General discussion

Locked

$5000 reward for help with busting mean spirited cracker.

By deepsand ·
This is sheer maliciousness, deliberately inflicted on countless undeserving victims.

The vandals should be drawn & quartered alive.

==================================================

Topics > Privacy & Security > Hackers >

Bulletin Board Service Hit by Hacker Attack

Hackers erased historical postings stored on several bulletin boards.

Cara Garretson, Network World
Thursday, June 09, 2005

Ezboard, which hosts service to hundreds of thousands of online bulletin boards, suffered a hacker attack on Memorial Day that permanently erased countless postings.

Unlike a typical attack that aims to bring down a service for boasting rights or steal sensitive information to be used in identity theft, the goal of the Ezboard breach appears to have solely been to erase historical postings stored on the company's servers.

"Someone decided to erase data from our users' boards and unfortunately really hurt a lot of innocent people," says Robert Labatt, CEO of Ezboard, which hosts a wide variety of sites including common-interest and support groups. "I have received e-mails from mothers, cancer patients, people upset with the impact this is having on their lives. With the loss of the posts, a lot of emotions went with them."


Suspicions

Ezboard has some ideas about who might be behind the attack, Labatt says, and is pursuing all possibilities with the help of the FBI. The company is also offering a $5000 reward to anyone with information that leads to the direct arrest and conviction of the hacker.

The company is not ruling out the possibility of the hacker being an insider. "There's a big different between script kiddies and malicious intent. It's more likely whoever came in here was not a script kiddie," Labatt says.

As part of its hosting service, Ezboard employs over 200 servers that store production and back-up data, and would not specify how many of them had postings erased in the attack. Labatt won't specify what security measures the company had in place. "Things you would imagine an organization like ours should have in place we have in place," he says. The company will undergo a security and back-up audit over the next few weeks, Labatt told Ezboard users in an e-mail.

Upon discovering the attack, Ezboard immediately began data restoration processes, although the company warns that it will be impossible to restore all data to all boards. As of yesterday, no one server that lost data in the attack had been completely restored.

The company does not believe financial or other sensitive information was taken in the breach, since Ezboard stores that data separately.

This conversation is currently closed to new comments.

43 total posts (Page 3 of 5)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

probably not

by apotheon In reply to Well. some of us old time ...

It depends on whose systems and what circumstances were. If the point was breaking into someone else's system without permission, then yeah, the person engaging in such activity is a "cracker", whether or not he or she is also a "hacker". It's not necessarily an either/or distinction.

"Hacker Good, Cracker Bad" is a little like "Automotive Mechanic Good, Car Thief Bad". Breaking into a car and driving it home so you can take its engine apart to learn about the internals makes you a car thief, whether you're an automotive mechanic or not. Testing out the workings of a slim jim on your own car, on the other hand, does not.

Collapse -

In pre-Internet times, physical proximity was required for entry.

by deepsand In reply to probably not

Early on, the only access was via the command console.

With the intro. of System 360, non-interactive access via batch jobs became possible; shortly thereafter, limited interactive access, via RJE (Remote Job Entry) terminals, generally co-located with the mainframe, appeared.

The issue then was not one of gaining unauthorized access to the system, but one of gaining access to those functions which were hidden from the users.

As an analogy, one had permission to use the car, but not look under the hood. Early programmers & operators were quite curious by nature, and hacking then consisted of trying to get under the hood, so as to figure how how everything worked. Bear in mind also that here was then no equivalent of, for example, the Chilton's Manual, so that learning was here very much a process of self-teaching through doing.

Collapse -

okay . . .

by apotheon In reply to probably not

There's nothing wrong with reverse-engineering, which consists essentially of doing what you're allowed to do (even if in unintended ways) and figuring out what's hidden from you based on the results, but actually doing things to someone else's property that you've been expressly forbidden to do is another story. If you're using someone else's computer, and you're given explicit instructions on what you are and are not authorized to do, deviating from those restrictions isn't strictly ethical. That's just the way it is.

If someone loans you her diary to use as a writing surface to take notes, but tells you you're not allowed to look inside, then the ethical thing to do is to avoid opening it. Period.

Collapse -

Difference

by jmgarvin In reply to probably not

A hacker doesn't steal the car, but he hides in the car so the driver can still drive it. Sure it might be a little slower and it might lose a wheel or two, but in the end the hacker did nothing (on purpose) that was malicious.

A cracker would steal the car and not allow the driver to drive it...the cracker would then bring the car to a chop shop and part it out for his friends.

Collapse -

Or perhaps . . .

by apotheon In reply to probably not

It's more like this:
A hacker would examine his own car in his own garage to figure out how it works. A cracker would break into your garage in the middle of the night to examine your car to figure out if it works, all without permission. It's not so much the examination of the car that's a problem. The problem is the breaking and entering.

Collapse -

If permission for exploration were always required , ...

by deepsand In reply to probably not

mankind's body of knowledge would be but a small portion of what it now is.

And, the lot of most would be much the worse.

Collapse -

Oh dear.

by apotheon In reply to probably not

You just used the "ends justify the means" argument. I'm afraid there's no agreement possible between us at this point.

Collapse -

Perplexed.

by deepsand In reply to probably not

In the discussion re. IP, you maintained that you had the right to gain from the use of the discovery of another, even tough you lacked his express permission to do so, on the grounds that one cannot claim title to knowledge.

Yet, here, you take the position that one does require permission in order to acquire knowledge.

To hold that the acquisition of knowledge be held to a higher standard than the use of such strikes me as contradictory.

Collapse -

ends and means

by apotheon In reply to probably not

You're confusing ends and means here. One has no title to knowledge, but one has rightful possession of that on/in which it is recorded. To access that without permission, by force, is to violate rights. For ethical purposes, "force" in this case includes deceptive practice as well as violent.

Collapse -

You're back to using the "by force" qualifier again.

by deepsand In reply to probably not

By what logic is the presence or absence of "force" pivotal?

And, whose definition of "force" takes priority?

Back to Security Forum
43 total posts (Page 3 of 5)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums