Go Back   DealershipForum.com > Forum Operations > Announcements

Notices

Announcements Check here for Announcements from the DealershipForum.com Webmaster

Reply
 
Thread Tools Display Modes
Old 03-15-2010, 11:57 PM   #1
XDCX
Administrator
 
Join Date: Nov 2007
Posts: 14,869
Default Security Advisory - Unauthorized Members at DealershipForum

Security Advisory

This thread is intended for ALL members of DealershipForum

As the Administrator of DealershipForum I feel compelled to share information with our members regarding two recent events. I will use a Frequently Asked Question (FAQ) format for the rest of this thread to make the issue and my response easier to follow.

Why has DealershipForum issued a Security Advisory to their members?

I believe representatives from SGS and Chrysler Corporation, LLC have created User Accounts at DealershipForum. My assumption is they created these accounts in an effort to access portions of the forum that are restricted to registered members only.

Why do you believe these accounts were created by representatives of SGS and Chrysler Corporation, LLC?

On two different occasions new accounts were created where the IP Address location and the dealership location didn't match. A more detailed investigation revealed the IP Addresses for these two new accounts tracked back to SGS and Chrysler Corporation, LLC.

Is it possible the IP Address information is wrong?

Possible, but not likely.

Were the new accounts able to access the hidden sections of DealershipForum and read the various threads and posts?

No. Although each user activated their account by responding to the activation e-mail, I did not allow either account to pass through moderation. It was during the moderation process that the discrepancy with the dealership location and IP Address was discovered.

So, if the new accounts were not able to access the hidden areas of the forum, why is the Security Advisory being issued?

While I feel confident I can guard against unauthorized accounts generated through corporate computers with registered IP Addresses, I cannot prevent an unauthorized user from creating a new account from his or her home computer.

Don't the eligibility requirements for DealershipForum limit membership to dealer principals and dealership employees; specifically excluding factory representatives?

Yes. It's my expectation that an individual representing an honest and ethical company would honor our eligibility rules and terms of service.

Hasn't this happened in the past; where a Chrysler Corporation representative falsified information to gain access to the forum?

Yes. Over a year ago, before the forum offered hidden sections, a representative from Chrysler Corporation gained access to the forum. His account was banned once his identity was verified.

What is DealershipForum doing to protect their members?

Creating a safe environment and protecting the identities of DealershipForum members is my top priority.

Effective immediately, I have removed the City and State data from all portions of the forum accessible to guests and registered members.

I have also changed any User Name that was based on a Chrysler S-ID. I will advise these members of their temporary User Name via a separate communication.

I will also restrict new members from joining the forum until I can contact them by phone and verify their eligibility. I will keep this process in place for the next 60 days and then re-evaluate the situation and determine if it needs to be extended.

Don't you think the issuance of a Security Advisory will scare members away from the forum and reduce the number of threads and posts?

Yes. That said, I feel I have an obligation to share the recent events with the DealershipForum members and let them make their own risk assessment and act accordingly.

Will these recent events affect the threads and posts you add to the forum, XDCX?

No. I'm proud of this forum, our members and the information we share here.


Scott B. Hogle = XDCX
XDCX is offline   Reply With Quote
Old 03-16-2010, 03:34 AM   #2
Ralph
Senior Member
 
Join Date: Nov 2009
Posts: 636
Default

The first thought is....has Ford or GM or Toyota or any other OEM tried this? If so, than I guess it's to be expected. If not, I should be shocked but sadly, I'm not. There's something weird going on with Auburn Hills or Turin or wherever these guys hail from. And it feels stranger and stranger as the days go by. I don't get this company anymore.

This kind of stuff is what I "rant" about a lot. There is no place for deliberate underhandedness in business. In America, it was built on trust and a handshake meaning more than a signature. This kind of relationship with your business "partners" is just not right. If it turns out to be a corporate policy to lie cheat and steal at any cost....which it has turned into in my experience lately, it is sickening. I get curiosity by an individual but not both SGS and Chrysler both attempting this. To me that means corporate policy. Someone's boss gets a directive from higher up to have some IT schmucks boldly and maliciously lie in order to collect more "important" data on dealers participating.

I'm not judge and jury here, maybe it's a mistake. Maybe it's just two independent guys from two seemingly independent companies with independent strategies, bored at work surfing and landed on this site. Maybe they miraculously both, without speaking to each other or planning anything evil were looking for info to get them a rung up on the ladder when they bring a pile of data on a few dealers who speak out. I suppose as soon as the sky turns yellow and hell freezes over it's possible.

