Toyota’s computer still down after June attack, may never fully recover

Techroom---Picture-courtesy-isfnet

Unknown hackers have robbed Toyota of its history. Go on Toyota’s main news website, and you will only find news from April 2013 to now. More than ten years of news before April are gone. Various other parts of the server are dark, and provide an error message. One of the world’s largest global companies received a direct hit into its main communication nexus. So far, the company has not been able to recover, and it may never be able to repair all of the damage.

In June, Toyota executives revealed to the author that the company’s main corporate website in Japan was hacked. According to a Toyota spokesman in Tokyo, Toyota’s main corporate website at www.toyota.co.jp was penetrated by unknown attackers. The hack led users to a fraudulent website, which then attempted to distribute malware. After the hack was detected, the site was taken down. Until today, the attackers are unknown.

So far, this incident reads like an attack that is very common these days. What is unusual is the damage caused by the fallout. Turned off in June, many parts of the system that distributes Toyota’s information to the media are still down. Try download a picture of last year’s Prius, and you will be greeted by a message that “images from before June 14, 2013 are unavailable.” Analysts who want to check on historical sales data get an error message instead. Toyota’s main RSS news feed is down completely.

The company does not want to bring its server, or backups of that server, back on-line for worries that an infection may lurk somewhere in the dark reaches of more than a decade worth of data. Employees at Toyota’s Tokyo HQ are faced with the arduous task of manually re-entering data from since the turn of the century. This will keep the system down for quite some time, and it most likely will never be the same.

Intentionally or not, the attackers hit the company in one of its most sensitive spots: The ability to communicate. Months after the attack, that capability is still severely degraded.

Other companies should study this incident and take all measures to protect themselves. IT departments will swear that systems are better protected than the nuclear arsenal. However, hackers do not have to gain entry to the server anymore to bring it down. The recent high profile hacks of Twitter, Huffington Post , NY Times and others were so-called DNS hacks.

Enter “nytimes.com” in your browser, and instead of taking you to a server of the Times at the IP number 170.149.168.130, your browser ends up pulling data from a computer under the hackers control. If they know what they are doing, this hack can go undetected for quite some time. At the same time, passwords can be harvested, which then can be used to gain access to the main system. If the bogus website distributes a virus, it’s usually not the spreading virus that causes major damage, but the spreading of the news that it carried a virus.

If you are a small to medium company that cannot afford its own data center, hackers could turn your provider into your worst enemy. For a spirited Distributed Denial of Service, or DDoS attack, your system does not need to be penetrated. However,  providers usually take the victim’s machine off-line, and they often cancel the contract. It’s like catching SARS in China: Your will be taken to a camp to die.