Slashdot Mirror
Hacker Destroys Avsim.com, Along With Its Backups
el americano writes "Flight Simulator community website Avsim has experienced a total data loss after both of their online servers were hacked. The site's founder, Tom Allensworth, explained why 13 years of community developed terrains, skins, and mods will not be restored from backups: 'Some have asked whether or not we had back ups. Yes, we dutifully backed up our servers every day. Unfortunately, we backed up the servers between our two servers. The hacker took out both servers, destroying our ability to use one or the other back up to remedy the situation.'"
Owned.
To any sysadmins and DBAs...
Make sure you have offsite backups
more than one backup. always! especially if two servers are running the same software, who says they won't both fail at the same time?
if it isn't verified
Off. Site. Backups. Textbook example of why you need to secure your backup data in a secure, non-networked location.
Reserved for people who don't do archival backups, don't secure their systems, and then try to blame their ineptitude on hackers.
Do backups.
Do security.
Do restore from your backups to test them.
Do not blame others when it's shown you failed steps 1-3.
They say they had backups, and put them on the Internet where any hacker could get to them, under the same security the originals were stored under. If that's all they cared about their data, I don't see why the Slashdot community should care any more than they did.
I'm an American. I love this country and the freedoms that we used to have.
You now will be escorted off-site.
That really sucks - I used to use that site all the time back when I was into sims, and even contributed some TerraScene and other goodies.
This highlights the ephemeral nature of the web. Thousands of years ago, information was carved into rock, and we still have many of the originals. Then it was written onto scrolls, some of which survive today. Now it's on a disk, with a lifetime of a few years. Yes, they can be backed up... but the whole thing is very precarious. In 500 years how much of what people create today on sites like avsim will still exist? I predict basically none of it.
Maybe future historians will consider this a dark age, whose intellectual production was lost.
I realize that from quite a few people's perspectives, storing their backups in a separate building constitutes off site storage. I'd almost buy that strategy. Not in the same environment, network, city etc.
These guys were stupid.
The day after 9/11 I was in an elevator, and caught a snippet of conversation between 2 people that had business interests with a firm that was in the WTC. The comment I heard was 'their backups were in the other building'. Another company lost.
You can never totally plan for every contingency, but you can insure yourself. I know many developers that take hard copies of their code (meaning on removable media) home just for this reason. I have seen sys admins do the same because they didn't trust their DR stratagy.
This was avoidable. This isn't even about disaster recovery. It is about business continuity.
You can't afford not to protect your data.
What has AVSIM ever done to anyone? Anyone who hacks a flight-sim sight has no life and really needs to get laid.
Repeat after me: mirroring is not a backup. Backups are physically removed from the machine and stored where they can't be altered until they're needed for a restore. If they aren't removed from the machine, well, as we've just seen that only ends in tears. Observe their pain and learn from it!
Losing all data because two servers go kaboom is not unique. This is the situation where you see how well the site was administered and how good the backup strategy was. Looks like the site administrator had no idea what the word backup really means. He was an average guy who had no clue. :(
Always take backups to tape or similar media and store it in a safe place. Also keep some backup media in off-site storage.
I hope the same administrator will never again make the same mistake with backups.
'Backed up between two servers'... that's not what a backup is.
I'm... astonished at the level of incompetence here. A site with 13 years of work like this, and they didn't bother to backup anything at all?
And now they're trying to handwave it away with 'oh uh, uh really folks, seriously, were really did have backups haha, between servers olol'.
I don't think 'olol' is going to impress anyone whos work was just wiped out by their incompetence.
So they say they backed up the server... To the 2nd online server! That is not a backup.
Ye leaping lizards of shoggoth! Mirroring=/=Back-up!
"It is morally wrong to initiate the aggressive use of force.." Of course, defensive force is fair game...
It's a hard lesson to learn.
US Democracy:The best person for the job (among These pre-selected choices...)
pilot747?
I wouldn't put it past him with a "backup" like that.
The question of whether a computer can think is no more interesting than the question of whether a submarine can swim.
When invaded their identities system was lost too.
All they had was a back up copy that made it out.
After the war they could go in and find what was tampered with. ie who got a false identity.
Take your data home with you every night.
Domestic spying is now "Benign Information Gathering"
As the subject says. "Online" backups and replication are simply tools to try and minimize downtime. They are NOT a backup solution. They never were and never should be touted as one, just as this example shows. The only good backup is one that occurs frequently, is verified that it worked, and is stored in a secure location such as a fire-proof safe, and even better in two different fire-proof safes in two different locations, preferably more than 100 miles apart.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Whoever did this must have willfully wanted to destroy the website and its content. Deleting data in this manner is far beyond vandalism or criminal mischief.
I hope the perps get served by a judge who recognizes just how severely malicious this was, and that enough of the people who used the site can provide the files back to the owners and the community.
Where is your DTAP street???? In that case you would have had 3 backup's!
I'm assuming he wasn't backed up, either.
I worked for a computer bureaux in the 80's. We upgraded the operating system - very cool, the new release allowed larger files. We didn't, unfortunately, upgrade the backup utility to handle these larger files. Months go by - then there's a problem - whoops backups are useless - Luckily there's a physical audit trail so we we can pay for very large data entry exercise to get our client's data back.
A couple of years later, I am in the pub with some mates and John turns up. I ask him how he's managed to finish work and get to the pub so early. "I did a fast backup" he said. I was interested so I asked him to explain. "Oh, it's easy, get the target tapes from the rack, rub out the old date, write the new date, put them back into rack and go to the pub"
Worked for a large software shop in the 90's. I am part of a decent sized Oracle development (circa 50 devs). Ops decides that Oracles backup routines are too slow and 'optimize' them. Some weeks later - guess what - there's a problem and the backups are useless - No physical audit trail this time - the team has to redo all of there work - it was not good for the project budget, the team moral or the client
...the thieves and vandals who steal data and wreck servers.
THIEVES AND VANDALS.
Not "hackers".
What was done was not hacking. It was vandalism. Plain and simple.
Hackers create. Vandals destroy. Thieves steal.
I'm surprised that this needs to be explained to the Slashdot community.
Guaranteed! This comment 100% Anthrax free!
"Only wimps use tape backup: _real_ men just upload their important stuff ;)"
on ftp, and let the rest of the world mirror it
Linus Torvalds Jul 20 1996, 3:00 am
2) Regularly verify your restore process and backups work.
