A screen shot of the mirrored Hunt Adkins website, now existing with a “.net” suffix. A savvy searcher would notice the fake site’s address has a hyphen between Hunt and Adkins.
Star Tribune, ALL
Mirrored website, mystery caller worries ad agency
- Article by: DAVID PHELPS
- Star Tribune
- November 16, 2012 - 9:02 PM
Media planner Ryan Lutzke sensed something was amiss after an exchange of e-mails between himself and a purported account representative for the Minneapolis ad agency Hunt Adkins. The caller told Lutzke he had $100,000 to spend for a "download manager'' for Internet video watching and a "payday loan client.''
"It was one of the most bizarre interactions I've ever come across, said Lutzke, an account executive in the Minneapolis office of Specific Media. "I said to myself, 'This doesn't sound like someone who works in an agency.'"
The caller, Lutzke said, lacked the usual detailed information about his clients and what audience the agency wanted to reach. So he called Hunt Adkins and asked for the account rep who had identified himself as James Pierce. When told there was no one by that name at the agency, Lutzke told Hunt Adkins about his curious exchange.
The agency quickly learned that its website had been nearly 100 percent duplicated and hijacked, first to a Web host in Russia and then to a host in China.
"My very first thought was that there must be another Hunt Adkins doing business," agency founder Patrick Hunt said in an interview earlier this week. "But then we looked, and it was our website."
The only difference, the agency determined, was a hyphen between the name Hunt and Adkins on the phony website, a few missing words and the lack of access to a password-protected link to its social media functions.
But to the untrained eye, the two sites were indistinguishable.
The agency successfully closed down the Russian-based site by calling the company that provided the domain name. But the faux Hunt Adkins website simply moved to a Chinese host, where it replaced ''.org'' with ''.net.''
Kevin Orth, vice president of operations for FRSecure, a Chaska-based information security company, said cyber hijackings are not uncommon.
"These are organized efforts to go after companies that are easy to pick off," often because of small size, Orth said.
In ad agency terms, Hunt Adkins is relatively small, with 35 employees and $45 million in annual billings. But it's not the smallest in the Twin Cities by any means.
As Hunt continued his investigation, he discovered other instances of contacts between James Pierce and media buyers. But attempted meetings by the buyers with Pierce were unsuccessful, with the mystery man claiming he was traveling, or the victim of a computer virus and in one case having phone service issues.
The 612 area-code number Pierce would leave as a contact point would go directly to voice mail with a slightly accented male voice saying he was not available at the moment. The accent could be Russian, or it could be European. Because of the poor sound quality and briefness of the message, it is difficult to pinpoint the verbal inflection, Hunt said.
No financial losses
Why Hunt Adkins was targeted perplexes Hunt. Nor is he certain of the perpetrator's intentions. No request for money has been made by the phony Hunt Adkins, and no financial information has changed hands.
"Everything about it sounds sophisticated. They have to have some knowledge of media agencies and of buying media time," Hunt said.
The agency went to the FBI soon after it discovered the mirrored website, but authorities said lack of financial losses limited their ability to pursue the case.
"There's a certain threshhold that has to be met by the U.S. attorney's office for prosecution of our cases," said FBI spokesman Kyle Loven. "It's not always black and white."
As Hunt Adkins continues to try and get the Chinese version of its website to go dark, Hunt is concerned about collateral damage that might come from prolonged exposure.
"Our No. 1 concern is that somebody doesn't get ripped off and come at us," Hunt said.
Said security expert Orth: "The solution is sometimes simple. Change your password," Orth said. "What we see most often is a situation where someone's password is easily broken."
David Phelps • 612-673-7269
© 2013 Star Tribune