Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cryptome Hacked; All Files Deleted

Posted by CmdrTaco on from the hate-when-that-happens dept.

eldavojohn writes "Over the weekend, the whistle blowing site Cryptome was hacked and vandalized, resulting in all 54,000 files being deleted and two days worth of submissions lost. Cryptome reported that its EarthLink e-mail account was compromised in ways unknown, and once the attacker was inside there, they were able to request a new password from the administration console for Cryptome at their hosting provider, Network Solutions. Once the attacker had that password, they deleted the ~7 GB of data that Cryptome hosted in around 54,000 files. Cryptome was able to eventually restore the site, as they keep backups ready for cases like this and stated that they 'do not trust our ISP, email provider and officials to tell the truth or protect us.'"

15 of 170 comments (clear)

  1. Editing! by GuJiaXian · · Score: 4, Insightful

    Holy cow, please edit the submissions before posting them.

    *sigh* I'll get modded down for having the nerve to ask for a baseline of professionalism, won't I?

    1. Re:Editing! by The+MAZZTer · · Score: 5, Funny

      I'm glad they reminded me it happened on the weekend, I have a short attention span and forgot by the time I reached the end of the first line.

    2. Re:Editing! by Raenex · · Score: 4, Funny

      I know I'll get modded down for saying this, but parent is right.

  2. Hack by Stargoat · · Score: 5, Insightful

    Is a social engineering attack a hack? It sounds like someone called over to EarthLink and got an e-mail password reset. Then, once holding the e-mail account, called over to Network Solutions. This sort of thing wouldn't be difficult at all.

    --
    Hoist Number One and Number Six.
    1. Re:Hack by zarozarozaro · · Score: 5, Interesting

      Mod parent up. A company I used to work for used Earthlink as their provider for everything (web, email, ISP). I pretty much had to take on the IT admin role there. They had lost all of their passwords and logins. I could not believe how easy it was for me to take control of everything in ONE DAY without even getting my boss on the phone with the support guy at Earthlink. Security at Earthlink is a joke. The support people there seem to choose one piece of your information at random to verify that you are the account holder. They will often ask you to tell them your password over the phone and other similar nonsense.

  3. Re:Backups for the win! by erroneus · · Score: 5, Insightful

    But they weren't smart enough to mirror submissions to other servers and so two days of submissions were lost. Those two days could easily have been the target. If so, then mission accomplished.

  4. Professional vs. Amateur Hour by cdrguru · · Score: 4, Insightful

    A professional organization that knows its web presence is its life is going to have a bit better setup than a server that someone else (Network Solutions in this case) has control over. The right solution is a co-located server that is controlled exclusively by the organization. The hosting company doesn't need to have any passwords. They are also going to have their email processed by their own server and not be relying on an ISP for anything at all except connectivity.

    However, a completely amateur operation is going to use shared virtual hosting because it is cheaper and the hosting company will be doing backups for them. And controlling passwords. And all other security. Oh, and using a non-domain based email setup from an ISP.

    I guess it is pretty obvious into which category Cryptome falls, right?

    Yes, it would cost $2000 a year or more for a co-located server whereas shared virtual hosting is dirt cheap.

    1. Re:Professional vs. Amateur Hour by twoallbeefpatties · · Score: 4, Insightful

      [A] completely amateur operation is going to use shared virtual hosting because it is cheaper and the hosting company will be doing backups for them. And controlling passwords... I guess it is pretty obvious into which category Cryptome falls, right?

      Being a non-profit organizatino, Cryptome's status as a professional organization or an amateur organization probably depends on the size of their donation base. For a website group trying to get by on a shoestring budget... well, maybe this little stunt will help them raise awareness to get the donations for a better server setup. (Not that I actually know the size of their donation base, and maybe they do have enough money for that sort of setup and they're just stingy/stupid.)

      --
      Libertarians somehow believe that private businesses should be stronger than governments but weaker than individuals.
  5. Old school by 0xdeadbeef · · Score: 5, Informative

    Cryptome was cool before Wikileaks made it mainstream. And John Young is the original gangsta, so you know he got backups. Bitches don't know about all the backups he has.

  6. Re:Hmmm. by hoggoth · · Score: 5, Funny

    > no one will ever know, so its moot.

    Oh Christ don't bring 4chan into this!

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  7. Re:Earthlink? Network Solutions? by caffeinemessiah · · Score: 4, Insightful

    and you're an idiot if you post anything there expecting to be anonymous.

    Why? If I really wanted to post something anonymously, I would set up a network of proxy SSH severs paid for with prepaid debit cards (purchased using cash), change the wireless MAC on a throwaway secondhand laptop (purchased using cash off Craigslist), walk down to the local Starbucks, access my proxy setup through Tor, and then be reasonably confident that I would be able to do anything anonymously. Of course, I would only post plain text files.

    So I don't really understand why you would be an idiot for expecting anonymity if you went to the pains of taking care of it.

    --
    An old-timer with old-timey ideas.
  8. Re:...what? by Xemu · · Score: 5, Interesting

    I don't believe their Earthlink account was *hacked*.

    http://www.skeptictank.org/hs/elcoslnk.htm">Earthlink is connected to the Scentology cult, which are known for hating free spech on the internet. If Cryptome had hosted anything remotely connected with Scientology, they would not hesitate to use that email account to hurt Cryptome.

    --
    Tell your friends about xenu.net
  9. Re:Wired Reporter to be Subpoenaed by RapmasterT · · Score: 4, Interesting

    Well, if someone told me they had knowledge of a person who had committed a very serious crime against ME, but were refusing to share that information with me, then I wouldn't honestly feel the slightest obligation towards them either. I'd tell them whatever they wanted to hear to get the maximum information out of them.

    AND I'd try to get that subpoena too. The First Amendment guarantees freedom of the press, but it doesn't guarantee freedom from subpoena. An ethical journalist would go to jail in contempt of court before giving up a confidential source, but since journalism has abandoned most of the principles of old, I wouldn't count on that happening.

  10. Re:...what? by curmudgeous · · Score: 4, Funny

    ...Earthlink is connected to the Scentology cult...

    Man, that really stinks.

  11. Re:Backups for the win! by taucross · · Score: 4, Interesting

    Of course the important submissions will be resubmitted. Unless the submitter died from a suicide, or heart attack.

    --
    "In the absence of the ability to establish the attribute of truth they tried to establish the noble attributes."