Printer-friendly version Reader Comments

DIETER BRADBURY Online Reporter January 22, 2008

The Web site for a Freeport shoe manufacturer that sells its products online was attacked by a hacker over the weekend, but a company spokesman said no customer data was stolen.

The home page of the Eastland Shoe Co. was disabled for an unknown period of time, and online visitors were redirected to a page that announced the site had been hacked.

“As we sit here today as we look at it, based upon what we know there’s no reason to think that security measures have been breached,” said Tony Perkins, an attorney at Bernstein Shur.

Perkins said the company was working with its Web hosting partner and information technology staff to investigate the incident and take steps to protect the site.

The Web breach was discovered on Saturday by a customer in Jacksonville, Fla., who purchased merchandise online. The customer, Charmaine Irons, said in an e-mail that she tried to return to the Eastland Web site after placing her order but was redirected to a page announcing the site had been hacked.

Irons called the company on its toll-free customer service line and left a message.

Perkins said it’s not clear how long the home page was disabled, however, the site was fully functional on Monday and the company had found no evidence that other transactions were affected.

Irons said she received an e-mail from Eastland on Monday reassuring her that her personal data was safe, but she said the incident was frightening.

“It was very scary to me,” she said in an e-mail. A computer networking consultant in Portland who is familiar with Internet security issues said most business Web sites have home pages that are protected by passwords.

But a determined hacker can use a program similar to a dictionary that searches passwords until it finds the right combination of letters and numbers to unlock access to a site, said Kevin Fournier, owner and chief technologist at Infinite Technologies.

Another security expert, Mark Stone of Reliable Networks, said business sites often are exploited because network administrators have failed to update the security patches on their Web servers. Stone said the customer-ordering sections of a site generally are better protected against hacking because credit card companies insist on higher levels of security.

He said businesses must be vigilant because hacking has evolved into a sophisticated enterprise, with money as the goal, and attempts to exploit weaknesses are becoming more common. “We see evidence in our firewall logs of two to six very, very professional hacking attempts per day,” he said.

Perkins, the spokesman for Eastland, said this is the first time the company has experienced an attempted hack and is working with a technology advisor to protect its systems.

Dieter Bradbury is the online reporter for pressherald.com, where this report initially appeared. Bradbury’s beat is designed to engage directly with readers and glean story ideas from your suggestions, Web postings and feedback. If you have comments, please post them at pressherald.com or send Bradbury an e-mail at: dbradbury@pressherald.com