Reader doubts SNPS "malware attack" claim of why Synopsys.com died

( ESNUG 518 Item 7 ) -------------------------------------------- [02/01/13]

Subject: Reader doubts SNPS "malware attack" claim of why Synopsys.com died

          ----    ----    ----    ----    ----    ----   ----

 Friday, Jan 4th, 11:18 AM

 Editor's Note: I just clicked on http://www.Synopsys.com and got this:

 

 Don't believe me?  Type in "Synopsys.com" on your browser's address bar or
 click on this http://www.Synopsys.com before Synopsys fixes it and see
 for yourself!  As I said, it's NOT a joke!  Someone pranked Synopsys!

     - John Cooley
       DeepChip.com                              Holliston, MA

[ Follow-up: This was first noticed on 11:18 AM on Friday, Jan 4th.  In the
  23 hours since then, 10:43 AM Saturday, Synopsys has fixed this issue. ]

      - from http://www.deepchip.com/items/0510-02.html

          ----    ----    ----    ----    ----    ----   ----
          ----    ----    ----    ----    ----    ----   ----
          ----    ----    ----    ----    ----    ----   ----

In response, 4 days later on Jan 8th, an anonymous "newsroom" author inside
Synopsys, Inc. publically blogged on Synopsys.com:

   THE BRIGHT SIDE OF AN INTERNET MALWARE ATTACK

   It is often the case that infrastructure teams only really get noticed
   when something goes wrong. Synopsys� Information Security and Web teams
   had the dubious honor of being put in the spotlight last week when the
   company�s website, Synopsys.com, was attacked.  On January 3, 2013,
   Chrome and FireFox users trying to access Synopsys.com started receiving
   warning messages about potential malware being present on the site.

   Synopsys is not alone.  According to security firm McAfee, the frequency
   of malware attacks is now growing at the fastest pace in four years and
   there are now more than 90 million unique strands of malware in
   circulation.  Websites are probed by different bots (computer programs
   that perform automated tasks) hundreds, if not thousands, of times every
   day.  In most cases, existing web security programs, anti-viral software
   and firewalls prevent infection.

   Synopsys was more than prepared for the one bot that made its way into
   the site.  With a formal response plan in place, the teams got to work
   evaluating the extent of the problem and quickly determined that only
   the external Synopsys-maintained webpages had been affected, that no
   data had been lost and that no secure information had been compromised.
   The malware was identified, quickly eradicated and additional security
   updates were implemented.

   Clearly, the system works.  Synopsys.com was affected for only a matter
   of hours.  While no company wants to experience a malware attack, it
   can be a great opportunity for IT and web teams to demonstrate the
   strength of security systems and their ability to quickly resolve a
   crisis.

       - [ An Anonymous Synopsys Newsroom Employee ]

          ----    ----    ----    ----    ----    ----   ----
          ----    ----    ----    ----    ----    ----   ----
          ----    ----    ----    ----    ----    ----   ----

Then 3 days after that, on Jan 11th, a DeepChip reader forwarded to me an
internal discussion his company's IT department had on the Synopsys
explaination of why Synopsys.com got blocked by Google as an attack page:

  From: [ Chip Engineer ]
    To: [ John Cooley ]

        Hi, John,

        Keep us anon.

        The Synopsys explanation for the web problem doesn't pass the
        smell test.  See my IT expert's read on the failure below.


  From: [ Chip Engineer ]
    To: [ IT Guy ]

        Did you see that SNPS blog post?  Do you believe it was a
        malware attack?


  From: [ IT Guy ]
    To: [ Chip Engineer ]

        Not really.

        Again, if a link to an external page is injected into a legit
        page, there is a security hole: that's what happens when hackers
        exploit websites using dynamically created webpages and why our
        webserver does NOT use MSSQL or MYSQL.

        Rogue flash ads or javascripts can pry open visitors computers
        but our firewall is set to block rogue scripts and it is updated
        hourly and so is the antivirus we use on our computers and none
        of them sounded an alarm: so, either there was no malware or it
        was a VERY dangerous malware undetectable from firewalls and
        antiviruses.

        Also they claim that it happened on Jan 3rd and was immediately
        removed, but the flag was still in place on Jan 5th.

        I don't see a mention of what kind of malware was used and I
        don't see any apologies or suggestions to visitors to check
        their computer against a specific kind of malware.

        It is possible that Synopsys got hacked, but also that they had
        a problem on their backend generating inconsistent URLs and
        instead of taking blames for incompetence it was easier to blame
        hackers trying to harm customers.

Although I only partially understood what's being said above, I can tell
at least one non-Synopsys IT guy doubts it was a "malware attack" that the
Synopsys "newsroom" claims brought down Synopsys.com for 3 days.

Nevertheless, I guess only certain Synopsys employees, plus the hackers who
actually did this -- plus the NSA/CIA folks who snoop on us all -- will
know what REALLY happened here; but none of those guys are talking!  :)

    - John Cooley
      DeepChip.com                               Holliston, MA

Join Index Next->Item

"Relax. This is a discussion. Anything said here is just one engineer's opinion. Email in your dissenting letter and it'll be published, too."
This Web Site Is Modified Every 2-3 Days
Copyright 1991-2024 John Cooley. All Rights Reserved.
| Contact John Cooley | Webmaster | Legal | Feedback Form |


   !!!     "It's not a BUG,
  /o o\  /  it's a FEATURE!"
 (  >  )
  \ - / 
  _] [_     (jcooley 1991)