Hannibal Grows Impatient
After releasing the data on the public mailing list, Hannibal sent a follow-up message, this one considerably less polite:
From: Security Consultants R Us
To: Web Admin
Subject: Pay Us or You're in Real Trouble
If you do not hire us as security consultants immediately, major amounts of your customer data (tens of thousands of records) will be publicly released.
To accept our offer, transfer $25,000 into our offshore account #ZZZZZZZ, or else!
At this point, the Web administrator realized that he was in over his head. He forwarded the message to the Chief Financial Officer of Clarice Commerce. She, in turn, contacted law enforcement to begin an investigation.
Mistake #9: The hesitation on the part of the Clarice Commerce Web administrator delayed contacting law enforcement. When evidence of a crime is discovered, your incident response team should consult with legal counsel and contact law enforcement early in the process. Your legal team and law enforcement can provide excellent advice on how to minimize the damage and maximize your ability to achieve justice.
As it turned out, a large law-enforcement agency in the United States was already onto Hannibal's trail. In addition to Clarice Commerce, Hannibal had tried to bilk millions of dollars out of other sites hit by his worm. By coordinating information from the Clarice Commerce system with other victims, law enforcement officials were able to track down Hannibal before he released any more information from Clarice Commerce. After a detailed and protracted international investigation, law-enforcement officials were able to build a case and bring Hannibal to justice. While Clarice Commerce did avoid having all of its customer records exposed publicly, the small number of records released by Hannibal did damage the company's reputation. Clarice Commerce also spent hundreds of thousands of dollars rebuilding and securing its systems after the attack. After getting this wake-up call, the CFO of Clarice Commerce established a security team to learn from these mistakes and implement corrective controls to avoid similar events in the future.