This is a lesson every system administrator worth his or her salt learns over the long haul. You might back up dutifully, test restore, and have a well done system of ensuring backups are rotated correctly. Then you find out the tape drive you use is miscalibrated so only it can read your backup tapes, or you find the backup software you use on a daily basis is not in production, or the latest version has no support for the backlevel formats.
I have found that in a production environment, you really need multiple methods for backup if at all possible:
The first level is a dedicated backup server. This machine is locked down to the best of your abilities, and firewalled from the network, only allowing critical ports such as what the backup software uses, and perhaps ssh or RDP (if a Windows box). This machine copies everything from the other servers onto a large disk array, then to tape. The tapes are then cycled offsite via a service like Iron Mountain. Of course, the tapes are encrypted, and corporate officers get a copy of the master keys.
Why tapes? Because they can be set read only after they are dismounted, and no computer, no matter how infected can modify or delete the tape contents once this is done, outside of a reflash of the tape drive's BIOS. This is important because its not unheard of for someone to write a program that trashes backups over a time interval. Higher end tapes can be used as WORM media like DLT-ICE.
I can't emphasize enough about securing the backup server, both physically and network-wise. If this box gets compromised, all your data is available. On Windows machines, I recommend using some form of disk encryption (Bitlocker if the machine has a TPM, TrueCrypt, etc) so if the backup server or an array gets physically stolen, the data is of no use to a thief. This is in addition to the backup program's encryption.
After you have a central backup server installed, secured (security is paramount on this machine unless the backup program client can do encryption), and backups running, you focus on the other levels of backup.
The next level of backup is on the local servers. Most operating systems have a method of backing up the computer. If you can do this with a server, fire off a snapshot backup every month or so. Most OS backup methods don't have encryption, so this backup should go directly to a tape safe or secured container in the data center. Optionally, you can install backup software locally that can encrypt. I like using the backup/restore utility the OS gives for an image every quarter, then using more secure software more often, so the OS backups can be stored in a tape safe or physically secure container. This way, if the third party backup software ends up inoperable, there is still a method of getting a machine up somehow, or putting it in a virtual machine for recovery purposes.
Finally, after you have backup servers and a rotation, companies might consider offsite cloud backup services like Mozy. Mozy offers use of keyfiles so all data is stored encrypted (encrypted on the client end). Of course, making sure the encryption key is stored safely is paramount, and the cost of storing a large backup in Mozy's cloud may be prohibitive. However, if worse comes to worst and your site is completely knocked out, as well as the offsite backup site, it may be thing that keeps your business up.
Of course, scale this up or down as per your company's needs. A smaller business can get by using Mozy and a Windows Server 2008 box running Bitlocker, a network backup program with encryption such as Retrospect or Backup Exec, and using external drives every month to copy backup sets from the main ones to store offsite.
A larger business might see about a true backup fabric system sold by IBM (TSM), EMC (Networker), or Microsoft's solution.
The key is to not just have some built in redundancy so if one backup method is not usable, you have another, even if the backups are older, but to be able to do this in a manner that doesn't add too much time and equipment expense.
"The method of the hack makes recovery difficult, if not impossible, to recover from,"
should read:
"The method of the backup makes recovery difficult, if not impossible,"
One word. R-S-N-Y-C! Seriously, with the cost of hard disk drives so relatively cheap and virtually any old PC you may have laying around, which could then be hanging off some LAN at a trusted member's High Speed Internet connection. (Although with rsync you don't even need that really, just damn convenient)
The lack of offsite backup with this cheap and easy solution so readily available makes me think... tsk! tsk!
Only goatse is eternal. The rest is being used to seed a randomness generator somewhere.
Futurist Traditionalism
Actually, he got regular backups at the Dollhouse. I'm not sure how he'll respond to being in Eliza Dushku's body...
Unless you have overwritten the area on the physical disk that contained the data, multiple times, the data can still be recovered.
How about once? With zeros.
http://16systems.com/zero.php
If you can retrieve you data from a drive after it has been dd'd with /dev/zero, you might be able to win this prize.
If you happen to be in the situation described, chances are you're fucked.
How we know is more important than what we know.
An error, a bug, a virus, etc infected/corrupted the first server which then neatly replicated the same problem as designed to, which then destroyed the second server.
Instead of admitting they were responsible for there own downfall, simply blame some "hacker"
Unless it was all password protected, most of it will still be on archive.org.
This is exactly what happened with JournalSpace, so it's hardly a new thing.
Those are called crackers, man.
I kept them in my other pocket.
Unless they did a complete disk wipe, the data is still there. If it's so important, ask for donations from the community to pay for it.
--- Keep the choice with the user..
... there's a reason tape backup is still in use.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
A public viewing will be available at:
http://web.archive.org/web/20080116064652/http://www.avsim.com/
No date has been set for the funeral.
Offsite and Encrypted!
Be careful. If you have a virus that corrupted every file on your disk, and you rsync, all that happens is you spread the curruption to your backup too.
Rsync is not a replacement for offline, read-only, backups.
Avsim was serving that data to a lot of users, right? Just let them upload their copy again. This restores most of the lost data and could weed out a lot of low quality/low interest datasets.
Fixed that for you :)
The admins' claim that they were backed up is nothing short of an outright lie. A dependency on rsync or any other mirroring technique alone is just plain negligent, when both servers are exposed to the world at large. As a bad analogy, it's like allowing someone to light two fuses with the same match.
The only way to do backups properly is to have a complete set, offline, in a separate location.
Sheesh. When will people learn?
Thats why don't just copy data with rsync, but use its --backup option as well.
About 1980 and I am working for a small Cambridge(UK) software house. I used to back up disc to disc and run on the target discs to verify the backup. In addition I would periodically, ok ok when I remembered, backup to tape.
I left the company and went to work in London. A few months later Terry came in during the middle of the night to do some work. He tried booting his machine and it wouldn't. So, he tries another disc, that didn't work so he tries the first disc in a second machine.
Fast forward an hour - every machine has it's disc heads screwed and every disc has been ripped up by a crashed disc head.
Good job my tape backup was still around - it was the only backup of the company's core product.
That doesn't work so well if the archive is over 50GB, but at least one site I deal with is willing to give out copies of their >1TB collection if you provide them with a 1.5GB or 2GB USB drive to copy onto.
