Tuesday, November 13, 2018
Business

Websites vanish, tipping St. Petersburg business to crime from the inside

ST. PETERSBURG — David Scott decided he had to cut ties with one of his contract workers.

A Web developer, the man was proving unreliable, said Scott, owner of the small St. Petersburg-based Web design and marketing company Cosmic Digital Design. Scott delivered the news in March.

Within hours, sites that Cosmic Digital had designed for client companies began disappearing from the Web. Somebody had logged into the servers remotely and deleted files. It cost Cosmic about $277,000 in lost product.

Scott feared he might be the victim of an inside hit — a modern scourge that’s real and growing for businesses large and small as they come to rely more heavily on information technology.

"It was a pretty devastating attack," Scott said. "We weren’t prepared for something like this."

• • •

Before the attack, security was low on Scott’s priority list. Visual art and design have always been his passion.

He worked as an illustrator after graduating from Southern Methodist University in Dallas, then went to Bermuda for a few years to work at a friend’s graphic design firm. He settled in the Tampa Bay area and opened Cosmic Digital Design in 2007, with an eye on getting a slice of the investments companies were making in their websites.

By 2017, more than half of Cosmic Digital’s business was Web-based design, Scott said. So he hired contract Web developers to do what he couldn’t. One of them was Ivan Marik, who came aboard in late 2015.

"Essentially he was in charge of making sure all the websites functioned the way they’re supposed to," Scott said.

Scott was the artist, while Marik was supposed to turn his visuals into a working website.

Marik was loyal and dedicated, always in the office to address problems as they arose and answer any questions.

"He did a pretty good job," Scott said. "I was pretty happy with him."

• • •

Things went downhill at the beginning of 2017, Scott said.

Marik wasn’t coming in regularly any longer. He’d say he was sick or had family issues, but Scott didn’t feel it was his place to pry. What mattered to him, he said, was that Marik was missing deadlines.

Things came to a head when Marik was building a website for one of Cosmic Digital’s larger client companies. The client wasn’t happy with the work, Scott said. He told Marik they needed to go in a different direction but Marik resisted, so Scott took him off the project, he said.

The work had represented the bulk of Marik’s responsibilities. Afterward, Scott said, he couldn’t afford to keep Marik around.

"I had to make a decision and let him go."

Scott declined to describe their March 16 conversation.

"What I will say is the news didn’t go over very well with him," he said.

• • •

That was 2 p.m.

Around 5 p.m., Scott was on the phone with one of his clients and he tried to pull up the client’s website. But all that would load was a blank screen. So he checked another site, and found the same thing. And another, and another.

"Then panic set in," Scott said, "and I realized at that point in time what had happened."

In all, 13 of the company’s sites had been deleted. Scott had backups for about half, but the ones that couldn’t immediately be recovered included three of his biggest clients.

Scott checked his server logs first thing the next morning and identified the unique IP address he believed was responsible for the hack. He contacted St. Petersburg police who, due to the technical nature of the investigation, referred it to the Florida Department of Law Enforcement.

FDLE investigators linked the IP address to Marik, and they arrested him Nov. 1.

Marik, contacted by the Tampa Bay Times after he posted bail, denied that he accessed Cosmic Digital’s servers and deleted files.

"I don’t know what you’re talking about," Marik said by phone. "I have nothing to say about that. This is an ongoing case and I’m not going to discuss any of that crap."

Scott stands by his story.

"I have his digital footprint," Scott said. "I have his IP address showing he accessed the website servers at that particular time. And the server logs do show that that IP address deleted files."

• • •

Afterward, Scott was able to rebuild the sites he had lost.

"We’ve basically recovered from it, but it did cost us some relationships," he said.

The episode highlights an all-too-common problem. On average, successful insider attacks cost companies about $445,000, according to a 2015 study referenced by a Carnegie Mellon University report. With an average of 3.8 insider attacks per year, the cost to a company can reach $1.7 million, the report said.

Even Twitter, valued at more than $15 billion, fell victim to an insider attack this month when a contractor who was leaving the company disabled President Donald Trump’s account.

