[... phone ringing ...] Hello, this is Dale's professional voicemail,
please leave your message after the beep [.. beeeeeeeep ...] Hi Dale,
Gordon speaking... CIRCL called me this morning. It seems that some of
our servers have been hacked. They suspect that we were not the target
of the attacker. We were apparently only a vector used to reach the
personal computer of a consultant we had in the office at the time the
attack took place. They told me to have a look at our internal systems,
we might not be alone on these machines.
Chester and Phillip, the guys from MeteorProof Consulting were at the
office yesterday. Here is a trace of some traffic sniffed on our
Internet gateway. Chester was complaining about HTTPS that was not
working for some websites. I still don't know why... Maybe you could
have a look at the PCAP, you might find something interesting. I will
inform our external contractors as soon as we have some relevant
information about the problem. I'm not sorry, we had it coming.
According to CIRCL, the systems used to mount to attack are still
online and accessible to anyone. A take down notice has been
transmitted to the hosting company. It will take some time to
remove this aberration from the Internet...
[phone hangup]
Thanks to Miguel Scaillet and William Robinet from Conostix for this challenge.