Any personal data the site may have obviously can't be included in a public distribution, so that needs to be backed up separately.
in the IT business for 13 years...countless amounts of user data...not following basic best practice principles to have an off-site back up and subsequent redundant tape or NAS...priceless Sorry to all those who lost their data and to Avsim but this is a perfect example of IT administration FAIL, I suspect the IT manager lost his/her job pronto
As others have mentioned, aren't you suppose to have offline backups? Let alone, don't you need backups in three separate facilities?
Offline means hacker proof, until we find someone who is technokinetic.
Three backups means hopefully there is security against natural/unnatural disasters affecting each locality.
Regardless, this will malicious, and hopefully archive.org has some of the stuff somehow.
First of all this is despicable. However if it was "a source of community developed terrains, skins, and mods" then why was this the only place it was stored? Didn't they have a tgz ftp or something?!
They had redundancy. Another online copy of data isn't a back, it is redundancy. A backup is a separate, offline copy.
For example if you have a RAID-10, you do NOT have a backup of your data. What you've got is redundancy. In the event you have a disk failure, you don't lose data and you also don't lose system functionality. That's actually the main reason for RAID (at least RAID other than 0). You don't want your system to have downtime. If you drop a disk you can use the system while the replacement comes in, rather than being SOL.
A backup is separate. It can be another harddrive, it can be DVDs, it can be tape, whatever. It is something you use to take data from the system, and move it offline.
Now why is the offline thing so important? Well this demonstrates one reason. A bigger one would be catastrophic hardware failure. What happens if your PSU goes nuts and pumps out 120 volts on the 12v lines? That kind of thing can burn out all your hardware, and thus anything you have internally. An external backup isn't affected, of course. Then there's things like fire, or flood and so on.
However the biggest would be your own screwup. What happens if you accidentally overwrite the data with garbage? What if you then trigger a backup sync, or it happens automatically before you realize your mistake? Well you are screwed now. You backup is now of useless data.
Ideally the backup is offsite, of course, since that protects against anything that might happen to one site. As a practical matter for non critical data, like your home PC, an external harddrive in a good fire/water/security safe will do the trick. It takes a lot to destroy one of those and your data is probably safe from just about anything, including you screwing shit up.
So having multiple online systems for better availability is fine. You don't want downtime, you have more redundancy so that if a given unit fails, the operation keeps going. However it's NOT a backup, especially if they are all on the same site. You need backups in addition to redundancy.
How much redundancy and how many backups depends on the importance of the data you are storing. At home, I do an external drive in a safe with some very important files copied to the server at work. At work, we have a NetApp storage unit (which is quite redundant itself) and back that up to tape, which gets rotated out to a vault in a different building. At a higher level at work, for things like financial records, that same kind of thing happens but there's a backup system in a different city as well.
Get yourself a good backup system BEFORE you need it.
> I'd like to see you recover something that has been overwritten once.
You can't do it at home, but professional data recovery service can. Usually you can guess the previous data by precisely measuring the magnetic levels. The old values will influence the resulting intensity. Roughly (I'm not expert!) works like this:
was -- now -- result
0 -- 1 -- 0.9
1 -- 0 -- 0.1
1 -- 1 -- 1.1
0 -- 0 -- 0
That is why you should have MULTIPLE overwrites with RANDOM data.
One word. R-S-N-Y-C!
Arsenic? Ah, I see - to be fed to the vandals!
Similar site perhaps they copied all their content ?
http://www.avsim.su/
Yeah, with rsync you could backup one server to your other server. Surely that would be enough.
(I'm being a bit facetious, but I'm just trying to say that you have to be a bit careful about what you mean by "use rsync".)
reminds me of "But .. I can't have lost all of my data ! I have RAID 5 !"
The Cloud - because you don't care if your apps and data are up in the air.
These guys are idiots for having their servers hackable and online.
1. Data that is online is by definition not a backup
2. Offline is the best way to secure against hacks
3. A server that can be hacked so easily has sucky security.
This is an EPIC FAIL due to sheer lack of common sense. If the admins are smart enough to "back things up", they should know the basics of making backups.
However, considering the sheer amount of resources required to keep a backup both safe and current, most businesses cannot afford to invest doing so and remain competitive against the million and one other lucky bastards that don't get hit. It's the same reason insurance often doesn't pay off.
These hackers were malicious and determined, and there's a fair chance they would have resorted to social engineering to get past any security on the server or offsite backups if the server had been properly secured in the first place. These guys "just wanted to watch the world burn" so badly that they packed a dozen lighters and would probably have gone back for a blowtorch and a gallon of napalm if that didn't work.
When the devil brings a bazooka, you pretty much don't stand a chance. That is not, however, grounds to settle for body armor made out of tissue paper.
- tested
- offline
- off-site
- several times
anything else is "high-availability", not "backup".
The Cloud - because you don't care if your apps and data are up in the air.
certainly a shame that this great resource is offline (have downloaded many a byte there). however, it seems pretty naive to simply backup BETWEEN the servers. hm, anyhow, an effort has to be made to try to recover the data since there is really good stuff up there. would be interesting to hear how he/she/they got in?
Well, maybe, but it won't be cheap. I doubt that the guy running some amateur mod site is willing to fork over some thousands out of his own pocket to have someone take the drive apart and use an electron microscope or whatever on it.
A polar bear is a cartesian bear after a coordinate transform.
Wasn't there almost an exact same story like this months ago (They had backups but the backed-upe copy had simply backed-up the corrupted computer thus making the backup pointless).
Moral is the same though. Your backup is only as good as your original. :)
If you are in this position for some reason, it may be possible to [relatively cheaply] recover some of your stuff.
I used a program called GetDataBack successfully several times (and I charged for that hoho!). The progrma is NOT free, however it is not expensive (about USD$80).
I know also it is not the only of its kind, therefore, some people here may know about other alternatives.
Ubuntu is an African word meaning 'I can't configure Debian'
Backups can only do so much.
These morons should have had their servers secured well enough that they didn't get hacked in the first place.
An ounce of prevention and all that...and I'm not talking about "taking 2 and call me in the morning" type of prevention where you just take a cold pill. I'm talking about upping your vitamin C so you don't get sick in the first place.
Proper security and alert admins are the antibodies of any network.
