Hackers Wipe US Servers of Email Provider VFEmail

Hackers have breached the severs of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers' data in the process. From a report: The attack took place yesterday, February 11, and was detected after the company's site and webmail client went down without notice. "At this time, the attacker has formatted all the disks on every server," the company said yesterday. "Every VM is lost. Every file server is lost, every backup server is lost. This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy," VFEmail said. The company's staff is now working to recover user emails, but as things stand right now, all data for US customers appears to have been deleted for good and gone into /dev/null.

There were NO offsite backups?????

[sconeu]

No offsite backups? No tapes????

Who designed the disaster plan for these guys?

Re:There were NO offsite backups?????

[TigerPlish]

No offsite backups? No tapes????

Who designed the disaster plan for these guys?

Same geniuses as Wells Fargo?

Re:There were NO offsite backups?????

[spudnic]

It's all in their private cloud, of course!

Re:There were NO offsite backups?????

[leehwtsohg]

You mean offline.

Nothing happened to any particular location.

Re:There were NO offsite backups?????

No kidding. Was some child taking care of this?

If there was absolutely no backups that ban be restored, then everyone should be fired.

Re:There were NO offsite backups?????

[lgw]

No offsite backups? No tapes????

Who designed the disaster plan for these guys?

The plan was a disaster - mission complete!

An online copy is not a backup, guys. It can be a great cache of a backup, but it's not a backup. Who still doesn't know this?

Re:There were NO offsite backups?????

The business plan probably.

If you do make backups, you are too expensive, certainly cannot compete, and will go out of business. No income for you.

If you do not make backups, you may make a nice buck for a while before the thing explodes in your face. Hell, maybe you are lucky and it never explodes at all.
Regardless, at least you will make money for a while. So this scenario is clearly the winner. Screw the damage to your future ex customers, that is not your problem.

Re:There were NO offsite backups?????

[knarfling]

A more important question is "Why were the backup servers accessible from the email servers?"

A good network design has the backup servers isolated from the production servers. Only the ports need for backup should be allowed. Even if using a copy over SSH, it is possible to set it so the backup servers can access production, but block all access from production to the backup servers. I should never be able to gain console/terminal access on the backup servers from production.

Re:There were NO offsite backups?????

Fired from what? If this is as bad as it sounds the company is now bankrupt and out of business.

Re:There were NO offsite backups?????

From a cannon. Into the sun.

Re:There were NO offsite backups?????

Ah, the great pull or push question.

You are a pull guy. But then what if the backup servers are compromised?

Re:There were NO offsite backups?????

Time to push them up your ass?

Re:There were NO offsite backups?????

Conveniently connected to their network so they can backup to it easily. What a great plan.

Re:There were NO offsite backups?????

[cayenne8]

FINALLY!!!

....the last of Hillary's private emails have been cleaned!!

:P

jk

Re:There were NO offsite backups?????

What has a higher chance of getting owned? A network accessible box wide open to the web, or a backup server that can only be accessed by SSH via a specific management VLAN?

Re:There were NO offsite backups?????

[Headw1nd]

It appears that the backup servers did not share any authentication and were accessed and destroyed separately.

Re:There were NO offsite backups?????

This is why DevOps is a bad idea.

Re:There were NO offsite backups?????

[bobbied]

No offsite backups? No tapes????

Who designed the disaster plan for these guys?

No, no.. The Admin E-mailed the backups to himself every night.... They are all in his inbox... Don't worry, he encrypted them.

Re:There were NO offsite backups?????

[rickb928]

It *is* a PITA to put a tape in your bag, open up the fireproof safe at home, throw it in, get the *correct* one out, put it in your bag, and remember the next day to put that where it needs to be. And repeat. /s

I did that for years. And I slept a little better.

Re:There were NO offsite backups?????

[nanospook]

What? Me worry?

Re:There were NO offsite backups?????

[rickb928]

Once you're in the front door, you're going through the system. Only offline backups can be trusted to 'be there'.

And no offline copies of the VM environment? I think of those as especially precious. DO I want to rebuild those from scratch? Nope.

Re:There were NO offsite backups?????

[rickb928]

If you've compromised the server, you're well on your way to all the connections. Firewalling failed, for sure.

Re: There were NO offsite backups?????

Who designed the disaster plan for these guys

The guy who left an open briefcase on his desk and walked out to get coffee. The briefcase was filled with cover sheets for TPS Reports...the mystery deepens

Re:There were NO offsite backups?????

[drinkypoo]

And no offline copies of the VM environment? I think of those as especially precious. DO I want to rebuild those from scratch? Nope.

They probably didn't build them to begin with, odds are they did it all with someone else's containers and they had no clue what was actually running on those systems.

Re:There were NO offsite backups?????

[brausch]

It also implies that a rogue employee could have done this at any time.