Grim times for us Chrysler dealers I fear.....grim.
Ralph is offline   Reply With Quote
Old 03-16-2010, 06:12 AM   #3
CL Pgh
Senior Member
 
Join Date: Oct 2008
Posts: 1,242
Default

Awesome moves X-Man! With the number of views on the SGS Connection thread it doesn’t surprise me one bit that both SGS & Chrysler have been knocking on the forums door. I might be reaching a little with this thought but considering we’ve got DM’s & Business Centers that won’t speak out for the dealers right now for fear of getting fired (& we all know this!)… maybe having a factory snoop here will get some of our concerns voiced at HQ’s.

Thanks for taking the steps to keep our privacy private. This place Rock’s!

Last edited by CL Pgh; 03-16-2010 at 06:16 AM.
CL Pgh is offline   Reply With Quote
Old 03-16-2010, 07:20 AM   #4
The StraightShooter
Senior Member
 
Join Date: Aug 2009
Posts: 518
Default X-Man

You're on point as always


They're out there man
The StraightShooter is offline   Reply With Quote
Old 03-16-2010, 07:46 AM   #5
XDCX
Administrator
 
Join Date: Nov 2007
Posts: 14,869
Default

Quote:
Originally Posted by Ralph View Post
I'm not judge and jury here, maybe it's a mistake. Maybe it's just two independent guys from two seemingly independent companies with independent strategies, bored at work surfing and landed on this site. Maybe they miraculously both, without speaking to each other or planning anything evil were looking for info to get them a rung up on the ladder when they bring a pile of data on a few dealers who speak out. I suppose as soon as the sky turns yellow and hell freezes over it's possible.
Like your explanation above, my hope is it's just two individuals who were bored at work and wanted to see the portion of the forum that's restricted to members only.

Concerning other OEMs, based on IP Addresses I know other OEMs have found this site and reviewed a few posts and threads. That said, I do not know of any other OEM that has tried to falsify information in an effort to gain access to restricted areas.
XDCX is offline   Reply With Quote
Old 03-16-2010, 07:59 AM   #6
79LilRedExpress
Senior Member
 
Join Date: May 2008
Posts: 713
Default Time for area "52"

As we have discussed before, a new area that could formed that requires an invitation from XDCS. A 20 group of sorts.

Not to be snobish, but this forum has become important to most of us who view it daily.

We all have dealer friends that we have refered to the forum that we trust, and this could and should continue.

And as with Ralph's recent issue, we don't want to see any of us leave this site. ( we love ya man )

And this could very well happen if we feel that "BIG BROTHER" is watching.

Just some thoughts....

Quote:
Originally Posted by The StraightShooter View Post
You're on point as always


They're out there man
79LilRedExpress is offline   Reply With Quote
Old 03-16-2010, 08:16 AM   #7
XDCX
Administrator
 
Join Date: Nov 2007
Posts: 14,869
Default Moved some threads to AREA 51

As a precaution, I moved some threads to AREA 51 last night.

While the process of moving a thread doesn't result in having it appear on the Home Page with the 20 most recent threads, it does add the thread to the listing of the 10 most recent topics at the bottom of the Forum Page.

On a different note, if any member would like me to move a thread from the general forum to AREA 51 in light of the Security Advisory, just send me a PM and I'll process the request.
XDCX is offline   Reply With Quote
Old 03-16-2010, 09:51 AM   #8
XDCX
Administrator
 
Join Date: Nov 2007
Posts: 14,869
Default

Quote:
Originally Posted by CL Pgh View Post
… maybe having a factory snoop here will get some of our concerns voiced at HQ’s.
CL, that's an excellent point but I'm afraid it might be wishful thinking.

Hell, if Marchionne really wants to fix Chrysler maybe he should make this forum required reading for his top managers. Think of how different Chrysler would be if Auburn Hills took a few tips from the members here:
  • Chrysler would have settled with the 409 OLDCO dealers ending a bitter dispute and scoring a major PR victory. (GM 1, Chrysler 0)
  • The '11 Grand Cherokee would have been on display in Detroit and Chicago and the media would writing stories about Chrysler's future products instead of their impending demise.
  • The Super Bowl Commercial would have featured the Ram Truck, not the Charger. (That's right, we actually think it's smarter to advertise an award winning vehicle the dealers have in inventory.)
  • The regional DAA Advertising Associations would have been strengthened, not eliminated. Commercials touting the Ram's "tank is full" never would have hit the airwaves.
  • Chrysler would have supported their dealers during the transition from Chrysler Financial to GMAC instead of sitting on the sidelines waiting to see who lived and who died.
  • Chrysler would have never started the mystery shop program with SGS, but would have used those resources to help dealers increase profits and sell more cars.
As GM has demonstrated, there's still an opportunity for Chrysler to re-evaluate their decisions and repair their relations with their dealers. Time will tell....
XDCX is offline   Reply With Quote
Old 03-16-2010, 12:19 PM   #9
crowe
Senior Member
 
Join Date: Oct 2008
Posts: 626
Default

Good move!

