Secret-Spilling Sources at Risk Following Cryptome Breach

Threat Level Privacy, Crime and Security Online
Previous post
Secret-Spilling Sources at Risk Following Cryptome Breach


Secret-spilling site Cryptome was hacked over the weekend, possibly exposing the identities of whistleblowers and other confidential sources, according to a hacker who contacted Wired.com and claimed responsibility for the breach.

The hacker said two intruders from the group Kryogenics breached the long-running site, where they gained access to a repository of secret files and correspondence. Among them, the hacker claimed, were the records of self-proclaimed WikiLeaks insiders who have been the source of several unconfirmed tips supposedly detailing internal WikiLeaks matters.

Wired.com could not confirm the identity of the hacker, who asked to be identified as “Ruxpin” or “Xyrix.” To verify his claims, the hacker showed Threat Level screenshots of Cryptome founder John Young’s Earthlink account inbox and Cryptome’s directory. The latter showed two WikiLeaks file paths, a list of about 30 names and e-mail addresses of sources who communicated with Cryptome, and the contents of at least one e-mail between Young and a Wired.com contributor from 2008. The Wired.com contributor and Young have authenticated the e-mail.

The hacker said they broke into Cryptome using a stolen e-mail password for an Earthlink account belonging to Young. They then used the e-mail account to reset the password for his site’s hosting account. The hacker claims they copied 6.8 terabytes of data from Cryptome, though “no files were deleted or altered.”


Read More http://www.wired.com/threatlevel/2010/10/cryptome-hacked/#ixzz11XTfSRgc