I ran a large credit union IS department for years and made sure that no one person, even me, could have pulled this off. Various on-line (but in-house at local and remote site) backups done minute to minute in most cases and off-line backups done daily. Various permissions required to access electronic data stores, and different people with physical access. Tapes taken offsite every day AND MOUNTED AND READ AND VERIFIED at the remote site then stored in the custody of yet other employees. No single point of human or electronic failure.

Re:There were NO offsite backups?????

The same people who were responsible for the IRS' emails when they kept coming up short under the Obama admin after getting caught targeting Republicans.

Re:There were NO offsite backups?????

[MachineShedFred]

You want to explain that one?

What the fuck does this have to do with DevOps? And besides, if their DevOps guy can find his ass without a flashlight and a map, he'd have some kind of disaster recovery plan, even if it was just daily scripted snapshots of the server VMs.

Unless of course they were running on bare metal, in which case 2002 called and wants to introduce you to a product called VMware ESX.

Re:There were NO offsite backups?????

[JustAnotherOldGuy]

They probably didn't build them to begin with, odds are they did it all with someone else's containers and they had no clue what was actually running on those systems.

^^^^^THIS.

Yep, they most likely took some base container, maybe modded it a bit, and threw it into service. They likely have no idea at all how it was configured or what was in it.

People are always concerned with the data and forget about the infrastructure that it lives in.

Re:There were NO offsite backups?????

You joke, but Wells Fargo had everything back up and running in different data centers in less than half a day, with most things which didn't fail over automatically up within a few hours.

Now, the wisdom of not switching a data center on halon gas over to manual activation only while performing maintenance on the ventilation system I'll grant you was a bit suspect, but the difference is that without even any physical access to the powered off data center (Because Halon takes time before the fire department will let you in....) WF did in fact recover everything.

These guys, on the other hand, apparently have never heard of read-only storage for backups. I'd say they should be looking at the people they most recently fired for the culprit...

Re:There were NO offsite backups?????

[rossz]

My guess, bean-counter type management after ignoring advice from the technical people.

Re:There were NO offsite backups?????

Did you ever test the tape?

Whoops.

Re: There were NO offsite backups?????

Well when you consider the effort it may have taken to purposely delete all of their servers you have to also wonder if part of this attack emanates from inside the company.

Right off the bat it sounds kind of like an inside job.

Re: There were NO offsite backups?????

Oh yeah, we're totally putting them in fireproof safes when we take them home. Yep, sure we are!

Just throwing the tape in your bag every night generally secures the probability that both your place of business and you're at home are not going to burn down in the same night.

I think when they refer to off-site storage they're kind of just referring to the idea of following proper backup protocol where are you do nightly backups and take at least one backup tape per site off site.

Considering they are an email company you would think that there would be some legal obligation to backup the data for x amount of time.

It's almost like they set themselves up to be wiped out.

Re: There were NO offsite backups?????

Any backup is a backup and when you have vm's usually everything's easy to back up and really that's one of the reasons you went with VMS.

so, they shouldn't just have had an easy time backing up all the data, they should have had a pretty easy time backing up all the servers too.

raid isn't a backup, that's more where I see this mistake made. A copy is a copy in the copy is a backup and it doesn't really matter where you store it as long as your whole strategy makes sense.

For smaller business a tape backup is probably no longer the way to go and for some businesses tape backups just don't really hold enough storage.

since cloud backups can easily have versioning built into them, they are pretty good options if they can be pulled off cost effectively.

If you were a company with fairly small data load I don't see why online backups with versioning are somehow inferior to tapes. I would much rather store my data in a data center with versioning than rely on silly old backup tapes. Basically the same technology for decades and really incapable of keeping up with hard drive space.

Once you start backing up a lot of poorly managed data or huge media files, tape backups start to suck, but a lot of other backup strategies all would also expose your data more than tape backups.

I certainly don't blame people for trying to get off tape backups, and they are kind of a huge and slow pain in the ass.

For smaller businesses I've just set up encrypted portable hard drive backups, but these days for smaller businesses I think I'd much rather them use a cloud backup. I would recommend the kind that don't allow drives to be directly connected to them though. Something like CrashPlan is nice in the sense that malware cannot easily get to your backups like they can on something like Google Drive, but the premise of cloud backup with versioning is just fine.

The daily tape backups are great, but you are dealing with physical tapes and verifying each tape would be a big pain in the ass, but at the same time losing one day worth of data could still be catastrophic for some businesses while not so catastrophic for others.

Re:There were NO offsite backups?????

I use RAID 6 for my file server. Backing up isn't hard.

Re: There were NO offsite backups?????

[rickb928]

Actually I had three clients I did off-site tape rotations for, for about 6 years. One made regular random requests for tapes to do a directory test on. The other was a bank, they did a full scan and compare. My own, the company tapes, since I was the sysadmin, I did compares quarterly. DAT and higher capacity tapes were in use, LTO and such. Never had to restore my own, don't know if the bank did, but the other client was fastidious.