My heart goes out to the developers and contributors of the project, to loose 13 years of work must be devastating, especially when it's a commercial venture and people are depending on the project for income.
It begs an interesting point, The majority of OS projects are maintained online, does Slashdot think that the open source software model is more resilient to this type of attack?
Let this serve as an example to others: There is no replacement for off site, off line backups.
The last two Linux Journal magazines had articles on disaster recovery: Hack and / - When Disaster Strikes: Attack of the rm Command and Hack and / - When Disaster Strikes: Restoring a Master Boot Record.
Good luck
cracker?
Of course with all this twittering about doing backups to tape (or other removable media) and offsiting them , or using over-the-net offsite backkup, the one thing that hasn't been mentioned is the need to TEST YOUR BACKUPS!
I've been in the industry for 20-odd years now and have come upon some managers of small companies wailing "but we backup!"
Backing up using two tapes, swapping between them every day, never examining the logs, and using the same DAT tape for 5 years is NOT a solid backup strategy.
You need to examine the backup logs on a daily (or summary weekly) basis.
You need to swapout media after reasonable life.
You need to have a retention cycle that is longer than LEGAL requirements.
You need to have a rotation cycle that is bigger than your short term and medium term estimated restoration requirements.
You need to keep your backup OFF SITE and no that doesn't mean on a shelf in the garage of a manager.
--- This meme is memory intensive
Most people think that hackers are computer gods and that you have to destroy something to be a computer god. They even think that because of the results it might be much harder than anything else and very few people are capable of doing something like that. I wish it was harder..
While many argue (myself too sometimes) over the definition of the word a hacker, the real problem here is how it is perceived from most people. Even a person of average intellegence in my opinion can learn how to wipeout a server or even do those stupid defacing pranks without needing to be very clever (effort and persistence are enough). A lot of people come and tell me that hackers (with the new definition) are cool and how they must be very clever to destroy stuff and such. Nobody wants to learn programming (it's boring, they say), everyone wants to learn the tricks be a computer hero in an instant or something like that.
In my view, even the average person or an idiot would be able to understand the obvious. That destroying and doing defacings on the internet is neither clever nor creative. But this doesn't happen. I think because the idea of a stylish computer hero blowing up stuff (as seen in the movies) is much more preferable than that of a godlike programmer growing a unix beard or something..
Yes, I hate hackers too (the new generation/definition) and people misunderstand me when I say that. "Killing" them would do nothing, it's the nowadays mentality/perception that we should try to change. People are having it wrong and they are spreading the idea that "hacking" (in the modern definition, not the old one of programming geeks or something) is ok or even respected.
The "H-Word" has died for me.
Still. Thirteen years worth of data, and they didn't have a single tape, a single external drive, a single... anything, not even a fucking burned CD that might help them. No, I respectfully disagree, SECURITY can only do so much. (However, for the avsim.com admin I seriously have zero respect.) Security might have prevented this attack, but what if there was a fire, or a burglary, or some careless jackass with a cup of coffee? Stranger things have happened that cause the exact same outcome, total data loss. This isn't just about disaster prevention, this is about common goddamn sense, which the admin of this site apparently have none of at all.
One offline (and preferably off-site) backup, even if it wasn't complete to that day or even that month, would have been the difference between losing everything and losing almost nothing.
You can't do it at home, but professional data recovery service can.
Citation for this claim? Know anyone who's actually done it? Seen it? Or any evidence that it can or has been done in real life by anyone (that does not include 24's Chloe O'Brien)?
And even in theory, how much does it cost, how long does it take for each KB of data rerieved? What level of integrity? You might be able to puzzle out ASCII text with a few percent of corruption, but any kind of graphic format will be totally fucked.
And no "If I told you I'd have to kill you" is a joke, not an answer.
Backing up from one server to another is not a backup plan. At a business I worked at for a short time (the boss was a moron so staying wasn't feasible) they insisted they had a backup plan. Since I was their brand new system administrator and was responsible for all things bad that could happen, I insisted on details. They were backing up their mysql database that was running on a VM to another server, that was also running on a VM, on the same host. My response was, "so you don't have any backups." I was given grief for this response.
The list of stupid shit they were doing was a mile long and I was literally fighting with them on a daily basis trying to implement the most basic of best practices. After six weeks it came to a head and they asked me to leave. Fine with me, I was already looking for a new job since there was no way I could work under those conditions. I don't know what the fuck they were thinking. You don't hire a senior level system administrator then refuse to listen to his advice, especially when no one else in the office had any background in system administration (the boss thought that because he could install apache, that made him a system administrator).
Well, I did fix their broken mail system (incorrect SPF info) and tripled the performance of their mysql server in the first week. Would have been faster but they didn't trust turning on query caching, so I had to prove that it would work.
-- Will program for bandwidth
So they had no real backup strategy....but what happened to them REALLY REALLY sucks. It really irks me seeing so many comments saying these "retards" had it coming to them.
Listen folks....we're talking about a couple of guys who spent their free time creating a website. They're not making any real money out of this (in fact, they all have regular day jobs).
They've been advertising for a Tech Manager (non-paid) for quite a quite so time now. They did get one recently...but it turns out the guy harvested the emails from the systems and sent out a bunch of spam. He has since been fired.Even though the avsim folks aren't saying it was him who hacked and destroyed their site, it's quite hard not to think it was him.
It's been quite a blow to the flightsim community and I have noticed a lot of IT folks are offering help.....I just haven't seen a single one on this thread.
That's all, I have to say; but Slashcode forces me to put something here, so ... what's the weather like where you are? We had a nice storm last night.
How is losing IP theft? I'ts not. It's just bits of magnetism. Get over it. And it'snot even copyright infringement. So there wise acre! Nothing at all here, move along!
So HAHAHAHAHAHAHA!
Rebel alliance 1, Evil empire 0
It's pretty mean to delete people's shit, but the lolz hearing "back up between to servers" are priceless.
Repeat after me:
Magtape, magtape, magtape.
(And then take it off-site.)
I can't believe he didn't keep a copy on his local computer!
With all due respect, AvSim was a nice site. however, tom allensworth and his buddy robert who ran the site were first class arseholes. I'm sorry that their site is gone, but if this leads to a new generation of leaders stepping forward for the fs community, this is not a bad thing.
/ not responsible for the hack.
Oops.. Ever hear of tape drives?
What then do you expect the admin to say?
"So sorry, we fucked up" ???
