Screenshot Purports to Show Hackers with Root Access on MediaDefender Server in April
Screenshot Purports to Show Hackers with Root Access on MediaDefender Server in April: Editor: Interesting graphic removed. Go to original site for that [...]
Nearly two months ago a group of hackers released to BitTorrent a trove of e-mails, source code and other materials that they grabbed from a compromised server or servers belonging to anti-piracy company MediaDefender. Today I obtained a screenshot of a log purporting to show the hackers with root access on the MediaDefender server on April 10th of this year.
I can't verify the authenticity of the log, which could have been fabricated, but the log shows the hackers with root on a server referred to as 'PM' at the following IP address: 65.120.42.146.
An internal MediaDefender e-mail that was among those seized by the hackers and released to BitTorrent in September shows MediaDefender employees discussing the hacked 'PM' server and its IP address -- the IP address that appears in the log screenshot. That e-mail (shown below) is dated two months after the log showing MediaDefender's server compromised.
From: Norman Heath [mailto:XXXX@mac.com]
Sent: Wednesday, June 06, 2007 7:02 PM
To: it
Cc: Gerald Rode; Jay Mairs; Ivan Kwok; Gilberto Vargas
Subject: pm webserver
The 65.120.42.146 pm webserver has been compromised.
What I need Gerald to do is backup everything on this server. You have to SSH to it from another box in the office, as you can't get to it from the outside world. So back it up to the munger server or dcmaster or wherever. Use the 'scp' command to do this or another method.
IT is creating another web server with CentOS 5 on it. When they are done they will give it an IP and email Gerald this IP. We need this new server to be the fully functional pm server by 9 am in the morning. At this time we will give the new server the 65.120.42.146 IP and all will be back to normal. We are going to swap servers basically.
As a side note, please do not ever use the old passwords on anything. Every other hacker in the world has those passwords, because we used them for years on our windows servers.
Ty
MediaDefender didn't respond to a call for comment today. The company also didn't respond to repeated calls in September seeking authentication of the e-mails. But after the e-mails were leaked to BitTorrent, MediaDefender sent a series of takedown notices to sites hosting the e-mails claiming them as trade secrets.
It's unclear when the hackers first breached MediaDefender's security, but a note the hackers posted with some of the purloined material indicates that they'd breached MediaDefender's security as early as January of this year.
See Also:
- Hackers Smack Anti-Piracy Firm Again and Again
- Defense Lawyers Cringe at MediaDefender's Child-Porn Patrol Plans
- MediaDefender's 'Swedish' Hackers Attempted to Hack AG Computer
- Leaked E-mail Shows Music Company Using P2P for Market Research
- MPAA Paying Hacker for Purloined TorrentSpy Emails Not Illegal, Court Rules
(Read Original Article - Via Threat Level.)
Twitter
Digg
StumbleUpon
Technorati
del.icio.us
Facebook
Furl
LinkedIn
YahooRecent blog posts
- Hacker Disables More Than 100 Cars Remotely
- Judges Approves $9.5 Million Facebook ‘Beacon’ Accord
- Hooking Up The Big Brother Machine... And Fighting It
- Court: State Can Dump Non-Sex Offenders Into Registry
- How Privacy Vanishes Online
- Undercover Feds on Social Networking Sites Raise Questions
- FBI Uses Fake Facebook Profiles To Spy On Suspects
- Lawrence Lessig: Citizens Unite
- Case Report – BCCA says aerial surveillance by telphoto zoom lens not a search
- Obama threatens to veto greater intelligence oversight