I was much lazier with my own server backups, having just software tapes updated rarely, and data less often, they were DNS, email, and web. When we were pwned by the creeps in Atlanta we rebuilt from scratch, with a boot diskette, wgets, compiling the kernel, this you could still do in the late 90s. Today it would be very different.

And over 14 years with the company I got very lazy, testing randomly, then delegating to the #3 & 4 techs. Our clients not so much. Then though our bank client didn't have us doing any fiduciary stuff we had to participate in DR (now BCP) drills, semi annually, and that was annoying and tedious. And instructive.

The rest of my clients we maybe verified tapes 30 days after they came on board, never again unless they asked. We would log stats and replace tapes for wear, manufacturer specs. Never had a client left without data, but no, 90% of my work I did not do regular verification. The backup software was flaky enough to force us to fix and test when it went bad.

Re:There were NO offsite backups?????

Lets hope he does not die, or if he does he told somebody the password.

Re: There were NO offsite backups?????

[lgw]

Any backup is a backup

Semantics.

A copy is a copy in the copy is a backup and it doesn't really matter where you store it as long as your whole strategy makes sense.

Anything online, especially at the same site or accessible from the same site, is a convenience, not a backup strategy. Sure, it's handy when someone says "oops", but it doesn't protect your business.

I certainly don't blame people for trying to get off tape backups, and they are kind of a huge and slow pain in the ass.

LTO-8 is 360 MB/s assuming no compression, for a single drive. An internet pipe that give you better than 3.6 Gb/s upload is impressive for a small business.

Cloud backups make sense when all your data is already in the cloud. You don't really have much choice at that point. Or if your data changes slowly, as you can do that first upload via physical means (e.g. snowball, or even snowmobile for PB). But at least do a daily key rotation (or a service that promises WORM) to limit the damage a malicious actor can do.

Re:There were NO offsite backups?????

[pnutjam]

At the very least, you should be using a 2nd cloud service for backup, like rsync.net or those guys that are always releasing hard drive stats, backblaze.

Re:There were NO offsite backups?????

[bartle]

I don't know if, in this case, that's a fair criticism. VFEmail is providing a realtime service and going offline for any length of time has very serious repercussions.

Tape backups aren't going to have the users' most recent emails and it could take days to fully restore prior emails. From the users' perspective, this is extremely inconvenient and they're probably going to take their recovered emails and go elsewhere.

To run an online service in today's world, particularly an email host, means continual uptime. Downtime, even to recover lost data, is not a realistic option. Service providers thus need to focus their attention on redundancy at all levels. The question they failed to ask isn't, "How do we maintain quality offline backups". Instead, it should have been, "How do we prevent a single rogue employee or hacker from destroying our company?"

Re:There were NO offsite backups?????

AWS doesn't offer tape backup :P

Re:There were NO offsite backups?????

https://aws.amazon.com/storagegateway/vtl/setup-demo/

Actually they do it will cost you but less than bankruptcy

Very Fucked Email Dot Net

i deciphered the code

Backups?

[byteherder]

Time to pull yesterday's backup tapes. You do have the tapes from yesterday, don't you?

Re:Backups?

Plot twist: the last remaining copy of the encryption key is backed up on the encrypted backup tapes.

Re:Backups?

[zlives]

OH the bitcoins

Re:Backups?

[bobbied]

Plot twist: the last remaining copy of the encryption key is backed up on the encrypted backup tapes.

Yea, but it's "12345".... What idiot uses THAT as a combination?

Remind me to change the combination on my luggage..

Re:Backups?

[pnutjam]

I backed up my work laptop with borg and misunderstood the password protected a key-file, not the archive....

My other backup missed all my dot files....

pour some out for the lost data...

Re:Backups?

[bill_mcgonigle]

:drinks:

On the other hand, don't hire somebody who hasn't realized this mistake exists.

Re:Backups?

[pnutjam]

Luckily it was just my config files, I had another backup of my ssh keys.

Re:Backups?

Space balls the email provider!

nice!!

[zlives]

offsite tape backup is sounding good right about now

Re:nice!!

[bobbied]

offsite tape backup is sounding good right about now

Don't worry, the admin was E-mailing the backups to himself every night for safe keeping...

You mean just the online backup servers...

[SuperKendall]

Every file server is lost, every backup server is lost.

So, that's the online backup servers, but what about the offline backups... there were offline backups, right? RIGHT???

I am starting to wonder if I don't need to ask every single electronic service I interact with to put in writing what tighter backup policies are. I imagine my stuff on gmail servers is safe... but that is truly only my imagination, who can say for sure even they have offline backups (that can be restored from)??

Re:You mean just the online backup servers...

[jythie]

Sounds like they are trying to restore data from something, so hopefully they had offline backups of some type.

Re:You mean just the online backup servers...

[jythie]

Also, depending on how nasty they were being, they might have lurked long enough to poison the offline backups too. People tend to not actually check them till something goes wrong.

Re:You mean just the online backup servers...