Muchas Gracias, Señor Edward Snowden !
I'm surprised they even called it backup ?
This reminds me of a sysadmin at one company I used to work for: he was storing backup snapshots of the project on removable RW media. The funny part was that the media was left in the drive and overwritten at each backup script iteration o_0
How many times do people have to relearn this lesson oh so painfully?
RAID is not a backup.
Mirroring across redundant servers is also not a backup.
This sort of things shows you why. Hardware is just one point of failure. Malicious persons gaining access to all your servers (which, almost certainly, use the same passwords or, even more likely, share the same security vulnerabilities). Theft from your data center. Natural or man made disaster. These things happen.
Tedious and expensive, but several people made a good living out of doing it (one guy I knew did it as a hobby and made over UKP100K one year.) However, as bits get smaller, servos get more accurate, and tracks get denser, the modus operandi just ceases to exist any more.
Mind you, for security reasons I always dismantle old drives and bend the disks in half using a lump hammer. That, and the fact that hard drive magnets are just incredibly useful if you have a steel hulled boat and want convenient attachments for e.g. cable ties. They are powerful and very short range, and usually nickel plated. To buy a pair of equally useful magnets from hardware stores costs nearly as much as a drive.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
archive.org
Despite what Cypher says in Matrix, ignorance is *not* bliss.
If this still happens to sites like this, it's a good lesson for those idiots to learn the power of the backup (me included he, he!).
A few years ago, hackers would try to remain undetected in a system while they tried to infiltrate more systems, with the goal being to see how many they can get into... They wouldn't destroy data because that's a great way to get detected.
Even website defacers would move the old site to oldindex.html or similar when they performed a defacement...
Doing something so blatant and aggressive as to delete everything from a compromised server will lose you access to the system, as well as provoke the owners of it to try and hunt you down. Just what is the point?
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Backup to something other than another online server. Tapes aren't all too expensive when you consider what's been lost. I feel sorry for them simply because some jerk with nothing better to do decided to destroy 13 years of someone's life. It sucks for the company to learn a lesson in this way. Maybe they can get some tools and try to do a drive recovery, if the hacker didn't do a true scrub with something like the Gutmann method.
As the subject says. "Online" backups and replication are simply tools to try and minimize downtime. They are NOT a backup solution. They never were and never should be touted as one, just as this example shows. The only good backup is one that occurs frequently, is verified that it worked, and is stored in a secure location such as a fire-proof safe, and even better in two different fire-proof safes in two different locations, preferably more than 100 miles apart.
And yet what happens when you make backup too complicated is...? I mean someone must frequently make those backups, either send it online or bring it 100 miles and physically rotate the tapes and place it in the fire-proof safe. Often. Honestly, this is the situation where you really want an online solution writing to WORM media. It's online, it's happens regularly and automatically and is always available and thus easy to test without going through lots of hoops but there's no way for a hacker to erase the data. He might destroy the backup machine too but it still won't hose the data. -Some tape drives to this but at completely different rates than buying commodity HDDs and setting up a sync though.
Live today, because you never know what tomorrow brings
While reading "Hacker Destroys", I wouldn't use these words together. It's an oxymoron. Hackers are those guys who gave you for example the TCP/IP network stack and built the Internet for you.
Offline backups then? Are you sure everyone got? How the 15,000th post saying the EXACT same thing gets modded up as informative is beyond me.
It was $hit anyway!
Nevermind.
Hacker = someone that writes code without a design ... they hack something together.
Cracker = someone with malicious intent who harms computers, networks or electronic data via an method required.
I've been a shell script hacker for 20 years.
At least the headlines should be correct on THIS TOPIC.
...you didn't back up your server.
Atleast not in any meaningful way.
I am very small, utmostly microscopic.
Not if the hacker did write random data to each file or empty areas mutliply times.
But surely another way to recover is to check your old harddrives, surely this guy upgraded HDs in the last 13 years, didnt he just keep a copy of the whole server on each replaced HD and just store it in the bottom drawer? Jeez, its wise to replace HDs every 12 months, and keep the old HD as a backup.
Liberty freedom are no1, not dicks in suits.
Given that it's an archive of things that members of the community have created and use, then surely most of the contents must exist within the community too. With the help of authors original sources and locally downloaded copies they should be able to recreate a good deal of the contents no?
"Unfortunately, we backed up the servers between our two servers."
LOL.
End of comment.
"I Don't Have Enough Faith to be an Atheist"
A fireproof lock box is designed to save paper from fire. It is air tight and lined with a material that absorbs oxygen when heated. That's why you are supposed to cool them down before opening ( hot paper + fresh air = burnt paper). They won't protect plastic, magnetic or electronic media.
Actually you use rdiff-backup for that kind of thing. It uses the rsync algorithm, but stores additional metadata to allow recovery of the filesystem state from previous backups as well as the latest backup.
If you just want the latest back you can restore with plain old rsync but if you want a previous backup you can use the appropriate rdiff-backup option.
Having people raped and killed is a tragedy.
Having some dipshit computer game's data, skins, etc... deleted is an inconvenience.
You and the mods who modded you up really need to get some perspective.
Part of me is saying that a mirrored server that is attached to the same gateways as the main server is a bad idea at best.
The other part of me wants this hacker schmuck locked in a small room with a thousand pissed off wolverines.
Hard to call...hard to call
-- Wiccan Army, 13th Airborne Division "We will not fly silently into the night"
You know, I've heard this before...
Some software company grows, they throw developers at it, need to deliver, throw more at it, they end up with a monster of code nobody wants to work on anymore after a few years, but they have contractual agreements and what not... "oh noes, what do we do...".
There have been a few "little mishaps", like burning out of a serverroom and such. "oh, the software? it's gone... we can't help it. Bob the cleaning hamster smoked in the room, but he's fired now. We can rewrite it again though..."
Why would a hacker take out a community, is beyond me.
I think we can keep recursing like this until someone returns 1
Security and backups go hand in hand. I was hardly suggesting that one be done without the other.
Besides, without security, backups are useless, since you might have malicious and well disguised data corruption.
And without backups, security is insufficient, as it will first of all never be perfect, and it doesn't prevent operator error.
To any sysadmins and DBAs...
Make sure you have offsite backups
Any person in the IT community who was alive to remember the events of 9/11 should have learned a valuable IT lesson from that event.
