The CloudJacket Logo (Credit: public domain)
From late June 2013 until October 2013, Platte River Networks (PRN) is managing the server, apparently without any anti-hacking software. In October 2013, the software they have been waiting for arrives and is installed. This is an intrusion detection and prevention system called CloudJacket from SECNAP Network Security.
According to a later FBI report, it “had pre-configured settings that blocked or blacklisted certain email traffic identified as potentially harmful and provided real-time monitoring, alerting, and incident response services. SECNAP personnel would receive notifications when certain activity on the network triggered an alert. These notifications were reviewed by SECNAP personnel and, at times, additional follow-up was conducted with PRN in order to ascertain whether specific activity on the network was normal or anomalous. Occasionally, SECNAP would send email notifications to [an unnamed PRN employee], prompting him to block certain IP addresses. [This employee] described these notifications as normal and did not recall any serious security incident or intrusion attempt.”
Additionally, “PRN also implemented two firewalls for additional protection of the network. [This PRN employee] stated that he put two firewalls in place for redundancy in case one went down.”
The FBI report will also conclude, “Forensic analysis of alert email records automatically generated by CloudJacket revealed multiple instances of potential malicious actors attempting to exploit vulnerabilities on the PRN Server. FBI determined none of the activity, however, was successful against the server.” (Federal Bureau of Investigation, 9/2/2016)