Internet search tool company RealNames has become the latest site to be cracked by Internet vandals -- only this time tens of thousands of customer credit cards and passwords may have been stolen.
RealNames CEO Keith Teare said the San Carlos, California company discovered the intruder late Wednesday afternoon, when user searches for company names were suddenly all routed to www.188.net, a site written entirely in Chinese and believed to be associated with the Chinese government.
"I think it's probably just random," he said. "It was just a wakeup call saying 'Hey, I'm here.'"
Teare said a security audit showed someone had gained access to the front-end of the company's system, and admitted the intruder –- who is believed to be working from China -- had been there for at least several days prior.
Credit card companies have been notified of the security breach, and so far, no one has reported any fraud associated with the RealNames break-in.
The company has since updated its security, and says it is confident a similar incident will not happen in the future. And despite what Teare calls a "state of the art" security system that was in place before the break-in, he admits there may have been some weak links.
"I think it would be dishonest to say no, there's nothing we could have done. You can always do more," he said. "We're pretty water-tight from an industry standard, but you can never be diligent enough."
RealNames sent a letter out early Friday to customers informing them of the break-in.
The email linked the attack on its company to the spate of denial of service attacks that have struck major Internet companies like Yahoo and Amazon.
"You may have heard, through recent and widespread media coverage, that several Internet companies have been plagued by the irresponsible and malicious activities of so-called 'hackers,'" the email read. "RealNames, unfortunately, has also fallen victim to this."
But asked on Friday whether he thought a connection existed, Teare said no.
"I don't want to speculate, but probably not," he said.
Computer security expert Elias Levy agrees.
"I would say they seem to be unrelated," he said. "But it does bring home the point that during the last two months there's been a barrage of security breaks, from CD Universe to the denial of service attacks."
"Now that Y2K is over, people need to shift their strategy," he said. "There needs to be more investment on security technology, and non-technological means to mitigate the risk."