[war4peace]

They probably don't. Not in the sense we think of, e.g. tapes.

Re:You mean just the online backup servers...

[b0s0z0ku]

Also, they may only keep backups for a few days for security reasons -- i.e. they want their users to be able to "truly delete" data.

Re:You mean just the online backup servers...

[bobbied]

Also, depending on how nasty they were being, they might have lurked long enough to poison the offline backups too. People tend to not actually check them till something goes wrong.

AND, when they check, some 70% turn out to be insufficient or not restorable. Most turn out to be nearly useless for anything but giving you a warm fuzzy feeling as you trot them off to offsite storage.

Having a backup plan is one thing, TESTING your backup plan is the next level.... However, revising your backup plan and TESTING your backups are restorable on a regular basis is the only way to know it will work when the chips are down. IF you don't do all this work, it's NOT really backed up, regardless of how many tapes you put into storage.

Re:You mean just the online backup servers...

No cloud provider give a snifter of a shit about giving users the ability to "truly delete" data.

Re:You mean just the online backup servers...

I imagine my stuff on gmail servers is safe... but that is truly only my imagination, who can say for sure even they have offline backups

Google is one of the few companies that I'd be the least worried about in that case.
But they do have various data center tour videos and recorded talks about how they go about things, at a high level at least.

They have outright stated they do not do offline backups of any form at all.
Google utilizes their own home-made massively distributed storage system, relying on online backups duplicated to insane degrees.

They've talked about how data-chunks on drives exist on many drives in a cluster, over many cluster servers in a data center, and in multiple data centers around the world. "Hundreds of copies" was a phrase used.

It was said they do make backups in the sense of retaining many copies made at different points in time. So not just one master/live iteration of the data duplicated, nor just a copy like those who override the previous copy with the current and claim its a backup.

But, no offline storage. Which I guess in such a massive and automated system would be expected.

On the other hand, how often does any google service go down even when an entire data center is offline and there's no power to the city its in?
Beyond them choosing to kill off a service intentionally after a few years, it's pretty rare for unintentional outages.
So much so that when youtube went partially offline for 60 minutes once in the last 13 years it made international news headlines for days.

Re:You mean just the online backup servers...

[SuperKendall]

The only thing I would realistically worry about with Google is, what happens with a really big natural disaster that destroys one (or more) entire data centers? I know they replicate a lot, but would the realistically have everything fully replicated spatially...

At least as someone else mentioned about POP email, I do have a local copy of all my email - I would possibly just lose some attachments, but probably nothing I cared much about anyway.

This incident is a good time to consider that issue though, especially as I was thinking about moving to Protonmail...

Re:You mean just the online backup servers...

[rickb928]

That's the grunt work you farm out to the intern.

You DO have interns, right?

Re:You mean just the online backup servers...

[lgw]

Several years ago Google lost all their online storage for some chunk of users. They talked about restoring from tape, so a least once upon a time they had tape backups.

Re:You mean just the online backup servers...

[PrimaryConsult]

This was how I discovered backups weren't quite working right for a specific piece of closed source software (something like Sharepoint before there was a Sharepoint). The company had gone out of business so there was no support. I was tasked with learning this piece of unsupported software so my first step was to restore the product's proprietary backup file using the instructions provided by the vendor in order to create a dev environment. After working with this environment for a few weeks I realized the restore process produced something that on the surface *looked* like it worked but was actually missing random chunks of content. After pointing this out to higher ups, I was tasked with finding a restore procedure that would work. Due to the nature of the content being an unholy mess of data stored in flat files and a database, restoring ones taken while the product was active resulted in a non-functioning product. The ultimate solution was to shut down the software daily just before the nightly file system and DB backups.

Lessons learned:
1) anything less than actually performing a restore and using the resulting service is insufficient backup testing
2) if you ever encounter a web application that "closes" every night as if it were a brick and mortar business, some nonsense like this is probably why.

Re:You mean just the online backup servers...

[MrKaos]

>This incident is a good time to consider that issue though, especially as I was thinking about moving to Protonmail...

I use both. I haven't checked my VFEmail account yet however I'd have no hesitation going back to them. I found their service to well put together, I paid for an account mainly because it wasn't scanning every email to serve me ads.

I've found Protonmail to be excellent, straightforward UI which is clean and intuitive. Nothing to complain about either of these services.

I think though if you are not backing up stuff from your email accounts you are missing the point of using these services. If you are relying on some entity that can shutdown access at any time then you shouldn't be too annoyed if you can't access your data. Your data is your responsibility after all.

Re:You mean just the online backup servers...

[Solandri]

The backup for some of the VoIP servers I've seen at companies was actually an identical server with the exact same hardware. It would be kept up to date by restoring the backup of the operational server onto it. This served as both a backup in case of hardware failure, and a sanity check to confirm the software backups were working and restorable,

Re:You mean just the online backup servers...

[MachineShedFred]

Unless they are a publicly traded corporation under Sarbanes-Oxley review.