Since the attack on Scott’s company, he installed firewalls on all his websites. And he won’t work with developers who require certain administrative privileges on his servers.

Security strategies vary by industry and company, but there are easy ways businesses can defend themselves from those on the inside. One is establishing a protocol to share network access with new employees and revoke it from departing employees, said FDLE Special Agent Corey Monaghan, who specializes in crimes that involve network intrusion and investigated Cosmic Digital’s case.

Another is to ensure all employees have their own logon credentials and to encourage strong passwords, so internal leaks or breaches can be traced to one person, Monaghan said.

And because many people who commit insider attacks are unhappy on the job, Monaghan said, information technology departments at larger companies should work closely with human resources to identify disgruntled employees and, if necessary, pay extra attention to their network activity.

Scott called his experience "a cautionary tale." Cosmic Digital wasn’t ready for an insider attack.

"It is now," he said. "If you’re going to dabble in website design, you’ve got to pay attention to security."

Contact Josh Solomon at [email protected] or (813) 909-4613. Follow @ByJoshSolomon.

 
Comments
Joggers, cyclists now wait to see where future of Upper Tampa Bay Trail leads

Joggers, cyclists now wait to see where future of Upper Tampa Bay Trail leads

Hillsborough commissioners are not recommending a realignment of the Upper Tampa Bay Trail to make room for a 300-unit apartment block. But whether trail users can claim victory is unsure.
Updated: 7 hours ago
Dear Amazon, from Tampa Bay: Why don't you love us?

Dear Amazon, from Tampa Bay: Why don't you love us?

Seattle-based Amazon decided to open a second headquarters, splitting it between New York City and the Washington, D.C., area. Tampa Bay never had a chance.
Updated: 9 hours ago
Allegiant Air opening nine new routes from Sarasota, Bradenton

Allegiant Air opening nine new routes from Sarasota, Bradenton

Allegiant Air is opening nine new nonstop routes from the Sarasota area to destinations such as Baltimore.
Updated: 10 hours ago
Port Tampa Bay raises CEO Paul Anderson's salary 4.5 percent to $436,720

Port Tampa Bay raises CEO Paul Anderson's salary 4.5 percent to $436,720

Tuesday's vote to give Port Tampa Bay CEO Paul Anderson a 4.5 percent raise was unanimous. The vote to extend his contract two years? Not so much.
Updated: 11 hours ago
Study: Tampa is a Top 10 area for retirees who like to travel

Study: Tampa is a Top 10 area for retirees who like to travel

Tampa's combination of low taxes and cheap domestic flights make it an attractive choice for retirees.
Published: 11/13/18
Innovative Red Tide bad air forecast tool working well, but info can be hard to find

Innovative Red Tide bad air forecast tool working well, but info can be hard to find

An experimental tool to provide forecasts for which beaches have bad air because of Red Tide seems to be working, but users are having trouble finding its important information.
Published: 11/13/18
Do you live in an equity rich area of Tampa Bay? A lot of homeowners do

Do you live in an equity rich area of Tampa Bay? A lot of homeowners do

Of the 96 Tampa Bay ZIP Code areas surveyed, more than half have a higher percentage of equity rich properties than the national average.
Published: 11/13/18
Jeff Vinik’s Embarc Collective, a hothouse for tech innovation, seeks startups

Jeff Vinik’s Embarc Collective, a hothouse for tech innovation, seeks startups

Embarc Collective, the planned innovation hub backed by Tampa Bay Lightning owner and entrepreneur Jeff Vinik, has a different model than you might expect from a startup accelerator or incubator.
Published: 11/13/18
Amazon to split new headquarters between Virginia, New York

Amazon to split new headquarters between Virginia, New York

Amazon will open major new outposts in northern Virginia's Crystal City and in New York City, splitting its much-sought investment of up to 50,000 jobs between the two East Coast sites.
Published: 11/13/18
First-time millennial homebuyers willing to wait for Florida's market to cool

First-time millennial homebuyers willing to wait for Florida's market to cool

Millennials want to buy homes, but they are cautious, waiting to see if prices might fall.
Published: 11/13/18