RootsTech 2014

Some people eat, sleep and chew gum, I do genealogy and write...

Wednesday, June 18, 2014

Ancestry.com Hacked

All of us at the Mesa FamilySearch Library suffered through Ancestry.com being off line most of 17 June 2014 and continued to suffer on the 18th. The access to the program, including companion site of Findagrave.com were hacked by an outside entity. News reports, such as the one from KSL, the local Salt Lake City, Utah radio and TV station, reported that Ancestry.com and FindAGrave.com, also owned by Ancestry.com, were the subject of a DDoS attack (Denial of Service attack). Ancestry.com spokesman Scott Sorensen was quoted  by Yahoo News as saying:
No consumer data or information was compromised during the attack, Scott Sorensen, the company’s chief technology officer, said in a separate statement. The company’s staff are working to prevent future hacking incidents, he added.
 This attack comes shortly after Ancestry.com's announcement that it was discontinuing five of its owned websites. See Comments on old news -- Ancestry.com Focuses on Core Offerings.

2 comments:

  1. I'm not keen on the use of the word "hacked". Wikipedia uses "hacked" in the context of IT to mean breaking into a system. If the system was hacked in that sense, then your data is at risk. (Not necessarily compromised, just at some risk of being compromised).

    However, the official announcement from Ancestry (when I last saw it) described it as a Distributed Denial of Service attack - which is quite different as it involves thousands (more?) of attackers trying to connect to the web-site in a perfectly "normal" manner but in such volumes as to swamp the target.

    Hacking is like one person breaking and entering into your house while you're out. DDoS is like you coming home and finding you can't reach your own front door because the population of New York is between your and the door - each person is just politely coming up to the door, ringing the bell and walking away. OK - let's not push that analogy too far, but ....

    The need to differentiate comes from reassuring people whether their data was at risk or not. Interestingly, commercial companies are now being held to ransom - pay us or we'll launch a DDoS. And the attackers are often "botnets" - ordinary PCs that have been infected with malware and are sending the messages on command of a remote server with their users oblivious to what's going on.

    ReplyDelete
    Replies
    1. I certainly agree and I fully understand the difference. Unfortunately the words used by the popular media are not term of art. The word "hacked" and all the derived terms have go through a 180 degree redefinition since they were originally coined. However, for the user, even if the data is somehow unaffected, access may be limited. As of the date of this reply, Ancestry.com is still not fully functional.

      Delete