Adventures in data recovery

Russian hackers hold a casino site hostage, a Venezuelan town mistakes disk drives for organ transfers and a Toronto hospital needs ER for RAID array. Three adventure tales from CBL Data Recovery.

CBL Data Recovery Technologies Inc. completed 21,000 projects last year, according to president and CEO William "Bill" Margeson.

Co-founded by Margeson in 1993, CBL currently operates 17 labs and 21 office locations worldwide. The company tackles all types of problems, from failed digital media and tapes to optical cartridges, disk drives and RAID arrays, he said.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Russian hackers hold a casino site hostage, a Venezuelan town mistakes disk drives for organ transfers and a Toronto hospital needs ER for RAID array. Three adventure tales from CBL Data Recovery.

CBL Data Recovery Technologies Inc. completed 21,000 projects last year, according to president and CEO William "Bill" Margeson.

Co-founded by Margeson in 1993, CBL currently operates 17 labs and 21 office locations worldwide. The company tackles all types of problems, from failed digital media and tapes to optical cartridges, disk drives and RAID arrays, he said.

"A data recovery company has to be able to cope with just about anything," said Margeson, who shared three of his favourite data recovery adventure stories with Computerworld Canada during our visit to the CBL lab in Markham, ON.

Russian hackers held a gambling site hostage for ransom

We got a call from an Internet Service Provider in Costa Rica, an unusual ISP that hosted Internet gambling sites.

Apparently, Russian hackers had broken into their bunker, encrypted five servers and held them for ransom.

(This would be akin to breaking into the Pentagon. These guys are good.)

We got this call on a Wednesday.

What did we do? The best we could offer at that point was a remote look.

We confirmed they were encrypted. Our advice to them was to send us the media.

But instead, they elected to pay the ransom.

On Friday, they called us back.

Apparently, they paid the ransom and when the Russian hackers attempted to decrypt the machines, four of them came across okay, but the fifth server -- the one that had 60GB of Visa card information -- blew up.

What was interesting is the Russian hackers spent about 12 hours working with the casino guys trying to solve the problem.

(I thought they would just take the money and run, but they didn't.)

They kind of messed things up a little more.

On the Saturday, we were visited by one of the principals of the company himself, who hand-carried all the disk drives from that Visa card server and brought them to our lab.

He's the only man who's ever read every single word in our fine-print. This was very important to him. He didn't sleep very much, but neither did we.

Seventy-two hours later, we learned that Exchange databases arranged the data with a serial number, so we wrote a program.

We did a little bespoke programming that stripped out all the records. Then we wrote another program that put them back together in the order we liked.

The problem was, when you encrypt something you need space -- a temp file -- big enough to encrypt. The Russians didn't look and there wasn't enough space on the original drive, so when they started to encrypt, everything blew up.

It took our two little bespoke programs to put all the bits back together again and the casino guy got on the plane 72 hours later.

Their loss was something in the neighborhood of $135,000 a day, so it was important he get back to work.

Venezuela mistook disk drives for organ transfers

A few years ago, there were some mud slides in Venezuela. The entire town was under -- waist deep in mud.