Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/7/2010
11:57 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Cryptome Hack Under Investigation

Whistleblowing site's founder claims attacker was retaliating against posting of sensitive documents.




Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
Conflicting reports swirl continue to swirl around the identity of a hacker who broke into and defaced whistleblowing site Cryptome late last week.

On Thursday, the site's Internet service provider, Earthlink, asked Cryptome if it wanted to involve the Federal Bureau of Investigation, according to Cryptome's website.

Cryptome, which is hosted in the United States, is a repository for information about freedom of speech, spying, cryptography, and surveillance. The organization "welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those," according to Cryptome. It focuses on documents in the public domain, and less on anonymous materials such as those recently posted by Wikileaks.

On Oct. 2, hacker "RuxPin" and two other members of hacking group Kryogeniks reportedly were able to steal the password for one of Cryptome founder John Young's email accounts when the email password storage system was breached in September, published reports said. Since they then had the password for the email account listed as the site's contact address, the hackers requested a password reset for Cryptome's hosting account, according to Wired magazine.

But Young disputes this scenario. Rather, he said someone else attacked the site and that the attack was motivated as payback for sensitive documents the site has posted recently, Young told the Kaspersky Lab Security News Service.

"Cryptome has never promised security to correspondents at its end, that has to be done at the sender's end with the caveat often repeated here, there is no online security, none. Digital security is the weakest of all forms of communication, leaky by design to 'facilitate administration and provide security,'" he said in an online post. "Security along with sacred cow encryption are fraudulent by design, check with a cryptographer mediating all sides. Cryptome frequently posts warnings of its untrustworthiness due to it being an online outlet in the vast spying apparatus, the Internet."

Topics posted just prior to the hacking included: the Stuxnet worm; U.S. Cyber Command; U.S. vs. Adobe, Apple, Google, Intel, Intuit, Pixar; Los Alamos National Laboratory; the Huffington Post; and Citigroup. Cryptome posts about four or five documents a day.

"The hack was discovered by lack of access to email or to the Cryptome.org NSI account. All 54,000 files (some 7GB) were deleted and the account password changed," according to Cryptome's website. "An Earthlink online support chat restored email access and showed the NSI emails about management changes. New passwords for Earthlink and NSI were set. A call to NSI support restored all files from a back-up except for the previous two days."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: It's the latest version of antivirus.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13759
PUBLISHED: 2020-06-02
rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl).
CVE-2020-7662
PUBLISHED: 2020-06-02
websocket-extensions npm module prior to 1.0.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other characte...
CVE-2020-7663
PUBLISHED: 2020-06-02
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other charact...
CVE-2020-12017
PUBLISHED: 2020-06-02
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacke...
CVE-2018-18623
PUBLISHED: 2020-06-02
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.