Milburn says he was riding “that fine line between ultra-caution and paranoia.”
Born in Santa Monica, Milburn did not graduate from high school, but he has a relentlessly autodidactic drive that is common in early tech entrepreneurs. He taught himself how to write code, and eventually mastered complex Internet software protocols.
Laura Milburn, 63, his wife of 21 years, calls him “brilliant,” but also “incredibly stubborn.”
A few years earlier she watched him in a legal tussle with a neighbor who had built a deck over what they thought was their property line. Milburn ended up spending more than US$100,000 in a year-long fight just so they could split the difference, she says.
“He’s not the kind of person who would back down to someone because they threaten him,” Laura Milburn says.
Even so, “I don’t think he had a clue what he was getting into,” she adds.
Both of those traits explain why Milburn did not hire an expensive incident response team to hunt the hackers down in his network — the kind larger corporations often use.
Milburn, after all, had built Solid Oak’s network himself.
“I thought they might be able to get around some IT guy, but there’s no way they were going to get around me,” he says.
Milburn learned everything he could about computer security. He read professional papers and called up experts he knew. He began writing his own software to monitor the connections his computers were making to outside networks, looking for tell-tale signs of the hackers at work.
In April 2010, during a 6:30am check of his servers — by then part of his daily routine — Milburn stumbled on a folder buried in an obscure Microsoft directory, one that was normally unused. What he found inside startled him. The file contained the encrypted versions of all eight passwords in his system — the keys to the entire network. The hackers could use the passwords to control just about anything he could, from Web servers to e-mail.
The folder was gone two days later, he says, and in its place were several pieces of software he did not recognize. Later, he found out they were custom-designed software the hackers use to perform tasks on corporate networks. He had found their tool kit.
Rather than panic, Milburn said he felt an adrenalin rush.
“It was like, ‘okay, now I can figure out what they’re doing,’” he says.
After months of detective work, Milburn was no longer chasing ghosts.
Even at the best of times, Solid Oak’s headquarters is a warren of server rooms and cluttered offices that, Milburn says, could sometimes resemble the inside of a well-maintained garage.
In the summer of 2010, it reflected the disarray of a company in crisis, littered with the results of Solid Oak’s two on-going battles, one legal, one digital.
The firewall that blew out in March, a small box the size of an office telephone, still sat propped in a chair. Stacks of legal documents covered tables and spilled onto the floor. Two 18m data cables — which Milburn could use in a pinch to circumvent his own compromised e-mail system via a commercial Internet connection — ran from one end of the office to the other.