Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security IT

Cryptome Hacked; All Files Deleted 170

Posted by CmdrTaco from the hate-when-that-happens dept.
eldavojohn writes "Over the weekend, the whistle blowing site Cryptome was hacked and vandalized, resulting in all 54,000 files being deleted and two days worth of submissions lost. Cryptome reported that its EarthLink e-mail account was compromised in ways unknown, and once the attacker was inside there, they were able to request a new password from the administration console for Cryptome at their hosting provider, Network Solutions. Once the attacker had that password, they deleted the ~7 GB of data that Cryptome hosted in around 54,000 files. Cryptome was able to eventually restore the site, as they keep backups ready for cases like this and stated that they 'do not trust our ISP, email provider and officials to tell the truth or protect us.'"
This discussion has been archived. No new comments can be posted.

Cryptome Hacked; All Files Deleted More

Cryptome Hacked; All Files Deleted

Comments Filter:

  • And their users... (Score:0, Interesting)

    by Anonymous Coward on Tuesday October 05, 2010 @05:46PM (#33800398)

    And their users should apparently not trust them, either.

  • ...what? (Score:4, Interesting)

    by blhack ( 921171 ) on Tuesday October 05, 2010 @05:48PM (#33800422)

    The real WTF here is that

    A) Cryptome is running on Network Solutions
    B) The email associated with the account is on *earthlink* ???
    C) None of these things have been shut down.

    Seriously, doesn't cryptome host some pretty shady stuff? On the same level as wikileaks, isn't it? What the hell is going on here?

  • Re:Hack (Score:5, Interesting)

    by zarozarozaro ( 756135 ) on Tuesday October 05, 2010 @06:11PM (#33800648)
    Mod parent up. A company I used to work for used Earthlink as their provider for everything (web, email, ISP). I pretty much had to take on the IT admin role there. They had lost all of their passwords and logins. I could not believe how easy it was for me to take control of everything in ONE DAY without even getting my boss on the phone with the support guy at Earthlink. Security at Earthlink is a joke. The support people there seem to choose one piece of your information at random to verify that you are the account holder. They will often ask you to tell them your password over the phone and other similar nonsense.

  • Re:...what? (Score:5, Interesting)

    by Xemu ( 50595 ) on Tuesday October 05, 2010 @06:15PM (#33800684) Homepage

    I don't believe their Earthlink account was *hacked*.

    http://www.skeptictank.org/hs/elcoslnk.htm [slashdot.org]">Earthlink is connected to the Scentology cult, which are known for hating free spech on the internet. If Cryptome had hosted anything remotely connected with Scientology, they would not hesitate to use that email account to hurt Cryptome.

  • Re:A little paranoid. (Score:1, Interesting)

    by Anonymous Coward on Tuesday October 05, 2010 @06:19PM (#33800722)

    There's whistle-blowers and whistle-blowers. Cryptome are the better sort; they are open about their agenda and show some integrity, unlike Wikileaks, who alternately demand journalistic privileges and refuse to exercise journalistic discretion, all while pursuing an explicitly anti-American agenda.

    (Wikileaks fanboys: I will take that comment back the day Wikileaks releases a document that seriously hurts Russia, China, or Iran. Or pretty much anyone else other than the USA and her allies. Or indeed any country that is not a western democracy. Not holding my breath here.)

  • Wired Reporter to be Subpoenaed (Score:4, Interesting)

    by savanik ( 1090193 ) on Tuesday October 05, 2010 @06:23PM (#33800746)

    And Cryptome is now saying that a Wired reporter contacted them [cryptome.org] after having spoken with a hacker claiming responsibility for the attack.

    Which they responded to with a threat of a subpoena, and publishing news about it before the reporter, after they told the reporter they wouldn't? ... er. Way to burn bridges, guys? Seriously, I understand free speech and using reporters as sources, but I don't think reporters are going to be too gung-ho about reporting your findings later after this.

  • SSH FTW (Score:3, Interesting)

    by MichaelSmith ( 789609 ) on Tuesday October 05, 2010 @06:24PM (#33800762) Homepage Journal

    Its the only CMS I use on my servers. Mercurial for version control over ssh. Update my sites with hg push. Hooks on the receiving side to run hg up and rebuild if required. SSH can be configured to require certificates only for authentication. Desktop environments all integration with ssh-askpass or similar.

  • Re:Wired Reporter to be Subpoenaed (Score:5, Interesting)

    by RapmasterT ( 787426 ) on Tuesday October 05, 2010 @06:35PM (#33800862)
    Well, if someone told me they had knowledge of a person who had committed a very serious crime against ME, but were refusing to share that information with me, then I wouldn't honestly feel the slightest obligation towards them either. I'd tell them whatever they wanted to hear to get the maximum information out of them.

    AND I'd try to get that subpoena too. The First Amendment guarantees freedom of the press, but it doesn't guarantee freedom from subpoena. An ethical journalist would go to jail in contempt of court before giving up a confidential source, but since journalism has abandoned most of the principles of old, I wouldn't count on that happening.

  • Re:Professional vs. Amateur Hour (Score:3, Interesting)

    by c ( 8461 ) <beauregardcp@gmail.com> on Tuesday October 05, 2010 @06:44PM (#33801016)

    Using virtual hosting might be intentional. A lot of people don't particularly like them. Including agencies of the US government. By running their site on a shared box with hundreds (thousands?) of others, they're a little more protected against the infamous "just take the whole server" attack. Also, it gives them more money to allocate to bandwidth costs, which as I understand it are pretty high.

  • Re:Backups for the win! (Score:5, Interesting)

    by taucross ( 1330311 ) on Tuesday October 05, 2010 @07:40PM (#33801742)
    Of course the important submissions will be resubmitted. Unless the submitter died from a suicide, or heart attack.

  • Re:vandalism, nothing more? (Score:3, Interesting)

    by azrider ( 918631 ) on Wednesday October 06, 2010 @02:45AM (#33805026)
    And for those who don't want to read the book, he used whatever dot matrix printers he had available. Remote syslog to a machine with WORM media works too.

    If you can't afford such writers, mount /var/log (or /var/adm depending on your system) on a remote with a different authentication with the directories as 500(-r-x------) and files as 300(--wx------) with a specific user for whichever syslog variant you use. Then chattr -i on the remote system so that the directory is immutable. On the remote system (if using rolling logs) don't forget to change the logrotate (or other appropriate cron configuration files)

    Works every time for system security stuff.

    You can tailor the logs for as much or as little as you need. Until the cracker can compromise your remote logging system (which should have different root passwords, no sudo/ssh credentials and no other rot access than the physical console), everything is recorded. Once it is cracked, you will know when it happened, because without the proper credentials on the logging system nothing can be erased.

    Tripwire/dnotify/inotify are your friends if you take the time to learn them and if you take the time to set them up properly.

Slashdot Top Deals

Work is the crab grass in the lawn of life. -- Schulz

Close