The whistleblowing, government-document sharing site Cryptome was hacked and defaced this weekend. All 54,000 Cryptome hosted files were deleted.
According to Cryptome, "A person wrote claiming to know who did the hack. No way to know if this claim is true. Hackers, like spies, often blame one another to cover their tracks. Blocking attacks is nearly impossible due to the purposefully weak security of the Internet. Nearly all security methods are bogus. A competent hacker or spy, or the two working together, can penetrate easily. We monitor and keep back-ups ready. And do not trust our ISP, email provider and officials to tell the truth or protect us."
After its site was restored and Cryptome could view emailed notifications, Cryptome posted the steps of the hack. First, its EarthLink email account was "accessed by unknown means and its access password changed." Using that email address, the hacker then requested information about Cryptome's multiple accounts. The Cryptome.org management account was accessed at Network Solutions (NSI) and all "54,000 files (some 7GB) were deleted and the account password changed."
Cryptome discovered it had been hacked after it could not gain access to email or its NSI account. After placing a call to NSI, Cryptome had all files restored except for the previous two days. After chatting with EarthLink online support, email access was restored and NSI emails were received about the management account changes. Cryptome stated that its email is not stored at EarthLink, so it is unknown if the hacker deleted any email.
The other Cryptome accounts hosted by Network Solutions did not seem to have been affected. Other Cryptome sites include: Cryptome.org (mirror mirror mirror), Cryptome.info, Cryptout - Recent listings of Cryptome.org, Cartome.org, Eyeball-Series.org and Cryptome CN which publishes information, documents and opinions banned by the People's Republic of China.
According to Wikipedia, "Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance-open, secret and classified documents-but not limited to those."
Another anonymous tipster alerted Cryptome of a WikiLeaks IRC chat that happened a few hours before Cryptome was hacked. The tipster thought the IRC chat might be related to the hack. A person in the chat claimed to have uploaded a file to WikiLeaks and it still was not published two weeks later. Since the WikiLeaks site was down, the secret-document leaker was advised to upload it to Cryptome. Within the chat, a person stated, "[18:59] <ReleaseItAlready> Dont trust pgpboard. And Cryptome has poor security. Call your local paper and release it to them."
This was the second time that Cryptome was shutdown by a hack in 14 years. In February of this year, after Cryptome published Microsoft Global Criminal Spy Guide, Microsoft cried a DMCA foul and had Network Solutions take down Cryptome. Microsoft later withdrew its copyright complaint.