and replace ftp with git
Re: (Score:2)
wrong order? (Score:2)
Someone else mentioned having offline backups, so I won't belabor that. But once they knew they were compromised, perhaps a smarter thing to do would have been to contact the service provider and take countermeasures (ask for a snapshot of the site as it was, examine and disable accounts, change admin passwords, perhaps contact authorities) before reaching out to the perp. I'm not sure reaching out to the perp was a good idea in any case.
For awhile I hosted a number of websites from a rental space, and I
No offline backups? (Score:2)
Seriously.... no offline backups? Not a real business in that case.
Could Amazon have handled it better? (Score:2)
We have Bunnie. Gather one million dollars... (Score:2)
This is a bummer, man.
Use Git (Score:2)
This must be where IRS stored backups (Score:5, Funny)
Just unplug the server (Score:3)
....oh never mind.
No regular backups? (Score:2)
Nothing copied elsewhere or onto tape? - Guess not. The cloud is SOOOO secure...
Re: (Score:2)
That jail must be very crowded with all the nigerian scammers and fake craigslist landlords who use hotmail to scam people.
Re: (Score:2)
Any self respecting bassmint dweller would not have used their home network to do this.
Basement dwellers don't leave the basement.
Basement dwellers are self-loathing, not self-respecting.
Basement dwellers use their own network to connect to proxies, which just makes it more of a pain in the ass to trace back.
Extreme basement dwellers will use other means of accessing a separate network - a cantenna pointed at a neighbors house, a spliced line, whatever. This just means the cops track down the victim, figure out they're not computer literate, and ask "Any people who could have done this?" and
Re: (Score:2)
The trade-offs can be really good even for a large company. It has to be done right though and many companies don't even do their local IT properly.