• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

Has ELeads been hit with a cyber attack?

Jump to latest Follow Reply
#11
Carsten said:
Something is off here.

They shut down?
OR
Was it that they got turned off?

Most attacks are like flooding a service with too many calls. You cause the server software to stress the hardware so hard that it can't think anymore.

Why aren't they on CloudFlare or CloudFront? These services would help mitigate a mass bot calling.
They would still be up and running.

Is it an old framework issue? Most likely not. All of the places where you can type in information has most likely (hopefully) has been hardened at the UI level and at the back end code level. This means you can't run database commands to dump data or enter some weird characters that will cause issues in your software and then get information directly or a hint to what you can attack next.

IAM Authentication is normally associated with Amazon AWS services.

If this was a developer issue, code can be rolled back if the team is paying attention.
eleadcrm .com doesn't load for me so the domain is turned off. It's like taking your phone number out of telecom system rather than being sent to voicemail.

Or was this a social engineered AWS access issue which would mean, shut the damn thing down now issue.
Click to expand...
To answer some of your questions I have actually delve into some of the code base of what I could find for one the CDK system is designed around a.net framework to be more specific it was version before 1.4 the.net framework they’re using is from 2003 and the PDF reader is from 2008. It is actually so old you can’t download it from Adobe anymore. You have to usually go through a third-party site.

The way to intercept the packages from CDK is so easy that I was able to go ahead and manipulate it so that way you can run out of Mac via parallels and disabled the OS check.

The in infrastructure from CBK for the most part dealer level, not even gigabyte. The reason they had a breach is because they refuse to go ahead and invest any amount of money into their platform.

If any malicious attacker learned any basic vulnerabilities from .net or msdos that’s basically a wrap on the entire system. You have to also keep in mind that there is also translation layer because there seems to be an MSDos emulator built into CDK.

And in order to be able to dump all the data from CDK there is a backend code 100% there is a command because us as a dealer we need an authorization code to be able to do that but we can do it ourselves from the website and from CDK. Meaning we don’t CDK to do a command in the backend because that functionality is already in the front end. We just need the code that was provided when we were set up the system.

And because all the data is stored on their servers, that means that every single dealer that uses CDK, which is a majority in America and in Canada may have had their customer data leaked. If you ever look at CDK‘s offerings, everything is a patch job 180 is not even part of the same software sweep that got bought out from another dealer that had built it. E leads same thing so everything is very much a hack job when it comes to that company. Their software will crash if you look at it the wrong way and the reason it runs all with commands and it almost looks like a terminal cause it basically is the gui is basically just to format a bunch of terminal commands.

Also, they have publicly announced what the issue is. They just basically shut down everything for safety while they’re analyzing it. CDK is back up as of afternoon today, but 180 is still not up.
 
  • Like
Reactions: Carsten
#13
Ryan Everson said:
They jumped the gun, they experienced an "additional" cyber incident yesterday evening. Will be down again today at a minimum. Likely longer.
Click to expand...

A Local Ford Dealership sent its staff the following email:

"Further to the ongoing CDK issues they have advised that an additional Cyber incident has occurred. All CDK system access is unavallable and will be offline across the group for the remainder of the day (June 20), affecting all CDK customers.


Core Systems Impacted:
  • CDKDrive
  • CDK ServicelFord Smartt
  • One-Eighty

We will continue to provide updates as we get more information."
 
#15
john.quinn said:
Is ELeads down? OR perhaps the single sign-on bridge/authentication system was pulled offline?
Click to expand...
I think they took everything down so they can address and check whatever they need to check on the server and because they need to be able to see how you were able to get in and they also need to see what data could’ve been leaked. This hackers got access to the servers having them up, would mean that they would still have a link so they could still communicate and steal more data. This is just an opinion though. I haven’t checked their DNS settings or anything, but the site is completely down. Same with 180.
 
  • Like
Reactions: john.quinn
#19
@Fullsend Ok, now that is old code.

Data stored on their servers is a fact of life. Host it yourself! Sure, where? In your basement?
I think the point here is that hoteling/Tenancy (meaning your data is stored in the same database protected by your ID.
Is this bad? Yes, and No. Depends if I can reverse your data and Identify who you and your customers are.
Most subscriptions on the internet work on this principal though.
Safe choice? Have a separate data base for your data. It is not really that difficult to code but it is a little more expensive for the service to offer this.

What about storing on site in our basement.
If you think shrinkage is a problem. What until you try this!
it will be password protected! lol

Plus, we are now entering PCI / PII compliance. I don't think you'll pass.

Fullsend made a good point. Maybe the servers got turned off because data was still being sent back home.
If the code is so old, maybe the IIS servers are the same?


Remember folks! You can't patch a tire if the nail is too far into the sidewall. But your dealership is running on a code base that is potentially 2 decades old and if CDK doesn't have plans to rewrite their old code base (if Fullsend is correct) you will experience what WordPress deals with weekly. You will be a target of 3Leet script kiddies.



Personally, I hope CDK isn't using such an old framework and CDK understands that tech debt is something that is addressed in a timely manner.
 
#20
I wonder how other CRM providers will react now. If CDK Global takes several days to recover and their press release about the attack and measures taken isn't reassuring, they could lose a lot of business. This incident highlights the vulnerability of even the largest providers and may push others to strengthen their security. It'll be interesting to see how this affects the industry.
 
  • Like
Reactions: Carsten and Fullsend
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply
Menu