That's one of the things any competent audit will ask for evidence of - working backup restore.

Re:You mean just the online backup servers...

[JustAnotherOldGuy]

The only thing I would realistically worry about with Google is, what happens with a really big natural disaster that destroys one (or more) entire data centers?

AWS.

AWS makes lots of copies of every damn file and scatters them all over the world in geographically different Availability Zones.

So even if the entire us-east-2 (Ohio) AZ is blown off the map by a nuke, AND eu-north-1 (Stockholm) is also blown off the map, along with Tokyo, Sydney, and Frankfurt, your file is still floating around in us-east-1 or eu-west-3 or ap-northeast-3, etc etc, about a dozen other AZs.

You'd need a genuine global disaster to lose files from AWS, and at that point I probably wouldn't be giving a shit about files, I'd be concentrating on food and ammo.

Re:You mean just the online backup servers...

[b0s0z0ku]

Small providers catering to privacy-conscious techies may very well care. M$, Scroogle, and the rest of the big corporate scum won't care, of course.

Re:You mean just the online backup servers...

That is fine until a corrupt file or configuration is backed up and then copied on to the "backup". You now have 2 identical non functioning servers.
 

Re:You mean just the online backup servers...

If you look up some of the early papers on GFS (Google File System) they explain that all data stored at google is replicated to at least 3 geographically separated data centers, which takes care of this situation.

Re:You mean just the online backup servers...

[CSMoran]

Also, depending on how nasty they were being, they might have lurked long enough to poison the offline backups too. People tend to not actually check them till something goes wrong.

Perhaps that's when the ransom request shall materialise.

Re:You mean just the online backup servers...

[pnutjam]

or a compromised account...

Talking Heads...

Life in wartime.

Re:Talking Heads...

[jfdavis668]

Love that song.

Re:Talking Heads...

[slickwillie]

It's Life During Wartime, piker.

Re:Talking Heads...

Piker!

Are you on social security?!

inside job

How could it not be an inside (or former insider) job.

Re:inside job

but MUH EMAILS!

Sorry. Force of habit.

Re:inside job

I thunked the same shit.

Physical access?

OK, so obviously these "hackers" gained physical access to everything, including off-site and off-line archives / backups? That doesn't sound like a hack, it sounds like an inside job. Either that or they didn't have off-sites, but what kind of idiots would run a company that way?

Re:Physical access?

[chiefcrash]

Why did they "obviously" gain physical access?

Off-site backups can be accessed without physical access if it was designed poorly, and there's no reason to assume they had off-line backups...

Re:Physical access?

[bobbied]

Backups are quite often useless and offline backups are usually weeks if not months old and take many hours to restore. Some 70% of "backups" turn out to be broken in some way or another, including not actually backing up the right data, not backing up data that's in a restorable format, and when compressed (as is often done) has unrecoverable bit errors or dropouts that render the whole backup set as good as empty.

Why? Few folks take the time to do backups right, verify they can read the data off the media clean, verify they got the right data and verify they know how to restore it. Even fewer regularly review their backups to keep up with the ever changing system configurations, including doing all the testing outlined before so MOST backups are junk.

IMAP/POP3 provider...

[b0s0z0ku]

Thankfully, VFEmail was primarily an IMAP/POP3 provider. I suspect that the majority of its users had a local backup in the form of an email client with a local store...

Re:IMAP/POP3 provider...

[chiefcrash]

Which, hopefully they've been paying attention: the current state of recovery means if you reconnect your client to your new mailbox, all your local mail will be lost (according to an update on their website)

Re:IMAP/POP3 provider...

For IMAP, yes. Ignoring the stupid ones on mobile, most POP3 clients default to deleting messages from the POP3 server right after they've downloaded them, or after 7 days, so they won't care if the POP3 server is empty next time they connect.

Re:IMAP/POP3 provider...

[b0s0z0ku]

That's generally not true; most mail clients flag mail as deleted in the local archive. You have to run a "compact" on the archive in order to totally delete "deleted" messages.

Disgruntled ex-employee? (n/t)

n/t

No backup can be a feature

[b0s0z0ku]

That can be both a bug and a feature. No backups mean that there's no cache of deleted emails. Some users may want the ability to truly delete data, not have it able to "appear" due to legal proceedings 5 years from now.

I'd say it's on the users to back up their email using a client that locally caches IMAP folders or downloads via POP3.

Re:No backup can be a feature

[Aighearach]

It would seem more practical to just limit the stored backups to the last n copies, like you do with rotated log files.

If it can only come back for two weeks or something, that is sufficient for most use cases.

Re:No backup can be a feature

[ljw1004]

That can be both a bug and a feature. No backups mean that there's no cache of deleted emails. Some users may want the ability to truly delete data, not have it able to "appear" due to legal proceedings 5 years from now. I'd say it's on the users to back up their email using a client that locally caches IMAP folders or downloads via POP3.