Repeat after me. I will not store my "offsite" backups in the other tower.
tar -czf /dev/st0 /www /home
Why would you need to take that risk? It's standard business practice to just make a tape and ship it off site. The cost of shipping the tapes isn't worth the risk of leaving the backups on an internet connected box in my opinion.
If it's on the internet, then it is exposed.
- Whatever the responsibilities & faults - No! Cannot believe it... too sad. I have played FS2004 for years, and I recently upgraded to FSX without encountering 10% of the fun due to the lack of openess of the APIs... :-(
FS2004 has been the ultimate FS version and all its interest was coming from community, avsim being obvious #1.
My deepest condolence - this is the end of an era for all flightsimmers, as much as the Meigs field closure
Because obviously he's a fully qualified network administrator with proper experience getting paid by some big corporation to do this.
Ever considered the fact that he might just be a average Joe guy who spends a bit of time on his hobby site?
Change is certain; progress is not obligatory.
They might luck out and find they have an offsite backup: their users. I've seen it happen more than a few times, where a community site got wiped out, then cooperatively recovered by its users.
I don't know avsim.com, but if their content was organized as a large download repository, there is a strong change at least one of their users obsessively copied every last file. Flight sims are a rather geeky niche, someone might even have a spidered copy of the whole site. I've seen people spider the dumbest things, so surely something like avsim.com would have been spidered at least once by a data-hoarding wacko.
-Billco, Fnarg.com
This is the sort of wanton pointless destruction that I cannot comprehend. For a person motivated to inflict this sort of tangible destruction with not even a tangible reward for doing so, I would strongly recommend the death penalty, or at least forced sterilization. Whatever it is that is damaged in such a person, we don't need that Destruction Gene being carried forward. Teen vandalism has always frankly mystified me, too, the sort involving destruction of things with no reward other than the act itself. Hitler actually had a good idea promoting eugenics, but he had the (seriously) wrong focus. People that feel this need to destroy need to BE destroyed.
Comment removed based on user account deletion
...I mean, tape, DVD, Blu-Ray, drive swapping, mirror and swap, et cetera, ad nauseum.
I wouldn't think somebody with a useful website would be dumb enough to 'backup' a server to another machine connected to the internet (especially since they probably have the same OS, and configuration; ergo, the same exploit vulnerabilities...)
That's astonishing, really... Hell, even my Mom burns her personal website to DVD when she makes changes.
Loading...
Here in Minneapolis Minnesota, the data recovery services Kroll Ontrack http://www.krollontrack.com/ are headquartered here. Their company does a lot of different things other then data recovery, but their data recovery services DO cost an assload of money.
When the shuttle columbia burned up, NASA recovered some 6gb or something seagate drives and they brought them to kroll and were able to pull a 90+% recovery rate off those drives. I don't have a source on this, but im sure a simple google search would find it.
However the above wasn't data that was overwritten, just burned and partially melted. Also as for your questions, it widely depends on a multitude of factors. Sometimes you can pull most all of it, and sometimes you just can't.
"You can never totally plan for every contingency, but you can insure yourself. I know many developers that take hard copies of their code (meaning on removable media) home just for this reason. I have seen sys admins do the same because they didn't trust their DR strategy."
So that's what happened to all those Social Security numbers.
http://linux.myalbemarle.org/forums/viewtopic.php?p=10#p10
So what is Avism did have backups, restored their system(s) and got everything back online. If they didn't do any amount of forensic analysis or even have a good idea how they got hacked, I wouldn't, as a sysadmin OR a company, mind you, would want to even come back online until they get their security issues addressed... Otherwise, you're just setting yourself up for failure. Chances are either the same person(s) will do it again or the attacker(s) I'm sure divulged (bragged) about how they were able to pull it off.
Have they found the black box yet?!
Here are some ideas for individuals or very small businesses:
* Weekly full backup of all critical data onto an external USB drive. This is kind of a bare minimum setup. Even better is to get several USB drives and rotate them a few times a week or every day.
* Amazon S3. Seriously - it's cheap and not too hard to set up. You can set up an automated script to suck all your important data into the cloud.
* BackupPC - backuppc.sourceforge.net. BackupPC can do full and incremental backups of Windows and Linux desktops and servers. It's free and runs on pretty much any hardware, as long as you have enough disk space.
Any real admin worth their salt, will know to have triple bkup systems, one on site, one off site, and one stored in a remote location of usually a bank vault,
which gets updated once a month or so......
Seriously, I hope no one lost their info they had stored at that place for money...imagine google saying all gmail emails have been lost...oooops sorry, we didnt back up enough or have a good system in place....i smell chapter8 here!
Mirrors, RAIDs, whatever... Those aren't backups. They give you absolutely no ability to recover from a real disaster. They give my more reliability... You can survive a dead HDD or a fried motherboard or something...
But if your building burns down, you're toast. If you delete a key file that change is replicated, and you're toast. If someone hacks your site that change is replicated, and you're toast.
A backup is an offline copy that has been verified to work and leaves the building. Tape, CD, removable HDD, DVD, reams of paper, a whole server that's unplugged and hauled out of the building, whatever...
If it isn't offline, the changes just get replicated and it does you no good.
If it hasn't been verified to work, you don't know if you'll be able to restore it or not.
And if it doesn't leave the building it won't save you from a real disaster.
It constantly amazes me how many folks don't understand this.
"Work is the curse of the drinking classes." -Oscar Wilde
Offsite storage (how far offsite is your decision)
So what?
this falls into the latter. It the admins fault they did not do proper backups. but this is just shity. theirs a difference between hacks and hackers. this just makes me sad. FTW!
I hear it does wonders for data recovery.
Replicating one online server to another online server is not a backup, any more than a raid or a mirror is a backup, for many of the same reasons. This is abuse of the word "backup". Unless you have cold copies of your data in storage, (preferably offsite) you're just fooling yourself.
Seems like there's been several stories like this lately. Why does this keep happening? Is some salesperson out there convincing customers that offline backups are a waste of capital?
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
"Some have asked whether or not we had back ups. Yes, we dutifully backed up our servers every day. Unfortunately, we backed up the servers between our two servers. The hacker took out both servers, destroying our ability to use one or the other back up to remedy the situation."
SO, what you are saying is: "I'm incompetant and I haven't backed my shit up" A pity.
