General discussion

Locked

$5000 reward for help with busting mean spirited cracker.

By deepsand ·
This is sheer maliciousness, deliberately inflicted on countless undeserving victims.

The vandals should be drawn & quartered alive.

==================================================

Topics > Privacy & Security > Hackers >

Bulletin Board Service Hit by Hacker Attack

Hackers erased historical postings stored on several bulletin boards.

Cara Garretson, Network World
Thursday, June 09, 2005

Ezboard, which hosts service to hundreds of thousands of online bulletin boards, suffered a hacker attack on Memorial Day that permanently erased countless postings.

Unlike a typical attack that aims to bring down a service for boasting rights or steal sensitive information to be used in identity theft, the goal of the Ezboard breach appears to have solely been to erase historical postings stored on the company's servers.

"Someone decided to erase data from our users' boards and unfortunately really hurt a lot of innocent people," says Robert Labatt, CEO of Ezboard, which hosts a wide variety of sites including common-interest and support groups. "I have received e-mails from mothers, cancer patients, people upset with the impact this is having on their lives. With the loss of the posts, a lot of emotions went with them."


Suspicions

Ezboard has some ideas about who might be behind the attack, Labatt says, and is pursuing all possibilities with the help of the FBI. The company is also offering a $5000 reward to anyone with information that leads to the direct arrest and conviction of the hacker.

The company is not ruling out the possibility of the hacker being an insider. "There's a big different between script kiddies and malicious intent. It's more likely whoever came in here was not a script kiddie," Labatt says.

As part of its hosting service, Ezboard employs over 200 servers that store production and back-up data, and would not specify how many of them had postings erased in the attack. Labatt won't specify what security measures the company had in place. "Things you would imagine an organization like ours should have in place we have in place," he says. The company will undergo a security and back-up audit over the next few weeks, Labatt told Ezboard users in an e-mail.

Upon discovering the attack, Ezboard immediately began data restoration processes, although the company warns that it will be impossible to restore all data to all boards. As of yesterday, no one server that lost data in the attack had been completely restored.

The company does not believe financial or other sensitive information was taken in the breach, since Ezboard stores that data separately.

This conversation is currently closed to new comments.

43 total posts (Page 1 of 5)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Mixed Feelings

by tagmarkman In reply to $5000 reward for help wit ...

I'm zoning in on data loss more than the hacker.

Did they have backups? If not, Why?

This is something that I see quite a bit. I used to be sensitive to it but there is just too much awareness not to back up data. I don't have the empathy for it anymore. Ezboard should be slapped on the hand if they didn't take precautions....

The cliche is true... "it's not if you will loose data but when."

What about recovery? If it was a simple delete there is a good chance to recover the data off the hard drives.

The following book is a must read for anyone interested in the data lost post: "Dark Ages II" It's a brilliant book that contrasts the burning of the Alexandria library to Modern digital data.

Collapse -

backups

by apotheon In reply to Mixed Feelings

I know a guy who was running a board there that, among other things, had hurricane preparedness information collected on it. It was completely wiped out, and there's still no sign of any recovered data for that board. In the course of following this up with the service provider, we've discovered that, apparently, whoever the cracker was also accessed and deleted the backups.

Interestingly, this falls under the heading of "What types of backups should we use?" There's been some disagreement for some time now over what media should be used for storing backups. Increasingly, incremental tape backups are being phased out in favor of hard drive backups and, in some cases, optical media backups. While optical media backups would certainly be the least vulnerable of all the above, that's just not practical for anything bigger than a small office (say, less than twenty systems all told). Tape backups would be far more resistant to remote vandalism, however, as they are not connected and running with random access capability at all times. They're backing up, being used for a restoration, or not accessible, in a good backup solution. In order to affect them, then, one would have to alter all backup scheduling to trigger backups on all tapes immediately after live data had been wiped.

That, or you'd have to physically affect them in person.

Backup systems are generally designed to recover from accidents, and from attacks on systems rather than on data. Here's a case where those assumptions proved problematic, and it looks like a lot of people are paying for that. It's possible that everything was done right, and the cracker was simply thorough enough to get the job mostly done anyway. Until Labatt starts talking in more detail about his company's procedures, we don't know.

Collapse -

Possible

by tagmarkman In reply to backups

I've worked for companies with some extremely large data centers. They used Raid setups, for standard drive failures and full offsite redundancy through fiber plus two types of tape back up one for long term snap (stored offsite) and other for incremental changes (stored onsite). Although, a hacker, could possible destroy the data, even in the redundant servers, they would be hard presses to destroy the long term snapshot archives and if they were able to manage that, I would assume it would be apparent who that person was.

I understand that smaller systems can't afford such an elaborate setup but at the minimum, I would expect a tape backup (and not the same tape over and over). I would also expect snap shot tape backups to be stored offsite to recover data. Even if the data is "stale" at least it's a better starting point than no data at all.

An yes... until we have more detail, we really don't know...

Collapse -

Optical as Well

by rojackson In reply to Possible

There are also spanning programs that can write to CD/DVD. Given the inexpensive nature of this medium it is a distinct possibility for SMB's.

Can't believe the company did not have off site or at least off system (removable) backups.

This really smells like a vendetta. My guess is that it is either a disgruntled (ex-)employee that has something to prove...and real issues.

I realize that there are destructive crackers out there, but this seems real personal and thorough given they took time to wipe backup systems too.

The other disturbing thing is why no one saw suspicious activity...who was minding the store? I know that it was Memorial Day weekend but that's why God invented monitoring tools and pager interfaces for.

Sigh....

Collapse -

Lack of $$$?

by deepsand In reply to Optical as Well

See beads' post below, at
[v]http://techrepublic.com.com/5208-6230-0.html?forumID=4&threadID=175947&messageID=1789373[/v]

Collapse -

Possible

by tagmarkman In reply to Optical as Well

Optical can be a solution as well but depending on its size, it might not be a viable option. In my professional environment the medium is simply too small even with multilayer DVDs. However, it works quite well with my home system (at least for system snapshots) and the cost is down to earth with both the burners and the medium.

Collapse -

no kidding

by apotheon In reply to Possible

For rapidly changing high-load large-scale databases, optical media backups are just not an option yet. Until solid-state holographic recording media are "perfected", I rather suspect optical media will "never" be an option in such circumstances. Thus, tape backups still seem to have a place in the world.

Collapse -

Historical Data

by AcesKaraoke In reply to backups

Backing up of data that doesn't change could've easily been done just taking care of whatever changes with incremental backup. True it would be more time-consuming to restore, but it would be there. It does seem amazing that the hacker was able to not only destroy the original data, but also all the backups. Must have been great planning for contingency. I'm just a student at ITT and I know one of the first rules of backups is storage in a remote facility. Sounds likely that it was someone on the inside to me though.

Collapse -

Not a well heeled operation.

by deepsand In reply to Historical Data

See below post, at
[v]http://techrepublic.com.com/5208-6230-0.html?forumID=4&threadID=175947&messageID=1789373[/v]

Collapse -

Per the article, they do have some backups.

by deepsand In reply to Mixed Feelings

The anger that I feel towards the crackers is owing to the fact that, given the diversity of those impacted, it can hardly be the case that there was any connection between the perps & the victims, and therefore no possible justifications for causing them harm.

I see this as not unlike the case where someone sets fire to a barn, out of some animosity toward the owner of such, killing the animals trapped within.

Those without compassion deserve none.

Back to Security Forum
43 total posts (Page 1 of 5)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums