{"id":1229,"date":"2022-03-25T03:23:00","date_gmt":"2022-03-25T03:23:00","guid":{"rendered":"https:\/\/www.adminbyrequest.com\/?p=1229"},"modified":"2026-01-25T07:52:58","modified_gmt":"2026-01-25T07:52:58","slug":"dear-hacker-better-luck-next-time","status":"publish","type":"post","link":"https:\/\/www.adminbyrequest.com\/en\/blogs\/dear-hacker-better-luck-next-time","title":{"rendered":"Dear Hacker, Better Luck Next Time"},"content":{"rendered":"\n

Hackers are bloody good at what they do. Every other week there\u2019s a new headline: \u201cGlobal Affairs Canada Hit by Cyberattack<\/a>\u201d, \u201cCyberattack brings down Vodafone Portugal mobile<\/a>\u201d, \u201cTech giant Nvidia has been completely compromised<\/a>\u201d.<\/p>\n\n\n\n

These headlines are designed to grab our attention. Granted, the three above are fairly tame, all things considered, but others certainly sensationalize the story, taking whatever angle is going to get the most clicks and plasters that – front and center, 36pt – where it can\u2019t be missed. And the more terrible \/ shocking \/ horrifying the title is, the more attention it gets. Humans absolutely LOVE some drama, a \u2018bit of juice\u2019 to follow. It\u2019s in our nature to tune in with a carton of popcorn when something goes wrong, and watch it all unfold.<\/p>\n\n\n\n

Often the actual story is no way near as spectacular, dire, foreboding, world-ending as the headline leads us to believe, and the whole things blows over and is forgotten about in a matter of weeks or months.<\/p>\n\n\n\n

But what does eveyone do when they hear even an inkling<\/em> of a new cyber attack? They write the next sensational headline: \u201cHundreds of companies potentially hit by Okta hack<\/a>\u201d. Okay – I’m intrigued.<\/p>\n\n\n\n

Okta Attack: Whodunit<\/h2>\n\n\n\n

The same hackers responsible for several of the titles listed above are also to blame for the latest big headline putting Okta in the hot seat.<\/p>\n\n\n\n

Lapsus$ hacking group (or, allegedly, a bunch of teenagers led by another teenager living at his Mom\u2019s house in London<\/a>) put the Identity Access Management (IAM) company \u2013 and their customers \u2013 on high-alert when they posted screenshots that then circulated Twitter<\/a> early this week (March 22nd).<\/p>\n\n\n\n

They claimed to have gained \u2018Superuser\/Admin\u2019 access to Okta.com, called the company out for having poor security measures in place, and stated that (before the account got suspended) they did not steal any databases from Okta; that their focus was on Okta customers only. They also emphasized, \u201cfor the 100th time\u201d (quote, unquote) that they had been in there since January (two whole months) before being detected and having their access revoked.<\/p>\n\n\n\n

To cut a long story short: Lapsus$ used RDP (WHEN will people learn?!<\/a>) to gain access to the computer of a Customer Support tech in Costa Rica, who was employed by outsourcing firm, Skyes, which was owned by call-center giant, Sitel, which was contracted as a sub-processor by Okta.<\/p>\n\n\n\n

In order to do their jobs, Customer Support personnel need access to customer data, which is why they are popular targets for hackers. Hackers can use them as a sneaky way in to the bigger players, which is exactly what was attempted in this attack.<\/p>\n\n\n\n

A Series of Unfortunate Events<\/h2>\n\n\n\n

After a few days of confusion, outrage, and carefully-worded statements over dates and potential impact, the Okta CSO (David Bradbury) cleared the air once and for all with a timeline of when and how it all went down<\/a>:<\/p>\n\n\n\n