You know, years ago, reading about these situations, I might have cared. I might have had sympathy. I might have thought "wow, that sucks". But folks, this is 2009. This is not the first, second, or even fifth, time this has happened. Hell, I remember reading about this same scenario multiple times on /. over the years. If people don't get it by now, they never will. The only thing I think now when I read these things is "what an effing idiot", because there have been so many cases like this reported. Do people live under rocks? (Well, obviously they do) Does no one seem to learn from the mistakes of others? Does it never ever cross people's minds "wow, that chump was doing the same thing we are. Boy, they're totally screwed. Maybe we should change our processes so we aren't if the same thing happens to us?"
Once again, Einstein's been proven correct in his statement: "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
Having data on two servers is replication not backup. Backup is when you put all the data on a couple of tapes and put those tapes in separates vans which take them to be locked up in a disaster proof facility hundreds of miles away from each other.
That is such a malicious disgusting display of vandalism. Obviously the skill used in orchastrating such vile behaviour could have been put to better use.
F**K you, you worthless piece of s***
They should be contacting everyone they can to see if they can't simply collect all the data again. Surely of all the members who contributed there's got to be someone who has an additional archive of the hard assets (terrains, models, etc). Even if a single individual does not have them all the group as a whole may have them in aggregate.
A fool throws a stone into a well and a thousand sages can not remove it.
Google and other search engines cache web site pages. If the data is really that important.
Indeed, I'm a hacker... and certainly not a cracker.
Maybe now Allensworth will learn not to be such an anti-pirate bigot. Maybe he'll learn to not put his nose where it doesn't belong.
Mess with fire, get burned. That is all.
Comment removed based on user account deletion
"Only wimps use tape backup: _real_ men just upload their important stuff ;)"
on ftp, and let the rest of the world mirror it
Linus Torvalds Jul 20 1996, 3:00 am
Tar it up, encrypt it, and upload it to Usenet. If you need to restore hit DejaNews.
-- me, c. 1999
What a bunch of morons. I can't believe there are still people who don't get the concept of a dedicated backup machine which is NOT accessible from the internet.
I would respond well to that.
At least I'd need some "time with myself" ;-)
Oh, shut the fuck up. These admin ran a site across two pieces of hardware for over a decade and didn't have the sense even after literally thirteen years of warnings, major virus outbreaks, headline grabbing security threats, and natural disasters to at least try and burn backups onto DVDs or something? Give me a fucking break.
That doesn't require anywhere close to a certified network administrator's level of skill. (Even then, thirteen years of hobby dickwaving will teach you something.) It requires a simple backup scheme - cheaper and easier today than ever before might I add - and the forethought necessary to use it. Getting your MySpace nuked by Anonymous for being a dipshit and never saving a copy is one thing, but running a site that serves the public that you obviously had a substantial personal stake in for THIRTEEN GODDAMN YEARS without a single backup is carelessness and stupidity of the highest caliber, and for that reason these 'average Joes' deserve no sympathy at all.
I was reading, a while back, that they wanted to extend "Hate Crime" status to crimes against homeless people. It was an interesting article because it talked about why prosecutors wanted to see this.
Apparently they don't just put people in jail for "one thing". If you assault someone normally, there are other things involved, robbery, breaking and entering, etc. In many crimes, they can stack a number of charges on someone. Violent crimes against the homeless often don't have any other crimes to stack. So there was an incident of a couple of guys gratuitously beating a homeless man within an inch of his life, they served a mere few months in prison.
Of course... it leaves me asking.... why not just recognize the damage as what makes the crime so bad? Beating the piss out of someone is a serious crime. Just like in this case, this is a serious damage.
Breaking in, not so serious. Stealing some data, could be a problem. Acutal destruction however seems to be severely undervalued from a criminal standpoint.
Sell drugs, go away for 5-10 years. Beat a man nearly to death, and long past the point he was defenseless... you will be home by christmass....
Is it really any wonder people have so little real respect for the law?
-Steve
"I opened my eyes, and everything went dark again"
Words can have multiple meanings. Sometimes one word can even have opposite meanings: see http://en.wikipedia.org/wiki/Auto-antonym
wups.
We've seen this over and over again. If it's not archival and offline, it's a mirror... not a backup.
Unfortunately this is such a common misconception that there's just not enough demand for inexpensive high density offline storage to make archival storage technologies (like, say, tape) viable at the low end.
Didn't Microsoft layoff the entire Flight Simulator development team? Wasn't it because they ran out of things to do - like make maps - since the online community did it for free for Microsoft?
" 13 years of community developed terrains, skins, and mods will not be restored from backups:"
"Unfortunately, we backed up the servers between our two servers."
You're right, that was unfortunate. More than a little stupid as well.
I have 3 words for you: "Offsite Offline Backups" (Is that really 3 words or is it 5?)
in most cases an "rm" can be recovered. I wonder if 13 yrs of data is worth the effort *hint* *hint*
Microsoft
From Wikipedia, the free encyclopedia
Microsoft Corporation (NASDAQ: MSFT, HKEX: 4338) is an America-based multinational computer technology corporation that thinks imsabbel is teh su><0rz, manufactures, licenses, and supports a wide range of software products for computing devices.[8][7] Headquartered in Redmond, Washington, USA, its most profitable products are the Micro$oft Winblows operating system and the Microsoft Office suite of unproductivity software.
---
Rich pickings for any archaeologist I'm sure.
The "Great Zero Challenge" isn't the only one out there looking. The National Bureau of Economic Research (that tiny organization no one has ever heard of who just provide the authoritative figures for business cycle dates, among thousands of other economic pieces of data) looked into this several years ago, and also couldn't find a single data recovery service who could recover overwritten data.
There's ample opportunity and motivation and reward for someone who can do this to come out of the woodwork and announce it. The fact that they haven't amply demonstrates crisco's point.
Kythe
Not exactly high density nor was it overwritten. 400MB drive that appears to have 2 or more platters from the pic.
one millionth time! Wikipedia is not a definitive source.
And stop exaggerating.
If I were God, wouldn't I protect my churches from acts of me?
I dis tapes because of sour grapes. There was a period where enterpri-- well, ok -- low-end enterprise tape systems were affordable by small business and home users. For $600 and $15 per tape I could buy the same stuff that my 200-desktop clients were using, and it was big enough to back up my home computer.
