How ConveyThis Has Been Hacked

Startups don’t care about web security until something odd happens. So, we thought. Who would want to hack a small firm that doesn’t even make $1000 MRR? Well, someone did!

When we got back to office on Friday, we’ve noticed that our office router started to malfunction. The first version was the hardware problem. It was an old router anyway!

However, after the reboot, and couple of minutes of stable Internet connection, the network went down again. Now, I’ve become curious and logged into the router to check what’s going on there.

It seems that the router received lots of incoming connections and wasn’t able to process them. Sounds like a DDOS attack. Hmm.. We’ve become curious! The search for the source had begun!

Since we’ve recently moved both offices together, the first suspect was the new number of computers and misconfigured phones that might still be accessing VPN and searching for the non-existent sources. So, we’ve disconnected all the devices and played Sherlock Holmes to try to identify the internal source of DDOS. However, it wasn’t internal…

It turned out that someone had rented Amazon Cloud servers and began the attack on our computers from there. Originally, it was 5 servers on Friday. Then on Monday it went down to 1. We’ve recorded the name and IP address of that machine and list it here:

Name:    ec2-3-113-7-114.ap-northeast-1.compute.amazonaws.com
Address:  3.113.7.114

Since it is a criminal case, we’ve been working with AWS customer service team to find out more about who had initiated it and will file criminal charges with the US authorities.

Remember, cybercrime is still a crime. It won’t go unnoticed and all the suspects will be punished by US law.