IBM System i FTP transmissions being hacked

We received a call last week from an IT Manager that works at a large food distributor. He told us that they had just discovered that their System i FTP transmissions were being hacked. According to this manager, the hacker was capturing their FTP user ids and passwords, as well as the EDI data that was being transmitted to their trading partners. They believe this hacker had been monitoring their FTP transmissions for quite some time. This IT manager was very concerned since the data was sensitive and mission critical to their business.

This food distributor was using the native FTP client on the System i (iSeries platform) to transmit their EDI data.

We wanted to alert you about this issue since we know that many System i customers use FTP to exchange data with their customers, banks, vendors and other trading partners. While FTP has been a very popular file transfer method, the problem with this open protocol is that all data is transmitted in the "clear". This vulnerability in FTP allows hackers to easily monitor, read and even modify your data in transit. FTP user ids and passwords can also be easily intercepted.

Because of these serious security issues with standard FTP, an increasing number of companies are converting over to Secure FTP (e.g. SFTP or FTPS standards) for transmitting data. Secure FTP creates an encrypted connection between computer systems. This will protect any data which is then transmitted over that connection, as well as protect any FTP user ids, passwords and commands.

See also the Jack Straw comments in the "look" column to the right – 'losing personal data?'

SAS provide package solutions to secure your data - both stored and transmitted.

If you would like to explore how simple and resource friendly GoAnywhere and Crypto Complete can be, invest 30 minutes and allow us to demonstrate via the Internet how the tools are used. You won't even have to leave your desk!

Email us here to arrange your personal demonstration.