I used to do that, starting in 1993. But I've used so many different computers since then, so many different email clients. My archive got too big to fit conveniently on my computer's storage. So then I was stuck with a load of separate volumes of backups that were hard to search. I wrote software to merge volumes of archives when I upgraded to bigger disks, also to export them into other formats.

In the end, it was too much work for an inadequate solution. Now I just pay $8/month for an Exchange365 account. I have my own domain, I can do whatever email administration is needed, and I have free online unlimited storage that's easily searchable. Microsoft has demonstrated that they bend over backwards to serve their corporate customers well, and I'm using the same product (and paying the same fee) as them, so I feel safe. I believe that the Exchange365 is more robust (i.e. less likely to suffer data loss) than a couple of storage devices in a safe in my home.

(Note: I'm sure free-Google would do what I want and more cheaply; I've just felt more comfortable being a paying customer for something so important to me. I'm sure that G-suite would do what I want too at a comparable price to the Microsoft offering but never looked into it.)

Re:No backup can be a feature

[rickb928]

I don't really back up my mail. I copy one mailbox to two others via IMAP and POP3. Another mailbox I copy via IMAP. And then I also have a copy in my beloved (/s) Microsoft Mail. It's not really a backup, I think, just copies. And I have a glorious spam library dating back to the 90s in some of it, just too lazy to clean it up.

If you remember spam from the 90s, you know why some of it I've had to delete.

Re: No backup can be a feature

But why would that be an option for an email provider?

We live in the day and age of laws that enforce data retention. for exactly the reason that you said you would expect the laws to demand that if you want to run an email server publicly you need to have backups.

That's generally what makes a lot of it companies meet the iso backup standards, the fact that they're not allowed to do business with certain entities without those standards in place.

considering all the various people that could be using an email server, you would think that data retention laws would demand some more reasonable level of actual data retention.

I don't believe it's actually legal to operate an email server without any data retention. basically when it comes time to meet a court order you won't be able to do it and at that point all you're really doing is providing a service to the public that has the option of bypassing your nation's laws and justice system.

anytime people think they can use technology to bypass existing laws for your Nations justice system, they should be rapidly smacked down with a dose of reality. Laws are laws for a reason, they're not meant to be circumvented just because of technology pops up that can do it.

at the end of the day it's not laws that have to keep up with technology, the laws are the law. It's technology that risks being in violation of the law, not the law that risks being circumvented by technology. companies should never think that they're in a position where they can circumvent their own governments laws, when they do that they're really just setting themselves and their customers up for failure. It takes but a flick of the politicians wrist to change the law and invalidate your entire business model.

We've seen it happened plenty of times now. Technology generally does not win against law. Even something like Torrents would not be hard to crack down on. It's mostly a matter of no one really trying that hard.

Obviously there's a lot of it departments that don't really pay attention to things, but that doesn't change who has power over who and who will be mostly held liable for not following those laws. The government certainly isn't going to hold it self liable!

Re: No backup can be a feature

Another example of government policy crushing innovation.

Email and mail alike are meant to be private. Next you'll telling me it is also illegal to burn my regular mail after reading?

Cant I just burn the people invading my privacy? That would be so much more rewarding.

Re: No backup can be a feature

[bev_tech_rob]

I believe that if you publicly state your email retention policy (at least in the States), then anything outside of that time period makes you S.O.L. in regards to legal discovery. At least that is how it was explained to me at the last company I worked for that was in the Healthcare industry and was always getting legal discovery requests...

TrumPutin

Was it an attack by TrumPutin? Is this proof of Russian Collusion!?!?!?!!!!!!!!!

Sounds like a cleanup operation

[misnohmer]

Maybe someone needed an email to disappear to avoid public embarrassment or legal trouble.

Re:Sounds like a cleanup operation

Ding ding ding ding!!!!! We have a winner.

Re:Sounds like a cleanup operation

Which presidential hopeful used VFEmail?

Re:Sounds like a cleanup operation

If you're in a tight enough spot that you need to contact some hackers to annihilate an email company then you also probably don't have the time to wait around while they figure out if they can even get into that email company to do the job.

So:
1. They were already in and held the sword of Damocles over this company's head for a long time without them even knowing it just waiting for someone to fork over enough money to make it worth their while to let the sword fall
or
2. They had help from an insider employee-- which would have had to be tunneled in way beforehand (which costs much more than simply leaving the backdoor of Damocles in place)
or
3. There were no hackers, it was done by people at the company itself (i.e. CEO trying to evade indictment for insider trading or something)
or
4. Some kind of psychopathic rehearsal for a real cyber war? (no skin off, say, the Chinese Communist Party's nose if some Western email company gets splattered)

The real news here isn't that the company got whacked, but the whacking itself.
What purpose?
No ransom demand?
Why wipe all the servers instead of simply continuing to harvest data from them?
It's like a drug cartel nuking a city without warning. Cartels are in the business of making money. A glassed crater doesn't yield an income.
So as the parent post points out: there's something going on here besides some mean ole hacker-dashery.

