Woah, Cryptome got hacked

[Cain]

http://www.wired.com/threatlevel/2010/10/cryptome-hacked/

Secret-spilling site Cryptome was hacked over the weekend, possibly exposing the identities of whistleblowers and other confidential sources, according to a hacker who contacted Wired.com and claimed responsibility for the breach.

The hacker said two intruders from the group Kryogeniks breached the long-running site, where they gained access to a repository of secret files and correspondence. Among them, the hacker claimed, were the records of self-proclaimed WikiLeaks insiders who have been the source of several unconfirmed tips supposedly detailing internal WikiLeaks matters.

Wired.com could not confirm the identity of the hacker, who asked to be identified as "Ruxpin" or "Xyrix." To verify his claims, the hacker showed Wired.com screenshots of Cryptome founder John Young's Earthlink account inbox and Cryptome's directory. The latter showed two WikiLeaks file paths, a list of about 30 names and e-mail addresses of sources who communicated with Cryptome, and the contents of at least one e-mail between Young and a Wired.com contributor from 2008. The Wired.com contributor and Young have authenticated the e-mail.

The hacker said they broke into Cryptome using a stolen e-mail password for the Earthlink account belonging to Young. They then used the e-mail account to reset the password for his site's hosting account. The hacker claims they copied 6.8 terabytes of data from Cryptome, though "no files were deleted or altered."

"Everything was copied for analysis," one of the hackers wrote Wired.com in an e-mail interview. "Cryptome is an interesting read indeed." He added that "only data that had relatively new time stamps is being given thought. There is simply too much to sift through."

Young, reached by phone, confirmed some of the information provided by the hacker but disputed other assertions.

He didn't know how the hackers got into his site or if data was deleted but said that "all the files were inaccessible," and that Network Solutions had to restore content from a backup. He disputed the amount of data the hackers say they obtained.

"We had a little over 7 gigabytes, but not terabytes," he said. "We've never had that much."

Regarding the WikiLeaks insiders, although he acknowledged that some of them communicated with what appear to be e-mail addresses that could identify them, he doesn't believe they're actual WikiLeaks insiders and says he's never done anything to verify their identities, and that the e-mail addresses could have easily been spoofed.

"I've not verified any of those and don't know how one would," he said. "I've been quite skeptical of anyone claiming to be a WikiLeaks insider."

The hack of Cryptome would seem to illustrate the real value that a site like WikiLeaks offers. Cryptome, a proto-WikiLeaks, has published many important leaks since it was launched in 1996, exposing government secrets and gaffes.

The site, however, doesn't provide the kind of secure, anonymized submission process that WikiLeaks boasts. Instead, it uses e-mail addresses controlled by Young, raising the risk that sensitive sources could be exposed by this and other hacks. Despite many controversies surrounding WikiLeaks and its founder, that site has never had a security breach, as far as anyone knows. But now Cryptome has.

[Disco Pickle]

only a matter of time really.

interesting that it was a "stolen" password for an Earthlink account. 

I'd be interested to know how they stole it.

[Requia ☣]

If Earthlink is like a lot of ISP and free email services, you have to send you password in plaintext if you use a client side program (Outlook, thunderbird, etc) to access your email.