Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/7/2010
11:57 AM
50%
50%

Cryptome Hack Under Investigation

Whistleblowing site's founder claims attacker was retaliating against posting of sensitive documents.




Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
Conflicting reports swirl continue to swirl around the identity of a hacker who broke into and defaced whistleblowing site Cryptome late last week.

On Thursday, the site's Internet service provider, Earthlink, asked Cryptome if it wanted to involve the Federal Bureau of Investigation, according to Cryptome's website.

Cryptome, which is hosted in the United States, is a repository for information about freedom of speech, spying, cryptography, and surveillance. The organization "welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those," according to Cryptome. It focuses on documents in the public domain, and less on anonymous materials such as those recently posted by Wikileaks.

On Oct. 2, hacker "RuxPin" and two other members of hacking group Kryogeniks reportedly were able to steal the password for one of Cryptome founder John Young's email accounts when the email password storage system was breached in September, published reports said. Since they then had the password for the email account listed as the site's contact address, the hackers requested a password reset for Cryptome's hosting account, according to Wired magazine.

But Young disputes this scenario. Rather, he said someone else attacked the site and that the attack was motivated as payback for sensitive documents the site has posted recently, Young told the Kaspersky Lab Security News Service.

"Cryptome has never promised security to correspondents at its end, that has to be done at the sender's end with the caveat often repeated here, there is no online security, none. Digital security is the weakest of all forms of communication, leaky by design to 'facilitate administration and provide security,'" he said in an online post. "Security along with sacred cow encryption are fraudulent by design, check with a cryptographer mediating all sides. Cryptome frequently posts warnings of its untrustworthiness due to it being an online outlet in the vast spying apparatus, the Internet."

Topics posted just prior to the hacking included: the Stuxnet worm; U.S. Cyber Command; U.S. vs. Adobe, Apple, Google, Intel, Intuit, Pixar; Los Alamos National Laboratory; the Huffington Post; and Citigroup. Cryptome posts about four or five documents a day.

"The hack was discovered by lack of access to email or to the Cryptome.org NSI account. All 54,000 files (some 7GB) were deleted and the account password changed," according to Cryptome's website. "An Earthlink online support chat restored email access and showed the NSI emails about management changes. New passwords for Earthlink and NSI were set. A call to NSI support restored all files from a back-up except for the previous two days."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The State of Email Security and Protection
Mike Flouton, Vice President of Email Security at Barracuda Networks,  11/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.