Re:Sounds like a cleanup operation

[MachineShedFred]

Hillary? Is that you?

Re:Sounds like a cleanup operation

[bill_mcgonigle]

Coincident with the Muller cover-up news? This is an easy job for the spooks who hoard zero-days.

Re:Sounds like a cleanup operation

Coincident with the Muller cover-up news? This is an easy job for the spooks who hoard zero-days.

Mueller wasn't in the news on Feb 11, 2019.

Re:Sounds like a cleanup operation

Is that you Hilary?

Oh, I love webmail!

Where somebody else's fuckups can destroy my mail! Yay!

Oh, wait, I actually don't use webmail, and their fuckups can only destroy those handful of messages that might be in flight at the moment.

Never mind.

Pull not push for backups.

[unkmar]

First onsite backup
Second offsite backup that pulls, not pushes.
- A push backup leaves a trace that there is a backup and to where it is being pushed.
- - Just track the push and wipeout the backup as well.
- A pull backup is only visible from the pulling location and, anyone inside that knows it exists.
- - No trail to trace and wipeout. If it is wiped out, Then it is clearly an inside job.
- - A pulling backup does mean the pulling system has access to the onsite backups.
- - - But the onsite backup can be isolated from the onsite system and data.
Conclusion:
- Onsite hack can wipeout onsite system and data and onsite backup. but not offsite backup.
- Offsite hack can wipeout onsite backup and offsite backup, but not onsite system and data.
- Internal knowledge required to hit both targets.

Re:Pull not push for backups.

[pnutjam]

Unless your cleaning your logs, you'll see a pull backup authenticating to the system. This also means you have to trust your backup endpoint, I avoid pull backups for this reason, but a proper backup account shouldn't have access to trash your backup destination.

Re:Pull not push for backups.

[Joey+Vegetables]

Not a terrible strategy. Mine (for a personal system with around 500GB of important data) is to rotate four backup devices - external HDDs, not tapes - daily (kept on my person), weekly (to office), monthly and yearly (both to safe deposit box near me). I also have copies of the most important files (kids' pics and videos mainly) with my in-laws in Europe. The backups are encrypted before being put on the external drives. I'm aware of a few flaws that I am working to address. (a) I'd have limited defenses against an attack that would change or delete small numbers of files . . will eventually store with the backups a manifest with a MD5 or similar hash, and compare them on every backup such that changed or deleted files in folders that shouldn't happen would trigger a warning. (b) Rubber-hose decryption would work just fine, although I don't think there's much of anything that people would go to that length to get (I'm not nearly interesting enough for that to be the case). (c) Some of my data would be lost in the event of an attack that simultaneously wiped out (a) home, (b) office, and (c) safe deposit box, all of which are within 6 miles of one another. A nuke or EMP detonated directly above Cleveland would probably do that. But as noted above, if all those things happened, I think my family and I would be facing much bigger problems, presuming we were even still around.

Backup Architecture

Trivial, the right Backup Architecture is to have online backup that is done via something like remote btrfs snapshots (for zfs snapshots), and have those servers be secure. But, this does raise the interesting question, how do you know your appliance is secure? No patches in 20 years, and proven to be correct, with 30% market penetration or more... that might do it.

Frankly, I surprised we don't hear more of this type of total wipe more often. Makes for a great test case for the backup strategies that companies use, to see if they can withstand a bad actor.

Re:Backup Architecture

[Aighearach]

If you backup data instead of backing up the disks then it shouldn't be that hard to have append-only backups with very limited access permissions.

Then it also is pretty easy to do incremental offline backups of the changed data.

Bullshit! Somebody wanted some email to go away...

No way that happened the way they're saying.

I wonder

[renegade600]

I wonder which government officials used them.

Re:I wonder

[mejustme]

I wonder which government officials used them.

Hillary, of course.

Doesn't sound like "hackers"

[eneville]

This sounds a lot like an internal job, more than external attack. Why risk getting logged on the way in, unless you are a disgruntled employee or competitor. Most likely an employee with unfavorable bonus.

Re:Doesn't sound like "hackers"

thats a lot of damage for a shit bonus dont you think?

Re:Doesn't sound like "hackers"

[Aighearach]

It could easily happen if their sysadmins suck, everything is put together by hand, and somebody cracked the backup server. The backup server might have access to everything.

Re: Doesn't sound like "hackers"

Or one of their sys admins had gotten a bad performance review

Re:Doesn't sound like "hackers"

[pnutjam]

pen-tester screw-up...? oops

Demonstration attack

[Rick+Schumann]

Sounds like some hacker(s) needed to demonstrate their operational efficacy to potential clients. Either that or just some too-edgy vandal wanted to burn something to the ground. Small probability: someone needed something specific wiped and needed there to be no fingerprints left behind.

