Good luck searching for a nail on the website of Castorama, the French do-it-yourself retailer: as of Wednesday, the top search result concerned Christ’s cross and watching the burning of Satan’s ungodly glory. Or something like that.
Visiblement #hacking elasticsearch @castorama_fr contactez @httpcs #castorama pic.twitter.com/ybzGcz6l5p
— Mohammed BOUMEDIANE (@BOUMEDIANE) June 8, 2016
Castorama’s search site is now down. Its search engine was poisoned starting in or around Wednesday, returning search results that were sometimes vulgar, in a tee-hee-hee adolescent way, and sometimes revolting, as in anti-Semitic.
According to the French news outlet BFM, besides the Satanic nail reference, the results included “screwdriver blonde”, “hammer to kill a jerk,” and “b*llock hammer.”
On the vicious side, searching for showers or ovens was returning anti-Semitic messages.
DIYers have posted screenshots of the search results on Twitter. Here’s one featuring rude suggestions for a search on “chaise”:
Big up au hashtag #castorama pic.twitter.com/PgRyhwJEdz
— Clëmence Touveron (@clmilicious) June 8, 2016
The company was initially a bit jaunty about the whole thing: when somebody tweeted a screen capture of search results on “shower” that referenced Jews, it tweeted back this reply:
Hey @WillStahl ! On s’ennuyait un peu.
— Castorama (@castorama_fr) June 8, 2016
…which translates into something about somebody being a “little bored.”
The company then tweeted that its website’s search engine had been attacked. It wound up apologizing to those who’d been exposed to the malicious and/or childish returns the hacked search engine was dishing out.
A Castorama spokesperson told The Register that the issue isn’t hacking; rather, it was a matter of “manipulation.”
What does that mean? Possibly that it was an internal job, perhaps done by an employee who abused their access to the system.
As of Friday, the company’s site was telling visitors that the page they were looking for was unavailable: “Merci” for your understanding.
I asked Castorama what was up and whether they’d figured out if it was an inside job or an attack from an outsider, but they simply replied that they were still working on it.
If the company does trace the vandalism back to an insider, it won’t be terribly surprising: at least in the US, the FBI has reported that employees with an axe to grind are increasingly sticking it to current or former employers.
They’re inflicting damage with e-tools such as cloud storage sites or remote access to a company’s computer network, or they’re using personal emails to steal proprietary information.
They’re also using their network access to destroy data, obtain customer information, purchase unauthorized goods and services using customer accounts, or gain a competitive edge at a new company.
Sometimes, fired employees have even gone so far as to install unauthorized RDP (remote desktop protocol) software before they exited their companies, thereby ensuring that they could retain access to the businesses’ networks to carry out their crimes.
Has your organization been hurt by insiders? Please tell us about it in the comments section below, and if you’ve got tips on how to deal with insider threat, please do share.