Jim Thompson
Jim Thompson
By Jim Thompson
HCP columnist


A “truth is stranger than fiction story” and a bit of a public service announcement. On the Sunday of Labor Day weekend, I received a note from one of our employees remarking that one of our websites was behaving strangely.

When you typed in the URL to go to the site, sometimes it would behave normally and go to the site, other times it did not and went to other sites that did such things as ask for you to sign in to a non-descript page.

We did all the normal tests. We looked up the site on our URL provider to see if someone had broken into our account there and redirected the site elsewhere. We found nothing wrong. We tried different browsers (Google, Internet Explorer and so forth) and the problem was persistent across all of these.

Being a long weekend, we knew our platform provider, the company that provides the site on which our material resides, would be closed (it is a small company in Tennessee).

On Tuesday morning, the first opportunity after the long weekend, we called our platform provider. We told him we strongly suspected his platform as being the site that was hacked. They went back to a backup that was several days old to see if they could find a place where this started. No luck. They went back further. Same problem.

Then, they started looking around and found that some of the ads we have for our clients had been modified and set up to start on their own at various times in the future. These corrupted ads were the source of the malfeasance. This means that someone broke into our password on the platform.

How did they do this? Who was it?

Well, in the administrative side of the platform, one can see who has tried to log in and how many times they tried. It turns out there were two internet service providers who had tried over 1,200 times each to log into our site. Obviously, one or the other – or perhaps both – had succeeded.

You cannot find out exactly who these internet service providers are, but you can narrow down their location. One of these two was from Russia and the other was from Ukraine.

We had been hacked by the Russians!

In fact, as I was writing this column, I looked through this list. The top one on the list of failed log-ins right now is from the Petersburg Internet Network Ltd. In Saint Petersburg, Russia.

The second one on the list is Kyivstar PJSC in the Ukraine. This one last tried three hours before I sat down to write this article.

The third one on the list, which tried to enter one hour before I wrote this article, is from China Unicom Beijing Province Network, owned by the Huawei Public Cloud Service.

The moral of this story is simply this. If you hear stories of foreign entities trying to hack into the electrical providers, other utilities or the government, believe them. These are not stories far away in space or time.

If they are coming after our little company, you can rest assured they are going after – and succeeding in penetrating – much larger targets.

Banks, utilities, government functions – nothing is safe. This is a lot cleaner way to cause mischief, serious mischief, than engaging in a shooting war, either as a country or as a simple robber.

I have been a bit skeptical of this type of activity. Now that I have seen it in my own business, I am skeptical no longer. If you happen to operate anything with a password, strengthen your passwords now.

As I write this, it is September 11th. Seventeen years ago today, our enemies used airplanes to disrupt our lives here in the United States. They don’t need to be so crude and obvious in their attacks today – just come in through the internet – plenty of damage and mayhem can be done via this route.

Jim Thompson, formerly of Marshall, is a graduate of Hillsboro High School and the University of Cincinnati. He resides in Duluth, Ga. and is a columnist for The Highland County Press.