A few weeks ago, someone got access to our customer data, and posted a video on YouTube claiming to be hackers and published defamatory content about us online - with details of our customers. The attack has since spread to 8 videos on YouTube, FB, Vimeo and DailyMotion - along with several comments online. We've had a hard time finding the person, and our lawyers are asking for a large sum in order to obtain a UK court order for these sites to disclose the person. I'm not sure that would work as they've used anonymous names and email addresses. We've also had limited success with those sites. They are agreeing to block the content in the UK only, but not globally. What should we do in such a situation? I fear for the longevity of our business.
In a word: Forensics.
Computer forensics is the art of examining a system and determining what happened upon it previously. The examination of file and memory artifacts, especially file timelines, can paint a very clear picture of what the attacker did, when they did it, and what they took.
Just as an example - given a memory dump of a Windows system, it is possible to extract not only the command lines typed by an attacker, but also the output that they saw as a result of running those commands. Pretty useful in determining impact, eh?
Depending on the freshness of the compromise, it's possible to tell quite a lot about what happened.
Answered 7 years ago
I would recommend reaching out to law enforcement within the country which is hosting the content and the company hosting the content. In the US Side of things, I would contact google youtube and Vimeo hosts have your attorneys draft a letter with cease and desist on the videos as they are tied to hackers. FBI investigated Cyber crimes within the US as it is illegal to hack a system and against policy to propagate criminal actions.
DISCLAIMER: I am not a lawyer I am just telling you some actions I have taken with regard to hackers.
Answered 6 years ago