Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:57 AM
Connect Directly

Cryptome Hack Under Investigation

Whistleblowing site's founder claims attacker was retaliating against posting of sensitive documents.

Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
Conflicting reports swirl continue to swirl around the identity of a hacker who broke into and defaced whistleblowing site Cryptome late last week.

On Thursday, the site's Internet service provider, Earthlink, asked Cryptome if it wanted to involve the Federal Bureau of Investigation, according to Cryptome's website.

Cryptome, which is hosted in the United States, is a repository for information about freedom of speech, spying, cryptography, and surveillance. The organization "welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those," according to Cryptome. It focuses on documents in the public domain, and less on anonymous materials such as those recently posted by Wikileaks.

On Oct. 2, hacker "RuxPin" and two other members of hacking group Kryogeniks reportedly were able to steal the password for one of Cryptome founder John Young's email accounts when the email password storage system was breached in September, published reports said. Since they then had the password for the email account listed as the site's contact address, the hackers requested a password reset for Cryptome's hosting account, according to Wired magazine.

But Young disputes this scenario. Rather, he said someone else attacked the site and that the attack was motivated as payback for sensitive documents the site has posted recently, Young told the Kaspersky Lab Security News Service.

"Cryptome has never promised security to correspondents at its end, that has to be done at the sender's end with the caveat often repeated here, there is no online security, none. Digital security is the weakest of all forms of communication, leaky by design to 'facilitate administration and provide security,'" he said in an online post. "Security along with sacred cow encryption are fraudulent by design, check with a cryptographer mediating all sides. Cryptome frequently posts warnings of its untrustworthiness due to it being an online outlet in the vast spying apparatus, the Internet."

Topics posted just prior to the hacking included: the Stuxnet worm; U.S. Cyber Command; U.S. vs. Adobe, Apple, Google, Intel, Intuit, Pixar; Los Alamos National Laboratory; the Huffington Post; and Citigroup. Cryptome posts about four or five documents a day.

"The hack was discovered by lack of access to email or to the Cryptome.org NSI account. All 54,000 files (some 7GB) were deleted and the account password changed," according to Cryptome's website. "An Earthlink online support chat restored email access and showed the NSI emails about management changes. New passwords for Earthlink and NSI were set. A call to NSI support restored all files from a back-up except for the previous two days."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.