But hard disks got bigger and affordable tapes didn't. :( Now I fucking hate tape, because I can't afford a tape drive that can back up a $100 drive.
Put your source in a distributed version control system like Git. That way every checkout contains a full history automagically as a side effect. A checkout from a centralized system like CVS or SVN is nice, but only gives you a backup of the latest version.
A friend of mine argues that wikis should all use a version control backend. That way you can checkout the wiki and work on it when offline. If you implemented such a system then you could just have your users checkout the whole wiki + history and off they go. And you get your data backup for free.
If you have a huge wiki (say wikipedia) then you've got to come up with a different data backup plan, but if you're that big then you probably have someone on staff who's paid to deal with such sysadmin issues.
Okay, so that deals with the big chunks of data. But then you have users, accounts, email addresses, etc. Generally speaking you don't want to make all that data public. So you get a 1 TB external hdd from for under $100. Put it in a canvas sack and hang it on your wall. Maybe get 2 and rotate them each week.
coding is life
One of Random House's definitions is
Or the American Heritage Dictionary:
And if you argue with a creationist, you'll accept their definition of "theory" just because that's what their dictionary says? One can draw all sorts of stupid conclusions from insufficient information. No, for complex topics like "theory" and "hacker" you need context and detail, neither of which is provided by a dictionary.
(sorry for quoting you out of context -- I just couldn't make my point otherwise :)
That's the difference between a computer geek and an "IT professional". That wasn't a backup, that was a system copy. A professional know the difference and knows why a true data backup is required.
http://taobackup.com/
So, when rats attack your cellar, you pick the most intelligent and ask for advice?
Or just kill them by anything at hand.
No.
When rats attack my cellar I usually head to the center of town where some annual festival is taking place. I then look for the all the loner males between the age of 16-21 with only a single parent. Even better is if it's not their natural parent but instead an uncle, aunt, or grandparent.
I would then congratulate them on whatever achievement they just accomplished, chastise them for over sleeping on this big day, then explain how I knew one of their dead and/or missing relatives and what a great warrior they were.
Once they fall for that I give them some rusty knife from my kitchen drawers, a worn-out leather apron, and inform them that their destiny is to be a great warrior like whats-er-face and they should prove their worth by defeating the rats in my cellar.
But that's just how I roll.. er, role play.
Exactly. I don't deny that you can recover data from physically damaged disks. Still no one has cited a case where simply overwritten data was revovered. This comes up here very few months, and people ramble on about how it MIGHT be done, and how you need to do random writes 32000 times to erase ...
It's cold, it's unforgiving; but this is a case where the phrase, "Roll the Crash" would be a waste of time. A simple copy to DVD or Blue-Ray would have been more than enough for this site; damn, it will take a while to rebuild it.
You should backups, for you own pease of mine. But when people come in and trash your stuff, all the backups in the world are worthless.
Why in the world would anyone what to trash a website. Oh, I forgot, the world is full of idiots.
I don't know anything about Avsim.com but isn't a cracker a best term for the person who destroyed this resources?
Absolutely, I mean, so what if those guys broke into your house and killed you and raped your mom *right in your own basement bedroom* ... y'know, you should have had better locks, and used them more consistently; y'know, if you'd really cared.
This is the internet we're talking about. Your fictional house is in the heart of the slums where known murderers and rapist live. If all you do is use the door lock, (no deadbolt) and walk around the house naked with the curtains open, then yeah, you do have some responsibility for what happened.
The mirrored drive is like putting condoms on the dresser for extra protection.
"That's so plausible, I can't believe it!" - Leela
Karma is interesting. I'd like to see what decade long project it screws up for this immature punk.
Really takes balls of lameness to destroy other people's work.
I'm wondering who is so chickenshit to say "Ohh.. i can press the delete button." What if some thug said "Ohh.. i can snap his neck?"
Over the years users must have downloaded the content of the site many times over. Appeal to your users to re-upload content. All the files must be out there somewhere, you'll get the most popular content back first.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Did you read what the OP wrote?
His point was that, yes, they should have had an off-site backup. There's a lot of things they should have done.
That they didn't back-up their data properly isn't the issue nor does it suddenly make the fact that some malicious individual or individuals felt the need to destroy all of their data any less of a violation of their property. Theft is still theft, even if you forgot to lock your car door.
He who has no
Whatever scum did this needs to have both hands & all of their fingers broken with a ball-peen hammer. Yes, the admins were dopes for not having any sort of proper backups...that goes without saying...but anyone who would destroy a hobbyist site like avsim, just because they could, needs to be severely punished...grievous bodily harm would be a good start, maybe followed by some friendly assrape in prison.
Also, as a general FYI, we decided to use rsync over ssh into a BackupPC datastore. There is then an archive of this information created on removable media (that is unplugged, rotated, and kept off-site). I first heard mention of BackupPC here on /. a few years ago and wanted to pass the info on to those who haven't heard of it yet. Works well for me/my company.
If you do Windoze, you might also consider Unison instead of rsync as I hear that Unison can do the volume shadow copy stuff in Windoze. (YMMV as I haven't tried unison yet.) AND, yes, I know there is an ugly Cygwin version of rsync that doesn't do volume shadow copy and can't backup an outlook.pst file when outlook is running.
Sig Return: 204 No Content
From the google cache of the avsim site:
"In order to access AVSIM Online, you must have a frames capable browser. AVSIM Online will work with all the latest releases of NS and IE."
Frames??? NS????
I don't think this site has been updated in 13 years...
well after looking in the mirror, i'd go to my bedroom and spend lots of time with myself. :)
Have the Slashdotters given up on resisting the media's misuse of the word hacker? Every time we use their misnomer, it becomes all the more entrenched. If the people who know better don't resist, who will?
To do so is easier, mostly because people hate being corrected (having their ignorance revealed), but what word should we use to reclaim the lost distinction between criminal behavior and finding elegant solutions/learning/testing?
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
The current generation of computer terrorists have utterly destroyed the true spirit of what hacking once meant. Instead of an earnest and spirited quest for deep knowledge it's devolved into an exercise of malicious contempt for the entire global user community.
And how would that serve you better than... say.... a server?
I backup more than 8TB a night, and I do it using rsync over ssh on encrypted VPN tunnels to four physically separate sites, extremely widely geographically separated. SATA, USB... useless if your building burns down or is vandalized/burgled.
rsync --link-dest batch mode is your friend.