Replication != Backup

[bodog]

Looks like ZFS replication may have been their backup plan? https://www.vfemail.net/design...

Re:Replication != Backup

Replication isn't backup, but snapshots are. Offsite snapshot replication is actually an excellent live backup with fast and easy recoverability. But it's still online, which does carry more risk than offsite+offline.

Recall an email

[casualgeek]

That's a terrible way to recall an email.

Whose emails?

I wonder whose emails were on one of the customer accounts?

Re:Whose emails?

Hillary?

No backup - no pity

[gweihir]

Seriously, what are these people doing?

Even MST3K knows...

[jddj]

"Keep Circulating the Tapes!"

I would hate to pay for this service

I see this service has a paid service which I would hate to have paid for and then loose all my email. But its interesting they got into backup servers as well as primary. Sounds like a poorly setup if the hackers to gain access to both.

Trivial Recovery

The article says the disks were reformatted. If that's true, something like testdisk will be able to recover everything in no time. So I'll assume their IT doesn't know what they're doing or the hacker wiped everything instead of reformatted everything. I guess another possibility is they're on a shared hosting system and other hosts instantly gobbled up the free HDD space, except reformatting should have reused the same space so that option isn't valid.

Re:Trivial Recovery

They DDed it. It's gone.

Criminal Incompetence

Seriously, at what point does incompetence become criminal negligence?

Re:Criminal Incompetence

[DontBeAMoran]

It depends on the definition of "criminal".

Re:Criminal Incompetence

And who you're going to charge...

Just recover it?

[DontBeAMoran]

...as things stand right now, all data for US customers appears to have been deleted for good...

Damn, talk about annoying.

...and gone into /dev/null.

Oh! So they do know where the data ended up. Just restore it! You know, like in the movies?

Re:Just recover it?

[sacrilicious]

So they do know where the data ended up. Just restore it! You know, like in the movies?

"Computer: enhance!"

Not up to Starfleet standards

[DontBeAMoran]

No secondary backups? Talk about amateurs.

Well

someone had compromising emails and needed to make sure they were deleted... So might as well bring down the entire service.

Re: Incorrect, there are servers in prisons

So clever...

Just do a restore from Wikileaks.

[jfdavis668]

I'm sure they have a recent copy.

Re:Just do a restore from Wikileaks.

Putin took a wiki leak into my ass.

POP3 client not looking so bad now?

Webmail places everything in one spot to be lost, or become inaccessible. Glad I still download copies via POP3.

No backups? Really?

[JustAnotherOldGuy]

So they have no current backups at all? Seriously?

It's so easy to do these days that there's no good excuse not to. Hell, use a secured AWS bucket and stash your backups there.

So, nobody does backups anymore?

[roc97007]

Or, they do backups, but keep all the copies online? For an app connected to the raw internet? And someone thought this was a good idea?

Erroding Trust

I just canâ(TM)t help but have that horrible feeling that attacks like this are going to become more common with devastation of similar or worse magnitude.

Not a "hacker," A disgruntled insider.

[bill.pev]

This reeks of internal job. Complete and total devastation with no apparent purpose? Its too comprehensive to be an advanced script kiddie or random attack and therefor also too good to be anything without purpose. But there is no apparent purpose, so it must be an inside job. The offline tapes were probably deleted too, and that requires very skillful cracking indeed!

Re:Not a "hacker," A disgruntled insider.

Yeah, that was my first thought. If it is so comprehensively trashed, that would take
considerable time and effort for an outsider to plan and execute. And to what end?

Far more likely to be a pissed off admin or developer with detailed knowledge.

FAQ is a lie!

From the FAQ

> What is your backup strategy / data retention policy?
> VFEmail feels it's important to provide a long-term, stable, environment for our users. In that effort, we perform nightly backups to an offsite host from all on-site and off-site mail storage locations. This backup runs at 12am CST (-0600) and contains all user data.
> 3rd party storage of user data is generally not wanted by privacy-conscious users. If you fall into that category, you will want to use POP3 and download your mail daily. Our backup is on a daily/weekly rotation, initiated by a snapshot. If you do recieve mail between your last POP and the snapshot at 12am, it will exist on backup for a week - unless it's on Saturday night, then it's a year. You should set your POP program to download every 5-10 minutes in order to avoid having your mail caught on backup.

Hahaha

What, they never heard of tape backups?

I find that hard to believe! Normally a significant part of even a slack it department is managing backup tapes. It's not unusual to keep a year's worth of backup tapes, but in their case they would probably just need a day or two.

part of managing a backup tape system is periodically checking the actual date on the tapes!

Slogan : Making email safe for the masses!

[grumpy-cowboy]

It's so safe that now even NSA, FBI, ... cannot have access to it! Nice job!

That is why you allways run f2fs on your null!

Write only storage is for losers!

mmmmmm cloud. get you some.

ehyup, jist wut weh nehd, mar uv ar data in someone ehlses cuntrole. oh, and JERBS.