Cryptome, a sort of proto-WikiLeaks website best known for exposing the CIA analyst who found Osama Bin Laden, announced this week that its entire website had been hacked. But, in a surprising response from Cryptome founder John Young—a man suspicious even of tap water—no foul play was suspected. At least no more foul than the usual Internet hijinks.
Reached by phone, Mr. Young explained that the site had been attacked by malware from Blackhole exploit kit 12, the latest iteration of what TechWorld calls an insidious, but “incredibly common automated web compromise system. ” This kind of malware harvests IP addresses of people visiting the site for potential nefarious use later on, said Mr. Young.
Mr. Young discovered the malware when a reader got a virus this morning from downloading one of Cryptome’s files that had been in its directory for a long time. After some examination, his team discovered other files containing the malware script as well. Crytome, which made the breach public (part of the site’s mission to expose such security flaws), is currently in the process of completely restoring all of its 70,000 files and expects to be finished by the end of the day.
But the site, which has leaked photos of Dick Cheney’s alleged post 9/11 bunker, names of possible British and Japanese spies, and even Microsoft’s top-secret Global Criminal Compliance handbook, doesn’t think its content has anything to do with why it was hacked.
“Our content is completely innocent, I assure you, completely worthless, it appear to just be using us as a launching platform,” he insisted. “If we had billions of dollars, I’d be concerned.”
Really, we insisted, was he sure the government or any of the subjects of Cryptome’s files weren’t to blame?? “Actually no, although I know a number of people like to magnify their importance,” Mr. Young offered. “We don’t think we were attacked for that reason, we think it’s just people meddling.”
“We would like to understate our value,” he emphasized.
Claiming that a security breach is part of a concerted attack is “just what the Defense Department and other obnoxious organizations do,” said Mr. Young. Being hacked is merely a hazard of life online. “We don’t think there’s any security on the Internet, no matter what anyone says. We think the Internet is used for spying more than anything else, data gathering as it’s called. It’s completely insecure.”
That’s the beauty of the medium, he added, “Digitally, you can do such wonderful things without people knowing you’re doing it!”
Despite common knowledge about the lack of security, some organizations, “make a big hew and cry” of being targeted by hackers, “but they’re just blowing smoke at the public,” Mr. Young noted. “The Defense Department is no better at this than anyone else.”
As the war in the Middle East winds down, the public has been hearing more about the lack of security online because both the government and security specialists stand to gain from that fear, reasoned Mr. Young. “Lately the last few months, they’ve been talking about how dangerous the Internet is, but that’s because they want more funding.” Some people, he noted, wonder if the DOD hasn’t been pretending to be hacked for just that reason.
Aha! See, we knew there was a conspiracy afoot somewhere.
Check out The Observer’s previous coverage of Cryptome: