I'd like to take a mo and thank Glen for being so open with the details of this recent event. I would suspect that this happens a whole lot more than any of us hear about and it's good to get cases out in the open. I loose count of the number of clients I talk to about security who come back and say "Oh that stuff never happens, it's all in the movies". It would be good if more people were aware of what the real danger/risk was. So thanks Glen! Well done!. Dean Glen Eustace wrote:
The plot thickens, as they say.
There is no evidence of multiple attempts to get in via ftp. The userid was not something that would be easily guessed, can't comment on the password as I don't know what it was.
The user and password would appear to have been obtained and used.
From communications with the account holder, it would appear, though unconfirmed at this stage, that someone who had legitimate access to the site, *MAY* have done something they would prefer not to admit to.
I am guessing a case of social engineering or similar. So in this case, the protocol used may be irrelevant.