Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/7/2010
11:57 AM
50%
50%

Cryptome Hack Under Investigation

Whistleblowing site's founder claims attacker was retaliating against posting of sensitive documents.




Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
Conflicting reports swirl continue to swirl around the identity of a hacker who broke into and defaced whistleblowing site Cryptome late last week.

On Thursday, the site's Internet service provider, Earthlink, asked Cryptome if it wanted to involve the Federal Bureau of Investigation, according to Cryptome's website.

Cryptome, which is hosted in the United States, is a repository for information about freedom of speech, spying, cryptography, and surveillance. The organization "welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those," according to Cryptome. It focuses on documents in the public domain, and less on anonymous materials such as those recently posted by Wikileaks.

On Oct. 2, hacker "RuxPin" and two other members of hacking group Kryogeniks reportedly were able to steal the password for one of Cryptome founder John Young's email accounts when the email password storage system was breached in September, published reports said. Since they then had the password for the email account listed as the site's contact address, the hackers requested a password reset for Cryptome's hosting account, according to Wired magazine.

But Young disputes this scenario. Rather, he said someone else attacked the site and that the attack was motivated as payback for sensitive documents the site has posted recently, Young told the Kaspersky Lab Security News Service.

"Cryptome has never promised security to correspondents at its end, that has to be done at the sender's end with the caveat often repeated here, there is no online security, none. Digital security is the weakest of all forms of communication, leaky by design to 'facilitate administration and provide security,'" he said in an online post. "Security along with sacred cow encryption are fraudulent by design, check with a cryptographer mediating all sides. Cryptome frequently posts warnings of its untrustworthiness due to it being an online outlet in the vast spying apparatus, the Internet."

Topics posted just prior to the hacking included: the Stuxnet worm; U.S. Cyber Command; U.S. vs. Adobe, Apple, Google, Intel, Intuit, Pixar; Los Alamos National Laboratory; the Huffington Post; and Citigroup. Cryptome posts about four or five documents a day.

"The hack was discovered by lack of access to email or to the Cryptome.org NSI account. All 54,000 files (some 7GB) were deleted and the account password changed," according to Cryptome's website. "An Earthlink online support chat restored email access and showed the NSI emails about management changes. New passwords for Earthlink and NSI were set. A call to NSI support restored all files from a back-up except for the previous two days."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17612
PUBLISHED: 2019-10-15
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter.
CVE-2019-17613
PUBLISHED: 2019-10-15
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...
CVE-2019-17395
PUBLISHED: 2019-10-15
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-17602
PUBLISHED: 2019-10-15
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
CVE-2019-17394
PUBLISHED: 2019-10-15
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.