Cryptome Hack Under InvestigationWhistleblowing site's founder claims attacker was retaliating against posting of sensitive documents.
Conflicting reports swirl continue to swirl around the identity of a hacker who broke into and defaced whistleblowing site Cryptome late last week.
On Thursday, the site's Internet service provider, Earthlink, asked Cryptome if it wanted to involve the Federal Bureau of Investigation, according to Cryptome's website.
Cryptome, which is hosted in the United States, is a repository for information about freedom of speech, spying, cryptography, and surveillance. The organization "welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those," according to Cryptome. It focuses on documents in the public domain, and less on anonymous materials such as those recently posted by Wikileaks.
On Oct. 2, hacker "RuxPin" and two other members of hacking group Kryogeniks reportedly were able to steal the password for one of Cryptome founder John Young's email accounts when the email password storage system was breached in September, published reports said. Since they then had the password for the email account listed as the site's contact address, the hackers requested a password reset for Cryptome's hosting account, according to Wired magazine.
But Young disputes this scenario. Rather, he said someone else attacked the site and that the attack was motivated as payback for sensitive documents the site has posted recently, Young told the Kaspersky Lab Security News Service.
"Cryptome has never promised security to correspondents at its end, that has to be done at the sender's end with the caveat often repeated here, there is no online security, none. Digital security is the weakest of all forms of communication, leaky by design to 'facilitate administration and provide security,'" he said in an online post. "Security along with sacred cow encryption are fraudulent by design, check with a cryptographer mediating all sides. Cryptome frequently posts warnings of its untrustworthiness due to it being an online outlet in the vast spying apparatus, the Internet."
Topics posted just prior to the hacking included: the Stuxnet worm; U.S. Cyber Command; U.S. vs. Adobe, Apple, Google, Intel, Intuit, Pixar; Los Alamos National Laboratory; the Huffington Post; and Citigroup. Cryptome posts about four or five documents a day.
"The hack was discovered by lack of access to email or to the Cryptome.org NSI account. All 54,000 files (some 7GB) were deleted and the account password changed," according to Cryptome's website. "An Earthlink online support chat restored email access and showed the NSI emails about management changes. New passwords for Earthlink and NSI were set. A call to NSI support restored all files from a back-up except for the previous two days."