If they want to join this site they need to work for a living in a dealership where they could really learn what they need to know.

I hope these guys were just a couple of rogues but it is testament to the character of some of their employees. Any employee willing to lie for you will lie to you. Any employer willing to ask an employee to lie is a fool & will do anything dishonest.
crowe is offline   Reply With Quote
Old 03-16-2010, 02:00 PM   #10
XDCX
Administrator
 
Join Date: Nov 2007
Posts: 14,869
Default Update - Seven Day Ban - Accounts under Investigation

This afternoon one of the suspicious users logged into his account from a computer that tracks back to a Chrysler IP Address and tried to modify his User Profile.

To the extent I want to preserve information that was used to initially create the account I have placed that account and two others under a seven day ban.
XDCX is offline   Reply With Quote
Old 03-16-2010, 02:28 PM   #11
possum
Senior Member
 
Join Date: Jan 2009
Posts: 1,122
Default

X, you do quite a job keeping up with all this stuff. There is a whole underworld out there!
possum is offline   Reply With Quote
Old 03-16-2010, 02:36 PM   #12
CL Pgh
Senior Member
 
Join Date: Oct 2008
Posts: 1,242
Default

Quote:
Originally Posted by possum View Post
X, you do quite a job keeping up with all this stuff. There is a whole underworld out there!
I was thinking... Don't drive yourself crazy with this X-Man. Sounds like we're more than covered here and besides, once they figure out what we're saying makes sense... they'll just leave anyway!
CL Pgh is offline   Reply With Quote
Old 03-17-2010, 03:15 AM   #13
Ralph
Senior Member
 
Join Date: Nov 2009
Posts: 636
Default

Quote:
Originally Posted by CL Pgh View Post
I was thinking... Don't drive yourself crazy with this X-Man. Sounds like we're more than covered here and besides, once they figure out what we're saying makes sense... they'll just leave anyway!
Good point CL. Some of the topics here are so outlandish that they're impossible to support without a 24-7 line pumping Kool Aid intravenously. Some must be hooked up this way, but the majority in Chrysler management must scratch their heads along with us. Hell, even my BC manager laughed about my numbers for the back door programs and said..."Yeah, they're completely unattainable."
Ralph is offline   Reply With Quote
Old 03-17-2010, 08:15 AM   #14
XDCX
Administrator
 
Join Date: Nov 2007
Posts: 14,869
Default E-mail sent to all Members suggesting a reveiw of User Names

I sent an e-mail to all DealershipForum members last night providing a brief recap of the Security Advisory and suggesting a review of User Names that might reveal the member's identity. (We have a few members who use their first and last name as their User Name and a few who use their e-mail address.)

I received a number of requests to change User Names or reset passwords and I'll be working on those requests this morning. Once I get caught up I'll respond to the existing threads and add some new content.
XDCX is offline   Reply With Quote
Old 03-18-2010, 11:54 AM   #15
XDCX
Administrator
 
Join Date: Nov 2007
Posts: 14,869
Default Only two new accounts added since Security Advisory

I haven't had a chance to respond to all the posts in this thread - I'll do that tonight.

The purpose of this post is to let our members know that I've only approved two accounts to join the forum since issuing the Security Advisory. I have contacted both of these members by phone and verified they meet our eligibility rules.

If you're like me you might be concerned when you log on and see a number of other members logged on and you don't recognize their User Names. In most cases these are just our existing members with new User Names but it's difficult for you to know that since I eliminated the City/State information from showing.

Bottom line: I hate the feeling of paranoia we all have but I'm playing the cards I've been dealt to the best of my ability.
XDCX is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Chrysler kills-off the Customer Advisory Board (CAB) XDCX Sales 0 02-26-2010 01:47 PM
GM offers USAA Members an extra $750 Incentive XDCX Sales 0 07-20-2009 06:20 PM
So, how many of our members have Facebook, MySpace and Twitter accounts? XDCX General Discussions 9 06-19-2009 01:16 PM
Suggestions for DealershipForum.com XDCX Announcements 2 03-07-2009 10:09 AM


All times are GMT -7. The time now is 09:43 PM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright DealershipForum.com - 2008 - 2016